Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help asap: agent.odg


  • This topic is locked This topic is locked
13 replies to this topic

#1 dan87

dan87

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 08 June 2009 - 06:09 AM

I think i have a problem here guys.. i can't get rid of this virus. Ill try to explain what happened (sorry, my english isnt that good).

I first noticed that something was wrong when i tried to do a scan with Norton Internet Security and it didnt scan. So i downloaded Nod32 and it said i had the agent.odg virus but that it could not remove it.

Posted Image

So i did some searching on Google and found out i had to download MalwareBytes, i did and it found some things which i deleted or cleaned or w/e.
After that i did a scan with Nod32 again and the virus is still here. Malwarebytes however now says i don't have any infections.
I also used CC Cleaner and cleaned/removed everything.

Now i read that i have to use Combofix but that i need to ask some people who know how to use it first, so here i am!

I downloaded it and its on my desktop :thumbup2:


I'm really a n00b when it comes to computers, i tried everything i could so can someone please help me with this?

BC AdBot (Login to Remove)

 


#2 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 08 June 2009 - 06:34 AM

here is my DDS log


DDS (Ver_09-05-14.01) - NTFSx86
Run by Danny at 13:19:02,42 on ma 08-06-2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1252.31.1043.18.3000.1583 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Danny\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vb32&d=0409&m=easynote_mh45
mStart Page = hxxp://www.cooxer.com/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vb32&d=0409&m=easynote_mh45
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\qtgcilbr.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-29 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-29 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-29 482352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSvix86.sys [2009-5-29 292912]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2009-4-28 41456]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-29 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-28 101936]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-13 418816]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-4-29 39984]
S3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-1-13 3658752]

=============== Created Last 30 ================

2009-06-08 00:44 <DIR> --d--r-- c:\program files\Norton Support
2009-06-08 00:26 <DIR> --d----- c:\users\danny\appdata\roaming\Malwarebytes
2009-06-08 00:25 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 00:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-08 00:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-08 00:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-08 00:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 00:15 <DIR> --d----- c:\program files\CCleaner
2009-06-08 00:02 <DIR> --d----- c:\users\danny\appdata\roaming\ESET
2009-06-07 23:59 <DIR> --d----- c:\programdata\ESET
2009-06-07 23:59 <DIR> --d----- c:\program files\ESET
2009-06-06 19:41 225,280 a------- c:\windows\system32\rewire.dll
2009-06-06 19:41 <DIR> --d----- c:\program files\VstPlugins
2009-06-06 19:41 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-06-06 19:40 <DIR> --d----- c:\program files\Outsim
2009-06-02 16:25 <DIR> --d----- c:\program files\Championship Manager 01-02
2009-06-02 16:25 306,688 a------- c:\windows\IsUninst.exe
2009-05-31 17:21 <DIR> --d----- c:\users\danny\appdata\roaming\uTorrent
2009-05-20 19:45 0 a------- c:\users\danny\appdata\roaming\wklnhst.dat
2009-05-20 15:50 <DIR> --d----- c:\program files\VideoLAN
2009-05-16 20:40 440,080 a------- c:\windows\system32\d3dx10.dll
2009-05-16 20:40 251,672 a------- c:\windows\system32\xactengine2_5.dll
2009-05-16 20:40 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-05-16 20:40 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-05-16 20:40 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-05-16 20:40 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-05-15 19:38 <DIR> --d----- c:\users\danny\appdata\roaming\PeerNetworking
2009-05-15 15:13 <DIR> --d----- c:\program files\common files\Logitech
2009-05-13 18:02 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-13 14:03 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-05-13 14:01 2,570,520 a------- c:\windows\system32\drivers\LV302V32.SYS
2009-05-13 14:01 490,008 a------- c:\windows\system32\LVUI2.dll
2009-05-13 14:01 465,432 a------- c:\windows\system32\LVUI2RC.dll
2009-05-13 14:01 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-05-13 14:01 195,096 a------- c:\windows\system32\lvci11801048.dll
2009-05-13 14:01 66,482 a------- c:\windows\system32\lvcoinst.ini
2009-05-13 14:01 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-05-13 14:01 627,864 a------- c:\windows\system32\drivers\lvrs.sys
2009-05-13 14:01 25,974 a------- c:\windows\system32\Repository.reg
2009-05-13 14:01 13,848 a------- c:\windows\system32\drivers\lv302af.sys
2009-05-13 13:59 <DIR> --d----- c:\programdata\Logishrd
2009-05-13 13:59 <DIR> --d----- c:\programdata\Logitech

