Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

surflite problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 rvdwetering

rvdwetering

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 14 December 2008 - 07:47 AM

Hi yesterday I discovered this. I did the rsit but can't do the kaspersky scan, because my internet seems to be blocked
Help is appreciated. I unfortunately couldnt safe the fist log but I did the combofix log

ComboFix 08-12-13.03 - Richard 2008-12-14 13:22:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2046.1467 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Richard\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active


WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\20491.exe
C:\24987.exe
C:\42742.exe
C:\63470.exe
C:\76750.exe
C:\79699.exe
C:\88961.exe
C:\95645.exe
C:\99060.exe
c:\documents and settings\Richard\Application Data\inst.exe
c:\program files\Gene6 FTP Server
c:\program files\Gene6 FTP Server\Accounts\Home\groups\Vrienden.ini
c:\program files\Gene6 FTP Server\Accounts\Home\settings.ini
c:\program files\Gene6 FTP Server\Accounts\Home\users\Testuser.ini
c:\program files\Gene6 FTP Server\Accounts\settings.ini
c:\program files\Gene6 FTP Server\Backup\Administrator.reg
c:\program files\Gene6 FTP Server\Backup\RemoteAdmin\Remote.ini
c:\program files\Gene6 FTP Server\Help\manual.pdf
c:\program files\Gene6 FTP Server\Log\eigen-2007-01.log
c:\program files\Gene6 FTP Server\Log\eigen-transfers-2007-01.log
c:\program files\Gene6 FTP Server\Log\Home-2007-01-14.log
c:\program files\Gene6 FTP Server\Log\Home-2007-01.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-07-01-12.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-07-01-13.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-07-01-14.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-07-01-16.log
c:\program files\Gene6 FTP Server\RemoteAdmin\Remote.ini
c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.crt
c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.key
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\ddcBRjGa.dll
c:\windows\system32\nnnkjKCs.dll
c:\windows\system32\yayvUOhh.dll
c:\windows\Tasks\amhvsnbz.job
c:\windows\Tasks\ayrqcfuc.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv.sys


(((((((((((((((((((( Bestanden Gemaakt van 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))
.

2008-12-14 13:18 . 2008-12-14 13:18 <DIR> d-------- C:\rsit
2008-12-14 13:18 . 2008-12-14 13:18 <DIR> d-------- c:\program files\trend micro
2008-12-13 16:43 . 2008-12-13 16:43 61,440 --a------ c:\windows\system32\drivers\pkfbtx.sys
2008-12-13 15:51 . 2008-12-13 15:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 15:51 . 2008-12-13 15:51 <DIR> d-------- c:\documents and settings\Richard\Application Data\Malwarebytes
2008-12-13 15:51 . 2008-12-13 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 15:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 15:51 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 11:26 . 2008-12-13 11:26 580,096 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-13 11:14 . 2008-12-13 11:14 <DIR> d-------- c:\windows\ERUNT
2008-12-13 11:10 . 2008-12-14 12:42 <DIR> d-------- C:\SDFix
2008-12-12 19:30 . 2008-12-12 19:30 <DIR> d-------- c:\program files\IESurfBar
2008-12-12 19:30 . 2008-12-12 19:30 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-12-12 19:30 . 2008-12-14 13:35 93,420 --a------ c:\windows\system32\drivers\fa8582c9.sys
2008-12-12 19:30 . 2008-12-12 19:31 51,712 --a------ C:\qfqjvbcu.exe
2008-12-05 22:35 . 2008-12-05 22:50 <DIR> d-------- c:\program files\MediaCoder
2008-11-25 23:33 . 2008-11-25 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 23:22 . 2008-11-25 23:22 <DIR> d-------- c:\program files\Safari
2008-11-25 22:42 . 2008-11-25 22:42 <DIR> d-------- c:\program files\ROUTE 66
2008-11-25 22:42 . 2008-11-25 22:42 <DIR> d-------- c:\program files\Common Files\ROUTE 66
2008-11-25 22:42 . 2008-11-25 22:42 <DIR> d-------- c:\documents and settings\Richard\Application Data\ROUTE 66 Sync
2008-11-25 20:04 . 2008-11-25 20:04 <DIR> d-------- c:\documents and settings\Richard\Application Data\InstallShield
2008-11-19 17:29 . 2008-11-19 17:29 <DIR> d-------- c:\program files\Symbian OS Tools
2008-11-19 17:29 . 2008-11-19 17:29 <DIR> d-------- c:\program files\Common Files\Symbian
2008-11-19 17:26 . 2008-11-19 17:43 <DIR> d-------- C:\unsigned
2008-11-19 17:13 . 2008-11-19 17:13 4,128 --a------ C:\INFCACHE.1
2008-11-19 17:07 . 2008-11-19 17:07 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-19 17:06 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-19 17:06 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-19 17:06 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-19 17:06 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-19 17:06 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-19 17:06 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-11-16 10:35 . 2008-11-16 10:35 <DIR> d-------- c:\program files\Sun

