1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC is running abnormaly slow + HJT

Discussion in 'Virus & Other Malware Removal' started by RKeano, Apr 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Hey guys, im new here, so let me get straight to the point:

    I downloaded some kind of zip file, i know its stupid to have done that, opened it and started some exe, now, im pretty sure my pc is full of spyware now even malware.
    For example: in taskmanager it shows that im using nearly a 100% continously, firefox shutsdown, internet pages wont load, when using iexplorer i get popups of some programma tellin me my pc's full of malware.
    I havent got a virusscanner, i usually know what im doin, just this once i made a mistake...
    Anybody got any suggestions of know any solutions?
    With other words my pc's dead, and no i'm not formatting:p lol

    Thanks in advance



    HJT:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:32:02, on 6-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Integrator.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {16bca94c-096a-4260-85d1-e382aeb0bac4} - C:\WINDOWS\system32\tuvSklKE.dll
    O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\mlJYrqNe.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {3a741d26-e6f3-fe6b-9954-242b4e31c378} - {873c13e4-b242-4599-b6ef-3f6e62d147a3} - C:\WINDOWS\system32\ctcfiqhd.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: e404 helper - {c03fd59d-9104-44b7-929a-9eaa0ba05211} - C:\Program Files\Helper\1207247969.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM77816481] Rundll32.exe "C:\WINDOWS\system32\lfstmwnd.dll",s
    O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\horyodcv.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [java_sun] Java (Sun)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: mlJYrqNe - C:\WINDOWS\SYSTEM32\mlJYrqNe.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10312 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!


    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back in your next reply.


    NEXT



    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy the entire report and paste it in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
  3. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Ok heres sdfix:


    SDFix: Version 1.167
    Run by Robert on di 08-04-2008 at 18:48

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\DOCUME~1\Robert\BUREAU~1\SDFix

    Checking Services :

    Name:
    yeTyezzd

    Path:
    \??\C:\WINDOWS\yeTyezzd.sys

    yeTyezzd - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\195784~1 - Deleted
    C:\Program Files\Helper\1207247969.dll - Deleted
    C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
    C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
    C:\WINDOWS\yeTyezzd.sys - Deleted

    Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use Gmer or Dr.Web CureIt


    Folder C:\Program Files\Helper - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-08 19:36:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:a58ccc02
    "s1"=dword:d6b25d82
    "s2"=dword:7dca28cd
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:a0,dd,cf,bb,6b,2b,a1,dd,7b,68,cc,f5,fe,c7,89,8d,cc,ed,c2,28,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,c8,5e,a4,66,79,b4,50,55,10,6b,34,86,2c,3b,da,17,8e,..
    "khjeh"=hex:2d,fa,ac,2c,8b,a9,9a,c8,21,81,1b,9b,c1,91,f9,9a,e5,63,f9,ae,99,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,68,a2,24,00,98,ce,2f,00,d8,ff,ff,ff,76,6b,0d,00,04,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:a0,dd,cf,bb,6b,2b,a1,dd,7b,68,cc,f5,fe,c7,89,8d,cc,ed,c2,28,a0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,c8,5e,a4,66,79,b4,50,55,10,6b,34,86,2c,3b,da,17,8e,..
    "khjeh"=hex:2d,fa,ac,2c,8b,a9,9a,c8,21,81,1b,9b,c1,91,f9,9a,e5,63,f9,ae,99,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:64,62,02,00,10,46,2e,00,58,43,2e,00,e8,ff,ff,ff,6c,68,02,00,28,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 6


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
    "G:\\FM 08\\fm.exe"="G:\\FM 08\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "c:\\windows\\system32\\snrb6.exe"="c:\\windows\\system32\\snrb6.exe:*:Enabled:snrb6"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Robert\BUREAU~1\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
    Wed 30 Jan 2002 22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll"
    Wed 30 Jan 2002 620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll"
    Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
    Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
    Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
    Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
    Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
    Mon 26 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
    Tue 5 Feb 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
    Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
    Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 6.3 public beta\REX Shared Library.dll"
    Tue 20 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 8 Apr 2008 108 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
    Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
    Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
    Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
    Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
    Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
    Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
    Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
    Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
    Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
    Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
    Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
    Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
    Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
    Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
    Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
    Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
    Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
    Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT7D4.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT7D7.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT7D3.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50a703ac277c6aaae339fb8dcdfd2341\BIT7D6.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d980aeb9b19d6e59590a4be473461a8\BIT7D5.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT7D9.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7D8.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT7D2.tmp"

    Finished!
     