==================== Find3M ====================

2009-06-08 00:48 667,352 a------- c:\windows\system32\perfh013.dat
2009-06-08 00:48 126,854 a------- c:\windows\system32\perfc013.dat
2009-06-08 00:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 00:01 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 00:01 86,016 a------- c:\windows\inf\infstor.dat
2009-04-29 13:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 00:33 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 00:33 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-29 00:33 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-28 23:21 163,566 a------- c:\windows\Screen Recorder Pro Uninstaller.exe
2009-04-28 14:01 0 a------- c:\windows\system32\drivers\PACKARDBELLBV_EasyNoteMH45_N-A_122688140134.MRK
2009-04-28 13:48 8,172 a------- c:\windows\system32\ezdigsgn.dat
2009-04-28 13:48 268,288 a------- c:\windows\system32\ezSetup.exe
2009-04-28 13:48 111,104 a------- c:\windows\system32\ezShellStart.exe
2009-04-28 13:48 91,136 a------- c:\windows\system32\ezUninst.exe
2009-04-28 13:48 49,152 a------- c:\windows\system32\ezUPBHook.dll
2009-04-28 13:48 15,872 a------- c:\windows\system32\ezMAPIHelper.exe
2009-04-15 22:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 22:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 22:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 22:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 22:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 22:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 22:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 22:24 684,032 a------- c:\windows\system32\DivX.dll
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-01-13 05:17 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 07:43 336,440 a------- c:\windows\inf\perflib\0413\perfi.dat
2008-01-21 07:43 336,440 a------- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 07:43 41,976 a------- c:\windows\inf\perflib\0413\perfd.dat
2008-01-21 07:43 41,976 a------- c:\windows\inf\perflib\0413\perfc.dat
2008-01-21 04:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:28:12,14 ===============

#3 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 08 June 2009 - 07:49 AM

ok i did combofix and i think it worked?! everything works now, Norton scans again.. Nod32 doesnt find a threat.. so i guess problem is solved?

Is there anything i need to do now? Things like post my combofix log, make a new recovery thing, delete combofix etc? i would be really thankfull if somebody could help me .
==============
Hello,

Just because symptoms are gone doesn't mean the infection is gone. Also, you REALLY should not run Combofix on your own. Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 08 June 2009 - 11:48 AM.


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 18 June 2009 - 09:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 19 June 2009 - 07:39 AM

Hello and thanks for the response, like i said i think i fixed the problem with combofix.. but i'm not sure so i just want to know if im malware/virus free now.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Danny at 14:32:29,94 on vr 19-06-2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1252.31.1043.18.3000.1415 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Danny\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.cooxer.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\qtgcilbr.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-29 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-29 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-29 482352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSvix86.sys [2009-6-13 292912]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2009-4-28 41456]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-29 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-28 101936]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-1-13 418816]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-4-29 39984]
S3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-1-13 3658752]

=============== Created Last 30 ================

2009-06-10 04:51 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 04:51 636,928 a------- c:\windows\system32\localspl.dll
2009-06-08 14:38 <DIR> --d----- C:\temp
2009-06-08 14:37 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-08 14:07 161,792 a------- c:\windows\SWREG.exe
2009-06-08 14:07 155,136 a------- c:\windows\PEV.exe
2009-06-08 14:07 98,816 a------- c:\windows\sed.exe
2009-06-08 00:44 <DIR> --d--r-- c:\program files\Norton Support
2009-06-08 00:26 <DIR> --d----- c:\users\danny\appdata\roaming\Malwarebytes
2009-06-08 00:25 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 00:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-08 00:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-08 00:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-08 00:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 00:15 <DIR> --d----- c:\program files\CCleaner
2009-06-08 00:02 <DIR> --d----- c:\users\danny\appdata\roaming\ESET
2009-06-07 23:59 <DIR> --d----- c:\programdata\ESET
2009-06-07 23:59 <DIR> --d----- c:\program files\ESET
2009-06-06 19:41 225,280 a------- c:\windows\system32\rewire.dll
2009-06-06 19:41 <DIR> --d----- c:\program files\VstPlugins
2009-06-06 19:41 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-06-06 19:40 <DIR> --d----- c:\program files\Outsim
2009-06-02 16:25 <DIR> --d----- c:\program files\Championship Manager 01-02
2009-06-02 16:25 306,688 a------- c:\windows\IsUninst.exe
2009-05-31 17:21 <DIR> --d----- c:\users\danny\appdata\roaming\uTorrent
2009-05-20 19:45 0 a------- c:\users\danny\appdata\roaming\wklnhst.dat
2009-05-20 15:50 <DIR> --d----- c:\program files\VideoLAN

==================== Find3M ====================

2009-06-18 04:34 667,352 a------- c:\windows\system32\perfh013.dat
2009-06-18 04:34 126,854 a------- c:\windows\system32\perfc013.dat
2009-06-08 00:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 00:01 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 00:01 86,016 a------- c:\windows\inf\infstor.dat
2009-05-13 14:03 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-05-09 07:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 07:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-29 13:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 00:33 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 00:33 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-29 00:33 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-28 23:21 163,566 a------- c:\windows\Screen Recorder Pro Uninstaller.exe
2009-04-28 14:01 0 a------- c:\windows\system32\drivers\PACKARDBELLBV_EasyNoteMH45_N-A_122688140134.MRK
2009-04-28 13:48 8,172 a------- c:\windows\system32\ezdigsgn.dat
2009-04-28 13:48 268,288 a------- c:\windows\system32\ezSetup.exe
2009-04-28 13:48 111,104 a------- c:\windows\system32\ezShellStart.exe
2009-04-28 13:48 91,136 a------- c:\windows\system32\ezUninst.exe
2009-04-28 13:48 49,152 a------- c:\windows\system32\ezUPBHook.dll
2009-04-28 13:48 15,872 a------- c:\windows\system32\ezMAPIHelper.exe
2009-04-23 14:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 22:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 22:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 22:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 22:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 22:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 22:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 22:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 22:24 684,032 a------- c:\windows\system32\DivX.dll
2009-01-13 05:17 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 07:43 336,440 a------- c:\windows\inf\perflib\0413\perfi.dat
2008-01-21 07:43 336,440 a------- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 07:43 41,976 a------- c:\windows\inf\perflib\0413\perfd.dat
2008-01-21 07:43 41,976 a------- c:\windows\inf\perflib\0413\perfc.dat
2008-01-21 04:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:33:36,17 ===============

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 19 June 2009 - 08:30 PM

Hi dan87,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

-------------------------------------------------------------------------------------------------------------------------------

Hi dan87,

Yes, the odg trojan is present as a driver so we will be using Combofix.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 19 June 2009 - 10:05 PM

Hello m0le, thanks for helping me :thumbup2: I really appreciate it.