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 12:10 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-12 18:31 6,656 ----a-w c:\windows\system32\drivers\aec.sys
2008-12-12 18:22 --------- d-----w c:\documents and settings\Richard\Application Data\uTorrent
2008-11-25 22:33 --------- d-----w c:\program files\iTunes
2008-11-25 22:33 --------- d-----w c:\program files\iPod
2008-11-25 22:33 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 22:31 --------- d-----w c:\program files\Bonjour
2008-11-25 22:30 --------- d-----w c:\program files\QuickTime
2008-11-25 21:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 06:24 --------- d-----w c:\program files\TurboFTP
2008-11-24 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Digital Film Tools
2008-11-24 19:42 --------- d-----w c:\documents and settings\Richard\Application Data\Nokia
2008-11-19 16:14 --------- d-----w c:\documents and settings\Richard\Application Data\PC Suite
2008-11-19 16:07 --------- d-----w c:\program files\Nokia
2008-11-19 16:07 --------- d-----w c:\program files\Common Files\Nokia
2008-11-19 06:29 --------- d-----w c:\program files\McAfee
2008-11-16 09:34 --------- d-----w c:\program files\Java
2008-11-09 20:53 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-11-09 20:48 --------- d-----w c:\program files\MSXML 6.0
2008-11-09 20:34 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-09 20:33 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-09 20:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-09 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-09 19:56 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-09 19:56 --------- d-----w c:\program files\DIFX
2008-10-30 20:19 --------- d-----w c:\documents and settings\Richard\Application Data\ImgBurn
2008-10-30 20:05 --------- d-----w c:\program files\ImgBurn
2008-10-30 20:05 --------- d-----w c:\documents and settings\Richard\Application Data\Vso
2008-10-30 19:44 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-30 19:44 47,360 ----a-w c:\documents and settings\Richard\Application Data\pcouffin.sys
2008-10-30 19:44 --------- d-----w c:\program files\VSO
2008-10-30 19:27 --------- d-----w c:\program files\MSN Messenger
2008-10-30 16:48 --------- d-----w c:\program files\HP
2008-10-27 20:04 --------- d-----w c:\program files\FTDv3.7.2
2008-10-27 19:19 --------- d-----w c:\program files\LimeWire
2008-10-27 19:17 --------- d-----w c:\program files\TweakRAM
2008-10-27 18:19 --------- d-----w c:\program files\Apple Software Update
2008-10-27 18:15 --------- d-----w c:\program files\Last.fm
2008-10-27 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-10-27 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-27 17:31 --------- d-----w c:\program files\Pure CD Ripper
2008-10-27 17:31 --------- d-----w c:\program files\Nedstat
2008-10-27 17:07 --------- d---a-w c:\program files\Furnish Pro
2008-10-27 17:07 --------- d-----w c:\program files\DVDlabPro2
2008-10-27 17:06 81,920 ----a-w c:\documents and settings\Richard\Application Data\ezpinst.exe
2008-10-27 17:06 --------- d-----w c:\program files\DVDFab Platinum
2008-10-27 17:03 --------- d-----w c:\program files\BreezeSys
2008-10-27 17:02 --------- d-----w c:\program files\Common Files\element5 Shared
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-12-11 19:30 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-11 19:30 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-11 19:30 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-11 19:30 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-11 19:30 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-08 36864]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 5926912]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPpromo psc 2400 series"="c:\program files\HP\Digital Imaging\Promotions\HPpromo.exe" [2003-10-09 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SDFix"="c:\sdfix\RunThis.bat" [2008-11-06 964661]
"CTHelper"="CTHELPER.EXE" [2003-02-20 c:\windows\system32\CTHELPER.EXE]
"AsioReg"="CTASIO.DLL" [2003-02-20 c:\windows\system32\CTASIO.DLL]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2008-02-14 1081344]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-07-12 581632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vigupy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 a320raid;RAID Controller;c:\windows\system32\drivers\a320raid.sys [2005-07-07 251578]
R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\AFAmgt.sys [2004-04-21 92411]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2002-07-19 6656]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2004-02-08 118784]
R2 AsfAlrt;AsfAlrt;\??\c:\windows\system32\drivers\AsfAlrt.sys [2002-12-18 36064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-27 203280]
S2 RAIDStorAgent;RAID Storage Manager Agent;"c:\program files\Dell\RAID Storage Manager\StorServ.exe" [2004-06-16 49152]
S2 WinFTP Server Service;WinFtp Server Service;c:\program files\WinFtp Server\WFTPSRV.exe service []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-09 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-09 8320]
S4 Hpoouduv;Hpoouduv;c:\windows\system32\drivers\cpqdap01.sys [2001-08-17 11776]
.
Inhoud van de 'Gedeelde Taken' map

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2007-09-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-14 c:\windows\Tasks\WebReg 20081214133459.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 22:47]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Zinio DLM - c:\program files\Zinio\ZinioDeliveryManager.exe
HKCU-Run-XPRepairPro2007 - c:\program files\XP Repair Pro 2007\XPRepairPro.exe
HKLM-Run-Managing Services - c:\windows\system32\spools.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.binsearch.info/
uInternet Settings,ProxyOverride = localhost;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\mb8joaxu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 13:33:43
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\fa8582c9]
"ImagePath"="\SystemRoot\System32\drivers\fa8582c9.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxmhltoiqt.sys"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\CRW\shwicon.exe
c:\program files\McAfee\MWL\MwlGui.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\docume~1\Richard\LOCALS~1\Temp\bwgo00035584.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\McAfee\MWL\MwlSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2008-12-14 13:42:48 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-14 12:42:40

Pre-Run: 30.480.191.488 bytes beschikbaar
Post-Run: 37,806,456,832 bytes beschikbaar

325 --- E O F --- 2008-12-13 09:54:42

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:57 PM

Posted 21 December 2008 - 04:11 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:57 PM

Posted 27 December 2008 - 01:26 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users