  4. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Heres MBAM

    Doesnt Fit so its in a attachment
     

    Attached Files:

  5. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Heres hijack jsut incase


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:41:15, on 8-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\WINDOWS\DitExp.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {b457e5b5-566b-50c8-48c4-e5a3f0edee21} - {12eede0f-3a5e-4c84-8c05-b6655b5e754b} - C:\WINDOWS\system32\jxfpakpp.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\clgsehgu.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [java_sun] Java (Sun)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10039 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
     
  7. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    The drweb one is attached
    Hijack is down below

    thank

    btw im dutch, kinda think the report in in dutch but let me knwo whats up thanks




    Hijack this:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:06:14, on 9-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\DitExp.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Documents and Settings\Robert\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {b457e5b5-566b-50c8-48c4-e5a3f0edee21} - {12eede0f-3a5e-4c84-8c05-b6655b5e754b} - C:\WINDOWS\system32\jxfpakpp.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [7951357E66730C535A51] Rundll32.exe "C:\WINDOWS\system32\clgsehgu.dll",s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [java_sun] Java (Sun)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9069 bytes
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I'll ask for help if I need some interpretation. :)


    Please update your version of HJT.
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.



    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  9. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Here u go:) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:31:05, on 9-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [java_sun] Java (Sun)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 8398 bytes




    and here:




    ComboFix 08-04-08.10 - Robert 2008-04-09 19:57:49.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1256.20.1043.18.580 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Robert\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\#SharedObjects\NA9K4JRU\iforex.com
    C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\#SharedObjects\NA9K4JRU\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\WINDOWS\BM77816481.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\clgsehgu.dll
    C:\WINDOWS\system32\ctcfiqhd.dll
    C:\WINDOWS\system32\EKlkSvut.ini
    C:\WINDOWS\system32\horyodcv.dll
    C:\WINDOWS\system32\jxfpakpp.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlJYrqNe.dll
    C:\WINDOWS\system32\mmqeptmb.dll
    C:\WINDOWS\system32\tuvSklKE.dll
    C:\WINDOWS\system32\yrytullo.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{fbe1d620-5418-4aae-a0f0-316d590663a1}


    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))
    .

    2008-04-09 17:54 . 2008-04-09 17:54 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-08 23:17 . 2008-04-09 07:32 <DIR> d-------- C:\Documents and Settings\Robert\DoctorWeb
    2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
    2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-08 19:49 . 2008-04-08 19:49 3,648 --a------ C:\WINDOWS\system32\qlddfjvv.dll
    2008-04-08 18:42 . 2008-04-08 18:42 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-06 13:44 . 2008-04-07 19:45 <DIR> d-------- C:\Program Files\iTunes
    2008-04-06 13:44 . 2008-04-07 19:45 <DIR> d-------- C:\Program Files\iPod
    2008-04-05 13:50 . 2008-04-06 13:44 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
    2008-04-04 15:45 . 2008-04-06 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-04 15:45 . 2008-04-04 15:45 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-04 15:43 . 2008-04-06 13:44 <DIR> d-------- C:\Program Files\iTunes(2)
    2008-04-04 15:43 . 2008-04-06 13:44 <DIR> d-------- C:\Program Files\iPod(2)
    2008-04-04 08:53 . 2008-04-09 19:55 3,333,783 --a------ C:\WINDOWS\system32\scolmpdain.xml
    2008-04-04 00:12 . 2008-04-06 13:45 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
    2008-04-04 00:07 . 2008-04-06 13:45 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
    2008-04-03 20:38 . 2008-04-03 20:38 52,736 --a------ C:\WINDOWS\system32\snrb6.exe
    2008-04-03 20:35 . 2008-04-03 20:35 <DIR> d-------- C:\Program Files\MP3-Slicer
    2008-04-03 20:35 . 2008-04-03 20:35 724,992 --a------ C:\WINDOWS\iun6002.exe
    2008-04-03 20:01 . 2008-04-03 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-03-31 22:54 . 2008-03-31 22:54 <DIR> d-------- C:\DVDVideoSoft
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-03-28 19:14 . 2008-03-28 19:15 <DIR> d-------- C:\Program Files\Safari
    2008-03-09 07:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-03-09 07:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-03-09 07:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-09 05:38 . 2008-03-13 07:40 <DIR> d-------- C:\WINDOWS\system32\nl-nl