Here is the combofix log:


ComboFix 09-06-18.02 - Danny 20-06-2009 4:49.2 - NTFSx86
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1252.31.1043.18.3000.1790 [GMT 2:00]
Gestart vanuit: c:\users\Danny\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))
.

2009-06-20 02:53 . 2009-06-20 02:56 -------- d-----w- c:\users\Danny\AppData\Local\temp
2009-06-13 02:04 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-13 02:04 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-13 02:04 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-13 02:04 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-13 02:04 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-10 02:51 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 02:51 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 02:50 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 02:50 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 02:50 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 12:38 . 2009-06-08 12:38 -------- d-----w- C:\temp
2009-06-08 12:28 . 2009-06-08 12:28 -------- d-----w- c:\users\Danny\AppData\Local\ESET
2009-06-07 22:44 . 2009-06-07 22:44 -------- d-----r- c:\program files\Norton Support
2009-06-07 22:26 . 2009-06-07 22:26 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes
2009-06-07 22:25 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 22:25 . 2009-06-07 22:25 -------- d-----w- c:\programdata\Malwarebytes
2009-06-07 22:25 . 2009-06-07 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 22:25 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 22:15 . 2009-06-07 22:15 -------- d-----w- c:\program files\CCleaner
2009-06-07 21:59 . 2009-06-07 21:59 -------- d-----w- c:\program files\ESET
2009-06-06 17:41 . 2009-06-06 18:15 -------- d-----w- c:\program files\VstPlugins
2009-06-06 17:41 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-06-06 17:40 . 2009-06-06 17:40 -------- d-----w- c:\program files\Outsim
2009-06-02 14:25 . 2009-06-02 14:36 -------- d-----w- c:\program files\Championship Manager 01-02
2009-06-02 14:25 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-31 15:21 . 2009-06-19 20:15 -------- d-----w- c:\users\Danny\AppData\Roaming\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 16:59 . 2008-01-21 05:45 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-06-19 16:59 . 2008-01-21 05:45 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-06-10 15:06 . 2009-01-13 04:15 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 15:05 . 2009-01-13 04:14 -------- d-----w- c:\programdata\Microsoft Help
2009-06-07 22:39 . 2009-01-13 04:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 13:14 . 2009-04-28 11:48 -------- d-----w- c:\program files\EasyBits For Kids
2009-05-20 17:45 . 2009-05-20 17:45 0 ----a-w- c:\users\Danny\AppData\Roaming\wklnhst.dat
2009-05-20 13:52 . 2009-05-20 13:51 -------- d-----w- c:\users\Danny\AppData\Roaming\vlc
2009-05-20 13:50 . 2009-05-20 13:50 -------- d-----w- c:\program files\VideoLAN
2009-05-18 22:12 . 2009-05-16 18:38 -------- d-----w- c:\program files\Ubisoft
2009-05-15 17:38 . 2009-05-15 17:38 -------- d-----w- c:\users\Danny\AppData\Roaming\PeerNetworking
2009-05-15 13:13 . 2009-05-15 13:13 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-15 13:08 . 2009-05-13 11:59 -------- d-----w- c:\programdata\Logishrd
2009-05-13 16:02 . 2009-05-13 16:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-13 16:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 12:04 . 2009-05-13 11:59 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-05-13 12:03 . 2009-05-13 12:03 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-05-13 12:02 . 2009-05-13 11:59 -------- d-----w- c:\program files\Logitech
2009-05-13 12:02 . 2009-05-13 12:02 -------- d-----w- c:\users\Danny\AppData\Roaming\Leadertech
2009-05-13 11:59 . 2009-05-13 11:59 -------- d-----w- c:\programdata\Logitech
2009-05-08 21:45 . 2009-04-28 11:54 71256 ----a-w- c:\users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-02 10:20 . 2009-05-01 02:30 680 ----a-w- c:\users\Danny\AppData\Local\d3d9caps.dat
2009-05-01 19:16 . 2009-01-13 04:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-29 15:32 . 2009-04-29 15:32 -------- d-----w- c:\users\Danny\AppData\Roaming\SystemRequirementsLab
2009-04-29 15:32 . 2009-04-29 15:32 207872 ----a-w- c:\users\Danny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-29 15:32 . 2009-04-29 15:32 207872 ----a-w- c:\users\Danny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-29 15:32 . 2009-04-29 15:32 207872 ----a-w- c:\users\Danny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-29 15:32 . 2009-04-29 15:32 207872 ----a-w- c:\users\Danny\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-29 13:03 . 2009-04-28 11:59 -------- d-----w- c:\programdata\CyberLink
2009-04-29 12:34 . 2009-04-29 12:13 -------- d-----w- c:\users\Danny\AppData\Roaming\Winamp
2009-04-29 12:14 . 2009-04-29 12:13 -------- d-----w- c:\program files\Winamp
2009-04-29 11:36 . 2009-04-29 11:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-29 11:36 . 2009-04-29 11:36 -------- d-----w- c:\program files\Java
2009-04-29 10:04 . 2009-04-29 10:04 -------- d-----w- c:\programdata\Symantec
2009-04-28 23:40 . 2009-04-28 22:48 -------- d-----w- c:\users\Danny\AppData\Roaming\DivX
2009-04-28 22:45 . 2009-04-28 22:45 -------- d-----w- c:\program files\DivX
2009-04-28 22:45 . 2009-04-28 22:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-04-28 22:45 . 2009-04-28 22:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-28 22:33 . 2009-04-28 12:11 -------- d-----w- c:\program files\Symantec
2009-04-28 22:33 . 2009-04-28 12:11 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-28 22:33 . 2009-04-28 12:11 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 22:33 . 2009-04-28 12:11 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-28 21:23 . 2009-04-28 21:21 -------- d-----w- c:\programdata\River Past G5
2009-04-28 21:21 . 2009-04-28 21:21 163566 ----a-w- c:\windows\Screen Recorder Pro Uninstaller.exe
2009-04-28 21:21 . 2009-04-28 21:21 -------- d-----w- c:\users\Danny\AppData\Roaming\River Past G5
2009-04-28 21:21 . 2009-04-28 21:21 -------- d-----w- c:\program files\Common Files\River Past
2009-04-28 21:21 . 2009-04-28 21:21 -------- d-----w- c:\program files\River Past
2009-04-28 20:06 . 2009-04-28 20:06 -------- d-----w- c:\program files\SystemRequirementsLab
2009-04-28 19:24 . 2009-01-13 04:22 -------- d-----w- c:\program files\Google
2009-04-28 18:41 . 2009-04-28 12:08 -------- d-----w- c:\users\Danny\AppData\Roaming\CyberLink
2009-04-28 18:32 . 2009-04-28 18:32 -------- d-----w- c:\users\Danny\AppData\Roaming\Nero
2009-04-28 16:05 . 2009-04-28 16:05 -------- d-----w- c:\programdata\FLEXnet
2009-04-28 16:00 . 2009-04-28 16:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-28 16:00 . 2009-01-13 04:31 -------- d-----w- c:\program files\Microsoft
2009-04-28 15:41 . 2009-04-28 12:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-28 14:13 . 2009-01-13 04:30 -------- d-----w- c:\program files\Windows Live
2009-04-28 13:27 . 2009-04-28 13:27 -------- d-----w- c:\users\Danny\AppData\Roaming\Packard Bell
2009-04-28 12:41 . 2009-04-28 12:41 0 ----a-w- c:\windows\nsreg.dat
2009-04-28 12:12 . 2009-01-13 04:35 -------- d-----w- c:\programdata\Norton
2009-04-28 12:08 . 2009-04-28 12:07 -------- d-----w- c:\program files\Common Files\Nero
2009-04-28 12:07 . 2009-04-28 12:07 -------- d-----w- c:\programdata\Nero
2009-04-28 12:07 . 2009-04-28 12:07 -------- d-----w- c:\program files\Nero
2009-04-28 12:01 . 2009-04-28 12:01 0 ----a-w- c:\windows\system32\drivers\PACKARDBELLBV_EasyNoteMH45_N-A_122688140134.MRK
2009-04-28 12:00 . 2009-04-28 11:58 -------- d-----w- c:\program files\CyberLink
2009-04-28 11:55 . 2009-01-13 11:48 -------- d-----w- c:\program files\PACKARD BELL
2009-04-28 11:48 . 2009-04-28 11:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-28 11:48 . 2009-04-28 11:48 8172 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-04-28 11:48 . 2009-04-28 11:48 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-04-28 11:48 . 2009-04-28 11:48 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-04-28 11:48 . 2009-04-28 11:48 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-04-28 11:48 . 2009-04-28 11:48 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-04-28 11:48 . 2009-04-28 11:48 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-sh--we c:\programdata\Sjablonen
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-sh--we c:\programdata\Menu Start
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-sh--we c:\programdata\Favorieten
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-sh--we c:\programdata\Documenten
2009-04-28 11:46 . 2009-04-28 11:46 -------- d-sh--we c:\programdata\Bureaublad
2009-04-27 08:00 . 2009-06-19 19:10 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVENG.SYS
2009-04-27 08:00 . 2009-06-19 19:10 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVEX15.SYS
2009-04-27 08:00 . 2009-06-19 19:10 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVENG32.DLL
2009-04-27 08:00 . 2009-06-19 19:10 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVEX32A.DLL
2009-04-27 08:00 . 2009-06-19 19:10 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\EECTRL.SYS
2009-04-27 08:00 . 2009-06-19 19:10 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\ECMSVR32.DLL
2009-04-27 08:00 . 2009-06-19 19:10 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\CCERASER.DLL
2009-04-27 08:00 . 2009-06-19 19:10 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\ERASER.SYS
2009-04-15 20:25 . 2009-01-13 04:24 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-01-13 04:24 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-03-26 06:00 . 2009-03-26 06:00 64000 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-08_12.34.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 02:50 . 2009-05-12 22:35 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
+ 2009-06-10 02:50 . 2009-05-12 22:35 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
+ 2009-06-10 02:50 . 2009-05-12 22:49 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
+ 2009-06-10 02:50 . 2009-05-12 22:36 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
+ 2009-06-10 02:50 . 2009-05-09 05:50 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
+ 2009-06-10 02:50 . 2009-05-09 05:35 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
+ 2008-01-21 01:58 . 2009-06-10 15:15 39750 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-06-19 16:53 73640 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-10 02:50 . 2009-05-09 05:50 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-05-08 20:24 . 2009-03-08 11:33 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-05-08 20:24 . 2009-03-08 11:33 25600 c:\windows\System32\jsproxy.dll
+ 2009-06-10 02:50 . 2009-05-09 05:35 25600 c:\windows\System32\jsproxy.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 55808 c:\windows\System32\iernonce.dll
- 2009-05-08 20:24 . 2009-03-08 11:32 55808 c:\windows\System32\iernonce.dll
- 2009-04-28 11:49 . 2009-06-08 12:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-28 11:49 . 2009-06-19 16:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-28 11:49 . 2009-06-19 16:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-28 11:49 . 2009-06-08 12:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-28 11:49 . 2009-06-19 16:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-28 11:49 . 2009-06-08 12:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-27 17:02 . 2009-06-18 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-27 17:02 . 2009-05-27 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-27 17:02 . 2009-05-27 17:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 17:02 . 2009-06-18 04:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 17:02 . 2009-06-18 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-27 17:02 . 2009-05-27 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-13 04:16 . 2009-06-10 15:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-10 15:05 . 2009-06-10 15:05 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-05-13 16:03 . 2009-05-13 16:03 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 25214 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\MSWorks.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 25214 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\MSWorks.exe