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 18:13 --------- d-----w C:\Program Files\Java
    2008-04-06 11:45 --------- d-----w C:\Program Files\QuickTime
    2008-04-03 18:14 --------- d-----w C:\Documents and Settings\Robert\Application Data\Azureus
    2008-04-02 11:41 --------- d-----w C:\Program Files\Azureus
    2008-03-31 21:37 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-31 20:54 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
    2008-03-29 13:08 --------- d-----w C:\Documents and Settings\Robert\Application Data\Orbit
    2008-03-13 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-08 15:14 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-08 12:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-08 12:05 --------- d-----w C:\Program Files\Windows Live
    2008-03-08 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-27 20:12 --------- d-----w C:\Program Files\Phun
    2008-02-16 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-15 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-03-09 13:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43 90112]
    "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 19:25 1211176]
    "SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 15:47 481280]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "Dit"="Dit.exe" [2002-08-28 14:43 73728 C:\WINDOWS\Dit.exe]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:03 380928 C:\WINDOWS\system32\irprops.cpl]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 19:37 1836544]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 23:31 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]

    C:\Documents and Settings\Robert\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
    Hare.lnk - C:\Program Files\Hare\Hare.exe [2002-09-21 13:26:40 1874381]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-03 23:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --------- 2003-06-24 16:23 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
    --a------ 2007-12-03 14:22 1868288 C:\Documents and Settings\Robert\Application Data\Qlikworld\RSSReader\RSSReader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
    --a------ 2006-07-06 20:07 195072 C:\Program Files\Softick\PPP\Bin\PPPGate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-06-05 13:17 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-02-19 23:21 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeTouch]
    --a------ 2005-07-22 03:12 184320 C:\Program Files\VolumeTouch\VolumeTouch.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "G:\\FM 08\\fm.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\windows\\system32\\snrb6.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d848856a-8d1f-11dc-99c0-000c76a662fe}]
    \Shell\AutoRun\command - L:\LaunchU3.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-04-04 10:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 23:00:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
    "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\Integrator.exe
    C:\WINDOWS\System32\imapi.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-04-09 23:08:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-09 21:08:03
    Pre-Run: 2,293,694,464 bytes beschikbaar
    Post-Run: 2,125,082,624 bytes beschikbaar
    .
    2008-03-13 05:47:57 --- E O F ---
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  11. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    Here u guys go, was kinda busy sorry fot that:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:31:05, on 9-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.174.252.197:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Hare\Hare.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [java_sun] Java (Sun)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 8398 bytes


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/11/2008 at 01:44 AM

    Application Version : 4.0.1154

    Core Rules Database Version : 3435
    Trace Rules Database Version: 1427

    Scan type : Complete Scan
    Total Scan Time : 03:16:47

    Memory items scanned : 373
    Memory threats detected : 0
    Registry items scanned : 6368
    Registry threats detected : 0
    File items scanned : 378235
    File threats detected : 181

    Trojan.Media-Codec
    C:\DOCUMENTS AND SETTINGS\ROBERT\DOCTORWEB\QUARANTINE\A0042090.EXE
    C:\DOCUMENTS AND SETTINGS\ROBERT\DOCTORWEB\QUARANTINE\PMSNGR.EXE
    M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\PMMON.EXE

    Trojan.Vundo-Variant/F
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040329.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040362.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040688.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042179.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042181.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042184.DLL
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\EWIDO\SECURITY SUITE\TRAY_DLL.DLL
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\GOOGLE\GOOGLE EARTH PRO\ETSYSTEM.DLL

    Adware.Vundo-Variant/Small-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040331.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040361.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040689.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042180.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042182.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP407\A0042186.DLL

    Adware.Vundo-Variant/E
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP403\A0040690.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042084.DLL

    Adware.Tracking Cookie
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\rob[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][1].txt
    M:\Robert Backup feb 2007\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected]_media_player[1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][2].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Cookies\[email protected][1].txt

    Browser Hijacker.Favorites
    M:\ROBERT BACKUP FEB 2007\FAVORIETEN\ONLINE SECURITY TEST.URL

    Trojan.Unknown Origin
    M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\OT.ICO
    M:\ROBERT BACKUP FEB 2007\LOCAL SETTINGS\TEMP\TEMP.FRD5E1\TS.ICO
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\WINDOWS\TELLER2.CHK

    BearShare File Sharing Client
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\IR_EXT_TEMP_0\AUTOPLAY\DOCS\ALL FIXES NEEDED\FIX BEARSHARE PRO V5.1.0.26\BEARSHARE.EXE