+ 2007-06-20 21:04 . 2007-06-20 21:04 13152 c:\windows\Installer\$PatchCache$\Managed\5F1F8515B1AF94D45B64555A00B498DB\9.7.621\F990_worksup.dll
+ 2009-04-02 12:23 . 2009-04-02 12:23 10104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XLCALL32.DLL
+ 2009-04-03 16:01 . 2009-04-03 16:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 15:57 . 2009-04-03 15:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2009-04-29 01:57 . 2009-06-10 15:11 4466 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-04-28 11:48 . 2009-06-19 16:53 8092 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2553839190-2355463272-3628041151-1000_UserData.bin
+ 2009-06-10 02:50 . 2009-04-23 12:24 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.22120_none_b65513a45b6873a4\rpcrt4.dll
+ 2009-06-10 02:50 . 2009-04-23 12:15 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936\rpcrt4.dll
+ 2009-06-10 02:50 . 2009-04-23 12:39 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0\rpcrt4.dll
+ 2009-06-10 02:50 . 2009-04-23 12:43 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\rpcrt4.dll
+ 2009-06-10 02:50 . 2009-04-23 12:33 788992 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.21045_none_b2779aec61277a3f\rpcrt4.dll
+ 2009-06-10 02:50 . 2009-04-23 13:01 788992 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471\rpcrt4.dll
+ 2009-06-10 02:51 . 2009-04-23 12:22 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22120_none_3275d288a9023d20\localspl.dll
+ 2009-06-10 02:51 . 2009-04-23 12:14 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18024_none_31f036e58fe102b2\localspl.dll
+ 2009-06-10 02:51 . 2009-04-23 12:39 636928 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.22417_none_30a13292abcd7d6c\localspl.dll
+ 2009-06-10 02:51 . 2009-04-23 12:42 636928 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\localspl.dll
+ 2009-06-10 02:51 . 2009-04-23 12:29 697856 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.21045_none_2e9859d0aec143bb\localspl.dll
+ 2009-06-10 02:51 . 2009-04-23 12:56 696832 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.16850_none_2dff138595b00ded\localspl.dll
+ 2009-06-10 02:50 . 2009-05-12 22:35 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
+ 2009-06-10 02:50 . 2009-05-12 20:35 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
+ 2009-06-10 02:50 . 2009-05-09 03:36 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
+ 2009-06-10 02:50 . 2009-05-12 22:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
+ 2009-06-10 02:50 . 2009-05-09 05:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
+ 2009-06-10 02:50 . 2009-05-12 22:35 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
+ 2009-06-10 02:50 . 2009-05-12 22:35 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
+ 2009-06-10 02:50 . 2009-05-12 22:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
+ 2009-06-10 02:50 . 2009-05-12 22:49 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
+ 2009-06-10 02:50 . 2009-05-09 05:50 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
+ 2009-04-28 13:31 . 2009-06-20 00:58 228606 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-19 16:59 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-08 12:32 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-19 16:59 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-08 12:32 101250 c:\windows\System32\perfc009.dat
+ 2009-06-10 02:50 . 2009-05-09 05:34 164352 c:\windows\System32\ieui.dll
- 2009-05-08 20:24 . 2009-03-08 11:22 164352 c:\windows\System32\ieui.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 385536 c:\windows\System32\iedkcs32.dll
+ 2009-06-10 02:50 . 2009-05-09 03:36 173056 c:\windows\System32\ie4uinit.exe
- 2009-05-08 20:24 . 2009-03-08 11:32 173056 c:\windows\System32\ie4uinit.exe
- 2006-11-02 12:44 . 2009-05-08 21:42 300752 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:44 . 2009-06-10 15:13 300752 c:\windows\System32\FNTCACHE.DAT
- 2009-05-08 21:43 . 2009-06-04 01:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-08 21:43 . 2009-06-10 15:13 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-01-13 04:16 . 2009-06-10 15:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-13 04:16 . 2009-05-13 16:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 693600 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksWP.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 693600 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksWP.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 947552 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\wksss.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 947552 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\wksss.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 709984 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksCal.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 709984 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksCal.exe
+ 2009-04-03 16:11 . 2009-04-03 16:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-06-10 02:51 . 2009-04-21 11:42 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
+ 2009-06-10 02:51 . 2009-04-21 11:39 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
+ 2009-06-10 02:51 . 2009-04-21 13:26 2034176 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
+ 2009-06-10 02:51 . 2009-04-21 11:55 2033152 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
+ 2009-06-10 02:51 . 2009-04-21 11:55 2030080 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
+ 2009-06-10 02:51 . 2009-04-21 12:04 2028032 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
+ 2009-05-13 15:59 . 2009-04-14 07:03 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
+ 2009-05-13 15:59 . 2009-04-14 07:03 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
+ 2009-05-13 15:59 . 2009-04-14 07:03 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
+ 2009-05-13 15:59 . 2009-04-14 07:03 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
+ 2009-06-10 02:50 . 2009-05-12 22:35 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
+ 2009-06-10 02:50 . 2009-05-12 22:39 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
+ 2009-06-10 02:50 . 2009-05-09 05:38 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
+ 2009-06-10 02:50 . 2009-05-12 22:48 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
+ 2009-06-10 02:50 . 2009-05-09 05:49 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
+ 2009-06-10 02:50 . 2009-05-09 05:49 1207808 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2009-05-30 08:12 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-06-10 15:24 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-10 02:50 . 2009-05-09 05:38 5936128 c:\windows\System32\mshtml.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 1985024 c:\windows\System32\iertutil.dll
- 2009-05-08 20:24 . 2009-03-08 11:32 1985024 c:\windows\System32\iertutil.dll
- 2009-01-13 04:16 . 2009-05-13 16:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-13 04:16 . 2009-06-10 15:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 1099104 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksSb.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 1099104 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\WksSb.exe
- 2009-01-13 04:17 . 2009-01-13 04:17 1242464 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\wksdb.exe
+ 2009-01-13 04:17 . 2009-06-10 15:06 1242464 c:\windows\Installer\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}\wksdb.exe
+ 2009-04-03 15:57 . 2009-04-03 15:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-06-10 02:50 . 2009-05-12 22:35 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
+ 2009-06-10 02:50 . 2009-05-09 05:34 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
+ 2009-05-04 01:01 . 2009-06-10 15:01 45239028 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2006-11-02 10:24 . 2009-06-01 16:51 23635392 c:\windows\System32\mrt.exe
+ 2009-06-10 02:50 . 2009-05-09 05:34 11064832 c:\windows\System32\ieframe.dll
+ 2009-04-03 16:01 . 2009-04-03 16:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 16:11 . 2009-04-03 16:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-04-03 16:11 . 2009-04-03 16:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-13 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D1F240FC-99F2-487C-AEEA-C95A92455FE6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5C6D61AA-D7E5-484E-9EE1-84EA13C89BF7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2CCA5C9-99E0-4449-A512-D99FE616A6BE}"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{3D30A677-880D-4F09-9029-3F4FB1F62C4C}"= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{2042B3B0-A3E0-463E-A38A-CE86F9D55125}"= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5753353F-13A9-4359-983C-053BB782B448}"= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{26277397-AB4D-4DE8-AFCD-E0F310AC062E}"= c:\program files\CyberLink\PlayMovie\PlayMovie.exe:CyberLink PlayMovie
"{00302436-8ED0-41EB-80DE-6FE7544B74A4}"= c:\program files\CyberLink\PlayMovie\PMVService.exe:CyberLink PlayMovie Resident Program
"{50AF7CDC-7FDD-4647-8329-D0A82A883933}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{F9254C9C-BB6B-49C5-8691-08633E3879F9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F9A10FA2-55D3-4668-A4E6-54166EEE9465}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{84F31205-87E2-40C4-AF96-561891CFDD5C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6B4D6A17-32AC-4AAD-ABE8-ED0C8549B5F5}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [29-4-2009 0:33 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [29-4-2009 0:33 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [29-4-2009 0:32 482352]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6-2-2009 14:23 106208]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys [19-6-2009 21:10 292912]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [28-4-2009 14:00 41456]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-9-2007 1:45 124832]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6-2-2009 14:23 727720]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [6-2-2009 14:24 38240]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-1-2008 4:33 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [29-4-2009 0:32 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28-4-2009 17:27 101936]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [13-1-2009 13:47 418816]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [29-4-2009 0:33 39984]
S3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [13-1-2009 13:47 3658752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-06-20 c:\windows\Tasks\User_Feed_Synchronization-{064E3055-69E4-4A2B-A50B-048FFBE409DA}.job
- c:\windows\system32\msfeedssync.exe [2009-05-08 11:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.cooxer.com/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\qtgcilbr.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 04:55
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3956)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2009-06-20 5:00 - machine werd herstart
ComboFix-quarantined-files.txt 2009-06-20 02:59