    Trojan.Unclassified/Loader-Suspicious
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\IR_EXT_TEMP_0\AUTOPLAY\DOCS\ALL FIXES NEEDED\MORPHEUS ULTRA V5.0 LOADER\LOADER.EXE

    Adware.Unknown Origin
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\PROGRAM FILES\COMMON FILES\ORUI\ORUID\CLASS-BARREL

    Trojan.Downloader-Gen
    S:\BACKUP\BACKUPPPPP\BACKUPPPPP\WINDOWS\SYSTEM32\WINSUB.XML

    Adware.WhenU
    S:\SYSTEM VOLUME INFORMATION\_RESTORE{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042105.EXE

    TargetSaver, Inc. Process
    S:\SYSTEM VOLUME INFORMATION\_RESTORE{618485BA-0F8C-4B00-92A4-477554FA1A46}\RP379\A0041760.EXE

    Trace.Known Threat Sources
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\LBSM9LY0\footer_dots[1].gif
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\8P2YL6W5\shopica_logo_bott[1].gif
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\LBSM9LY0\shopica_logo_top[1].gif
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\8P2YL6W5\style[2].css
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\4Z74VV4W\ads[1].htm
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\F4WUNFH8\sp[1].gif
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\F4WUNFH8\search[1].htm
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\4Z74VV4W\js[1].js
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\WLWPYRG1\loaderbb[2].htm
    M:\Robert Backup feb 2007\Local Settings\Temporary Internet Files\Content.IE5\45KVCJ8J\wintod[1].exe
     
  12. RKeano

    RKeano Thread Starter

    Joined:
    Apr 6, 2008
    Messages:
    9
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, April 11, 2008 1:21:55 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/04/2008
    Kaspersky Anti-Virus database records: 696523
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    G:\
    K:\
    M:\
    S:\

    Scan Statistics:
    Total number of scanned objects: 389550
    Number of viruses found: 34
    Number of infected objects: 107
    Number of suspicious objects: 0
    Duration of the scan process: 04:11:19