Pre-Run: 171.444.199.424 bytes beschikbaar
Post-Run: 171.325.607.936 bytes beschikbaar

418 --- E O F --- 2009-06-10 15:06

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 20 June 2009 - 04:43 AM

Okay dan87,

The log shows that a Vundo file has been removed. :thumbup2:

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :)
Posted Image
m0le is a proud member of UNITE

#9 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 20 June 2009 - 08:14 AM

Hey m0le, malwarebytes did not find a threat... here is the log (sorry its in Dutch) :


Malwarebytes' Anti-Malware 1.37
Database versie: 2182
Windows 6.0.6001 Service Pack 1

20-6-2009 15:06:58
mbam-log-2009-06-20 (15-06-58).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 176847
Verstreken tijd: 1 hour(s), 27 minute(s), 24 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)








edit: nvm i got bitdefender to work.. scanning now :)


Thanks again :thumbup2:

Edited by dan87, 20 June 2009 - 08:18 AM.


#10 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 20 June 2009 - 09:33 AM

bitdefender also found nothing.. :thumbup2:


BitDefender Online Scanner

Scan report generated at: Sat, Jun 20, 2009 - 16:25:23


Scan path: C:\;D:\;


Statistics

Time


01:00:07

Files


257675

Folders


16014

Boot Sectors


0

Archives


4475

Packed Files


20923







Results

Identified Viruses


0

Infected Files


0

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


3439578

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

No virus found.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 20 June 2009 - 10:31 AM

Looks good. :thumbup2:

Perhaps we should have a look at what Nod32 found (if it's still being flagged). Please run a scan and paste the threat that it finds.

Then

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Thanks, nearly there... :)
Posted Image
m0le is a proud member of UNITE

#12 dan87

dan87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 20 June 2009 - 12:13 PM

Did a scan with nod32..0 threats again and i updated java


Scan Log
Version of virus signature database: 4173 (20090620)
Date: 20-6-2009 Time: 17:58:38
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\ACER\Preload\Autorun\APP\Nero 8 Essentials\Installation\Data\0A72FAFE.cab ╗ CAB ╗ CDI_VCD335C15F1.CFG ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\APP\Nero 8 Essentials\Installation\Data\E4060BF5.cab ╗ CAB ╗ rootFEAA0A71.img ╗ GZIP ╗ - archive damaged
C:\ACER\Preload\Autorun\APP\Power Cinema 6\Suite.msi ╗ MSI ╗ ISSetupFile.SetupFile10 ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\APP\Power Cinema 6\Suite.msi ╗ MSI ╗ ISSetupFile.SetupFile13 ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\APP\Power Cinema 6\PCinema\PowerCinema.msi ╗ MSI ╗ ISSetupFile.SetupFile24 ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\APP\Power Cinema 6\PCinema\PowerCinema.msi ╗ MSI ╗ ISSetupFile.SetupFile26 ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel Chipset\Lang\CHIP\ESP\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel Chipset\Lang\CHIP\ITA\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel Chipset\Lang\CHIP\PTB\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel Chipset\Lang\CHIP\PTG\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Graphics\LANG\HDMI\esp\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Graphics\LANG\HDMI\ita\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Graphics\LANG\HDMI\ptb\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Graphics\LANG\HDMI\ptg\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Lang\HDMI\esp\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Lang\HDMI\ita\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Lang\HDMI\ptb\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\ACER\Preload\Autorun\DRV\Intel VGA\Lang\HDMI\ptg\license.txt ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ╗ ZIP ╗ com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ╗ ZIP ╗ com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ╗ ZIP ╗ javax/xml/bind/Messages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip ╗ ZIP ╗ {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\reporter.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img ╗ GZIP ╗ - archive damaged
C:\Program Files\Nero\Nero8\Nero Burning Rom\CDI\CDI_VCD.CFG ╗ MIME - is OK (internal scanning not performed)
C:\Program Files\Winamp\UninstWA.exe ╗ NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\WinRAR\Default.SFX ╗ RAR ╗ - next archive volume not found
C:\Users\Danny\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\3E8C549A-00000001.eml ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\qtgcilbr.default\Cache\B2F11A90d01 ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/ffjcext.zip ╗ ZIP ╗ {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\qtgcilbr.default\Cache\B2F11A90d01 ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/jqs/ff/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\qtgcilbr.default\Cache\B2F11A90d01 ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\qtgcilbr.default\Cache\B2F11A90d01 ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\qtgcilbr.default\Cache\B2F11A90d01 ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ javax/xml/bind/Messages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\LocalLow\Sun\Java\jre1.6.0_14\Data1.cab ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/ffjcext.zip ╗ ZIP ╗ {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\LocalLow\Sun\Java\jre1.6.0_14\Data1.cab ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/jqs/ff/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\LocalLow\Sun\Java\jre1.6.0_14\Data1.cab ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\LocalLow\Sun\Java\jre1.6.0_14\Data1.cab ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\AppData\LocalLow\Sun\Java\jre1.6.0_14\Data1.cab ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ javax/xml/bind/Messages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\Desktop\jre-6u14-windows-i586.exe ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/ffjcext.zip ╗ ZIP ╗ {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\Desktop\jre-6u14-windows-i586.exe ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/deploy/jqs/ff/chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\Desktop\jre-6u14-windows-i586.exe ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\Desktop\jre-6u14-windows-i586.exe ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties ╗ MIME - is OK (internal scanning not performed)
C:\Users\Danny\Desktop\jre-6u14-windows-i586.exe ╗ CAB ╗ core.zip ╗ ZIP ╗ lib/resources.jar ╗ ZIP ╗ javax/xml/bind/Messages.properties ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Installer\d6d07.msi ╗ MSI ╗ ISSetupFile.SetupFile13 ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Installer\d6d07.msi ╗ MSI ╗ ISSetupFile.SetupFile10 ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Installer\d6d0b.msi ╗ MSI ╗ ISSetupFile.SetupFile24 ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Installer\d6d0b.msi ╗ MSI ╗ ISSetupFile.SetupFile26 ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\CBS\CBS.persist.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab ╗ CAB ╗ Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest ╗ MIME - is OK (internal scanning not performed)
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\Adobe\uninstaller.exe ╗ NSIS - archive damaged
C:\Windows\System32\LogFiles\Firewall\pfirewall.log - error opening [4]
C:\Windows\System32\LogFiles\Firewall\pfirewall.log.old - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\sysprep\Panther\diagerr.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\diagwrn.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\setupact.log - error opening [4]
C:\Windows\System32\sysprep\Panther\setuperr.log - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0332A97878022BD4B34ECC098E57783A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\0FF162C67AD719BB7258CA5874D0E6EC.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\1328355F476A6C04BC174C8FEFED6030.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\191095FB4864B1AE365957B3B2D28C4F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\1A4E55E3BE96FF394FB5020C4D537AB1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\1F260613E85F3D0BACEC07DCEF35396B.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\22A0F05220E6420CA3AA86E34805F752.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\241F1954DCD7B0310958D9540754CEC3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\394EF2A769C648E61B41BFAD23BACF0E.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3CF854648793305D1D2A7AC41F80E9D6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3DFD050CBBC8EA38EA5F1066285F0F4E.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3FC136B9AA8D71056333AF0137119E93.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4461018BFFC22A809EBE8FA05567B686.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\45D86E53E6ADF70035B0034F9D8C42FE.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\47DDFF7276CF8C08F181DD23AF67B868.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4B2660072B052959CB2A0C8B6A1E9B6A.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\4FFAA3E7CB3131376614E98F756EE7AD.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\542DC56D520FDDEDA279A0D2F398203D.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\58F6DC94AE063187572E906AE0B9DC24.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5AC20C3A2F1918D6C62A297C128593DB.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\5F8AAE81E6AA25DDECD426311EDC3CEA.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\6389D91E49CCAF02640B61214A97211F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\66231762529A003735024004DCDE643C.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\6DD1779321E1C86B32D09A35DA5E4ED2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\734834D588DA61453DEA4E0AF499ADCE.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7424188A11F3D829BB76C98170DB45E5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7A7E1B1832596F5C49CD70E9755EED39.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7C45C8B7490D3AD44A961494C7FBFAFD.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\7DFE880F785D5AB82870BFC0C3F814A2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\8608CDBF407B09DF27C3406379384843.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\86824C24FDE0A58E4EB1A7918FBEF0C5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\89B278BD994A4232365F0E916C19916C.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9B2AE30BDA2ED3E7E1378B8770C99C54.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\9FB731EA48C7701EB7978CEB7E0314AD.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\A02DB69DBBC4F298AD0CE59F677EBF22.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\B7890DE53F3A6B3C277523E82A081C04.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\B88E8B639804BA063AC1D11AC4C196C1.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\BF2ADAFC80AB82D412CD9F0B99A0AD2C.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\C3613D92FBA5F820823577D6FC2CE8A9.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\C5B3C3C921790F19FCDE9367A797A2EF.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\CF881EBD6F50B8BAA9BD57DC3DAC5CB2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\CFD53C8456D58010BA580B1D5CFF68D3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D4CB64722F050ABEB5F8B6B143A19A6C.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\D6149C45B68480CA184F2D9C7CB312A5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DED51090917AEE019629CE420A50F3C2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E8F5B3444C9802230995FE48A32229DF.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\EC4E4D2526C1F24E4D610677CF1EA0E7.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\EEDD6F5F4BEDFEA1C780FFC78DCDE051.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F001D607C389EDBCFB1D1F3C9AE0FFC5.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\F1E5535EC8A153BF2EB4F202C2704228.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\FA01281653BC6D33CB10F9E5C36E4047.mof - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\DFS Replication.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\dnary.xsd - error opening [4]
Number of scanned objects: 279953
Number of threats found: 0
Time of completion: 19:11:28 Total scanning time: 4370 sec (01:12:50)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 20 June 2009 - 01:10 PM

That's clean and so is your PC, dan87 :)

Good stuff! :thumbup2:

Let's firstly do some housekeeping

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
---------------------------------------------------------------------------------------------------------------------

As promised here's some recommendations and links to options. I personally run Avast AV and Spybot but I also use MBAM. Always useful to keep DDS in case you need to run a scan for Bleeping Computer.

Use an AntiVirus Software

I know you have one but here's some info on why you should.

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it dan87, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 25 June 2009 - 12:06 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users