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Robert\Application Data\$_hpcst$.hpc Object is locked skipped
    C:\Documents and Settings\Robert\Bureaublad\SDFix\backups\backups.zip/backups/1207247969.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
    C:\Documents and Settings\Robert\Bureaublad\SDFix\backups\backups.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip/Msn Update.zip/Msn Update.exe Infected: Backdoor.Win32.VB.art skipped
    C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip/Msn Update.zip Infected: Backdoor.Win32.VB.art skipped
    C:\Documents and Settings\Robert\Bureaublad\****\MrX- Internet troy 1.zip ZIP: infected - 2 skipped
    C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\DoctorWeb\Quarantine\A0042098.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\Documents and Settings\Robert\DoctorWeb\Quarantine\SmileyCentralFFSetup2.1.50.3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbc2e.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbdam Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbdao Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbeam Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbeao Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbm Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbu2d.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbvm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\dbvmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\fii.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\fiih.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\hp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\hpt2i.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm1m.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpm1mh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\rpmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-enchashm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-urlm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-black-urlmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-malware-domainm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-white-domainm.cf1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Google Desktop\e8a01b936781\safeweb\goog-white-domainmh.ht1 Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\dfsr.db Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\fsr.log Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_AC74_B28B_74B2_57B2\tmp.edb Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Geschiedenis\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\WCESLog.log Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DF19EE.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DF1A0D.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DF989.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DF9F1.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DFA7FB.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\~DFF08E.tmp Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Robert\NTUSER.DAT.LOG Object is locked skipped
    C:\Program Files\Image-Line\FL Studio 7\crack.exe/rBot.exe Infected: Backdoor.Win32.Rbot.bqa skipped
    C:\Program Files\Image-Line\FL Studio 7\crack.exe CAB: infected - 1 skipped
    C:\Program Files\TVersity\Media Server\db\medialib.db Object is locked skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\clgsehgu.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\ctcfiqhd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\horyodcv.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\jxfpakpp.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\mmqeptmb.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\snrb6.exe.vir Infected: Trojan-Clicker.Win32.Delf.ug skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\yrytullo.dll.vir Infected: Packed.Win32.Monder.gen skipped
    C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip/Documents and Settings/Robert/Bureaublad/catchme.zip/yeTyezzd.sys Infected: Trojan-Clicker.Win32.Costrat.ff skipped
    C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip/Documents and Settings/Robert/Bureaublad/catchme.zip Infected: Trojan-Clicker.Win32.Costrat.ff skipped
    C:\QooBox\Quarantine\catchme2008-04-09_230016.00.zip ZIP: infected - 2 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP409\A0043343.exe Infected: Trojan-Clicker.Win32.Delf.ug skipped
    C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043397.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
    C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043398.exe Infected: Trojan-Downloader.Win32.Zlob.bai skipped
    C:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{45531259-2BA5-472A-B6BE-27195004D304}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd7133.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\TVersityMediaServer.log Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip/crack.exe/rBot.exe Infected: Backdoor.Win32.Rbot.bqa skipped
    M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip/crack.exe Infected: Backdoor.Win32.Rbot.bqa skipped
    M:\Big Files\fl.studio.xxl.producer.edition.7.rc6.updated.2.crack-tsrh.zip ZIP: infected - 2 skipped
    M:\Robert Backup feb 2007\Local Settings\Temp\8BB.tmp Infected: Backdoor.Win32.Agent.aee skipped
    M:\Robert Backup feb 2007\Local Settings\Temp\8BE.tmp Infected: Backdoor.Win32.Agent.aee skipped
    M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    M:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043399.exe Infected: Trojan-Downloader.Win32.Zlob.bet skipped
    M:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP410\A0043406.exe Infected: Backdoor.Win32.Agent.aee skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/spdhook.dll Infected: Trojan-PSW.Win32.Stealer.i skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/UnInstall.exe Infected: Trojan-PSW.Win32.Stealer.i skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar/lpr123.exe Infected: Trojan-PSW.Win32.Stealer.i skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin/data.rar Infected: Trojan-PSW.Win32.Stealer.i skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe/data0000.bin Infected: Trojan-PSW.Win32.Stealer.i skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\rps27full.exe EmbeddedEXE: infected - 5 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-638ce907.zip ZIP: infected - 4 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6789d00c.zip ZIP: infected - 4 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-1570a856.zip ZIP: infected - 3 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe/data0001.bin/file77 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe/data0001.bin Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\install.exe EmbeddedEXE: infected - 2 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip/SuperFast Shotdown/setup.exe/data0002 Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip/SuperFast Shotdown/setup.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Bureaublad\SuperFast.zip RAR: infected - 2 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Limewire\MAGIX music maker 2004 deLuxe.zip/MAGIX music maker 2004 deLuxe/Magix Music Maker 2004 Crack.EXE Infected: Trojan.BAT.Delwin.ci skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Limewire\MAGIX music maker 2004 deLuxe.zip ZIP: infected - 1 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip/ Radmin22/RADMIN22.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
    S:\Backup\Backuppppp\backuppppp\Documents and Settings\Robert\Mijn documenten\Mijn ontvangen bestanden\ Radmin22.zip ZIP: infected - 4 skipped
    S:\Stuff\Limewire\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
    S:\Stuff\Progs\bsplayer141.832.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    S:\Stuff\Progs\bsplayer141.832.exe NSIS: infected - 1 skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/2_Credit_Card_Number_Generator_4.0/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/1/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/2/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/3/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/4/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/5/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/6/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/7/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip/8/Cmaster4.exe Infected: not-virus:Hoax.Win32.CardGen.g skipped
    S:\Stuff\Progs\CCNumber_Gen.zip ZIP: infected - 9 skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe/pwdump2/samdump.dll Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe/pwdump2/pwdump2.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/rock.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab/RockXP4.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/data0000.cab Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar/MGVPatch/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    S:\Stuff\Progs\MGVPatch.rar RAR: infected - 10 skipped
    S:\Stuff\Progs\pcast.exe Infected: not-a-virus:AdWare.Win32.Dudu.f skipped
    S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0019.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0019.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe/WISE0035.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    S:\Stuff\Progs\vtp3.zip/Vista Transformation Pack 3.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
    S:\Stuff\Progs\vtp3.zip ZIP: infected - 4 skipped
    S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042099.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042100.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042102.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042103.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042104.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042107.exe NSIS: infected - 7 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042112.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    S:\System Volume Information\_restore{06827A82-75D4-4385-8A70-3623C8364402}\RP406\A0042113.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped

    Scan process completed.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]


    You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt2 by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders.
    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it.
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405



    Now you should Clean up your PC

    Let me know if you are still having any problems.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - running abnormaly slow
  1. larryslade
    Replies:
    9
    Views:
    1,016
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701059

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice