Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not install Kapersky or Nod32 after cleaned infection on XP


  • This topic is locked This topic is locked
17 replies to this topic

#1 EdwinH

EdwinH

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 12 December 2009 - 06:06 AM

Hello,

Recently I seemed to have some malware infection installing all kinds of other malware-trojans.
Using mcafee, and malwarebytes and manualy removing some files and registry keys I still have problems remaining. I was using NOD32 before, but since this started removing all kinds of files (wich I thought were false positives) I removed it. Now I van not install this, it ends prematurely, looks like almost finished when it starts it's rollback. Kaspersky has the same probelms. Also AVG refuses to install.

Maybe someone can find what's wrong by looking at my combofix log.

ComboFix 09-12-11.04 - Edwin&Liza 12-12-2009 11:33:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.650 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Edwin
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
Error: Cfiles.dat
Error: Cfolders.dat

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-12 to 2009-12-12 ))))))))))))))))))))))))))))))
.

2009-12-12 08:57 . 2009-12-12 08:57 -------- d-----w- c:\windows\junk
2009-12-12 08:51 . 2009-12-12 08:52 -------- d-----w- c:\windows\system32\junk
2009-12-11 21:32 . 2009-12-11 20:06 36308992 ----a-w- C:\eav_nt32_enu.msi
2009-12-11 21:01 . 2009-12-11 21:01 -------- d-----w- c:\program files\ESET
2009-12-11 20:24 . 2009-12-11 20:24 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-11 20:23 . 2009-12-11 20:23 -------- d-----w- c:\program files\MSECACHE
2009-12-11 19:42 . 2009-12-11 19:42 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Foxit
2009-12-11 19:41 . 2009-12-11 19:41 -------- d-----w- c:\program files\Foxit Software
2009-12-09 21:18 . 2009-12-09 21:18 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Uniblue
2009-12-08 18:57 . 2009-12-08 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-12-08 18:47 . 2009-12-08 18:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-07 20:28 . 2009-12-07 20:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-07 20:16 . 2009-11-04 15:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-07 20:16 . 2009-11-04 15:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-07 20:16 . 2009-11-04 15:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-07 20:16 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-07 20:15 . 2009-12-07 20:16 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-07 20:15 . 2009-12-07 20:15 -------- d-----w- c:\program files\McAfee.com
2009-12-07 20:14 . 2009-12-12 09:01 -------- d-----w- c:\program files\McAfee
2009-12-07 20:08 . 2009-11-04 15:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-07 20:02 . 2009-12-11 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-07 19:35 . 2009-12-07 19:35 -------- d-----w- C:\AVGTemp
2009-12-06 22:44 . 2009-12-06 22:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-06 21:11 . 2009-12-06 21:27 -------- d-----w- c:\program files\RegCure
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\RegCure
2009-12-06 19:34 . 2009-12-06 19:34 -------- d-sh--w- c:\documents and settings\Edwin&Liza\IECompatCache
2009-12-06 19:32 . 2009-12-06 19:32 -------- d-sh--w- c:\documents and settings\Edwin&Liza\PrivacIE
2009-12-06 18:18 . 2009-12-06 18:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 16:25 . 2009-12-06 16:25 -------- d-----w- c:\windows\l2schemas
2009-12-06 16:25 . 2009-12-06 16:25 -------- d-----w- c:\windows\system32\nl
2009-12-06 13:51 . 2009-12-06 13:51 -------- d-sh--w- c:\documents and settings\Edwin&Liza\IETldCache
2009-12-06 13:42 . 2009-09-25 05:50 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-12-06 13:42 . 2009-09-25 05:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-06 13:39 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-06 13:38 . 2009-12-06 13:39 -------- d-----w- c:\windows\ie8updates
2009-12-06 13:36 . 2009-10-29 07:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-06 13:36 . 2009-10-29 07:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-06 13:36 . 2009-10-29 07:44 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-06 13:36 . 2009-10-29 07:44 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-06 13:36 . 2009-10-29 07:44 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-06 13:36 . 2009-10-29 07:44 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-06 13:30 . 2009-12-06 16:25 -------- d-----w- c:\windows\system32\nl-NL
2009-12-06 13:30 . 2009-12-06 13:36 -------- dc-h--w- c:\windows\ie8
2009-12-06 11:51 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll
2009-12-06 11:51 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-06 11:49 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll
2009-12-06 11:48 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll
2009-12-06 11:48 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-06 11:19 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-06 11:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-06 11:18 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-06 11:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-06 11:16 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-06 11:16 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-06 11:16 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-06 11:16 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-06 11:16 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-06 11:16 . 2009-06-25 08:27 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-06 11:16 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-06 11:16 . 2009-02-09 10:56 735744 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-06 11:14 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-06 11:12 . 2009-08-04 21:59 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-06 11:12 . 2009-08-04 17:29 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-06 11:12 . 2009-08-04 17:29 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-06 11:12 . 2009-08-04 17:29 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-06 11:11 . 2009-08-14 15:16 1850752 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-06 08:00 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-05 21:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-05 21:18 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-05 16:51 . 2001-09-07 11:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2009-12-05 16:50 . 2001-09-07 11:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-12-05 16:49 . 2001-09-07 11:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-05 16:36 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-05 16:10 . 2001-09-07 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-05 16:10 . 2001-09-07 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-05 16:10 . 2001-09-07 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-05 16:10 . 2001-09-07 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-05 15:29 . 2009-12-05 15:29 25294 ----a-w- C:\delreg9.reg
2009-12-05 15:20 . 2009-12-12 10:25 -------- d--h--r- c:\documents and settings\Edwin&Liza\Onlangs geopend
2009-12-04 21:47 . 2009-12-04 21:47 4096 ----a-w- c:\windows\system32\drivers\unpr.sys
2009-12-04 17:54 . 2001-09-07 11:00 40960 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2009-12-04 17:54 . 2001-09-07 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 17:54 . 2008-04-14 17:03 73728 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2009-12-04 17:54 . 2008-04-14 17:03 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-12-04 17:54 . 2009-03-08 13:09 638816 -c--a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-04 17:51 . 2001-09-07 11:00 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42575 -c--a-w- c:\windows\system32\dllcache\chkrzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42573 -c--a-w- c:\windows\system32\dllcache\shvlzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2009-12-03 15:50 . 2009-12-03 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-02 21:30 . 2009-12-02 21:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-01 19:51 . 2001-09-07 11:00 12288 -c--a-w- c:\windows\system32\dllcache\wb32.exe
2009-12-01 19:51 . 2001-09-07 11:00 12288 -c--a-w- c:\windows\system32\dllcache\cb32.exe
2009-12-01 19:51 . 2008-04-14 17:03 4639 -c--a-w- c:\windows\system32\dllcache\mplayer2.exe
2009-12-01 19:51 . 2008-04-14 17:03 12288 ----a-w- c:\windows\system32\mstinit.exe
2009-11-29 17:54 . 2006-11-01 13:07 334720 ----a-w- C:\RootkitRevealer.exe
2009-11-29 15:43 . 2009-08-06 18:24 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-11-29 15:43 . 2009-08-06 18:24 53472 ------w- c:\windows\system32\wuauclt.exe
2009-11-29 10:18 . 2009-12-04 02:20 -------- d-----w- c:\windows\system32\ActiveScan
2009-11-29 10:18 . 2009-11-29 10:18 -------- d-----w- C:\najmaddin
2009-11-29 10:18 . 2009-11-29 19:16 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\drivers
2009-11-20 20:08 . 2009-11-20 20:09 -------- d-----w- c:\documents and settings\Edwin&Liza\Local Settings\Application Data\Temp
2009-11-17 20:07 . 2009-11-17 20:07 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Malwarebytes
2009-11-17 20:07 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 20:07 . 2009-11-17 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-17 20:07 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 20:07 . 2009-11-29 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-17 19:37 . 2009-12-11 21:07 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\skypePM
2009-11-17 19:35 . 2009-12-11 21:10 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Skype
2009-11-17 19:35 . 2009-11-17 19:35 -------- d-----w- c:\program files\Common Files\Skype
2009-11-17 19:35 . 2009-11-17 19:35 -------- d-----r- c:\program files\Skype
2009-11-17 17:37 . 2009-11-17 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-15 09:47 . 2009-11-15 09:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2009-11-13 08:12 . 2009-12-11 20:16 -------- d-----w- c:\program files\Snooper
2009-11-13 07:59 . 2009-11-03 07:49 -------- d-----w- C:\voxrec

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 20:41 . 2009-04-12 09:06 -------- d-----w- c:\program files\eQSO_PC_Client
2009-12-10 19:51 . 2008-01-01 20:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-10 17:59 . 2001-09-07 12:00 68630 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 17:59 . 2001-09-07 12:00 394466 ----a-w- c:\windows\system32\perfh013.dat
2009-12-08 21:35 . 2008-07-20 10:46 -------- d-----w- c:\program files\Notepad++
2009-12-08 21:35 . 2008-07-20 10:46 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Notepad++
2009-12-06 16:54 . 2004-09-08 18:06 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-12-06 09:16 . 2009-10-10 10:44 165743 ----a-w- C:\P110_5T.NEW.zip
2009-12-06 09:16 . 2009-10-10 10:44 167245 ----a-w- C:\P110_5t(286PC).zip
2009-12-06 09:16 . 2009-10-10 10:44 643189 ----a-w- C:\MRSS.zip
2009-12-06 09:15 . 2009-10-10 10:44 67204 ----a-w- C:\memtest86+-1.65.floppy.zip
2009-12-06 09:14 . 2009-10-10 10:44 294123 ----a-w- C:\kpg-28d.zip
2009-12-05 15:20 . 2004-09-10 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-04 21:43 . 2007-08-12 18:02 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-11-30 20:49 . 2007-04-24 16:55 -------- d-----w- c:\program files\XPRepairPro2006
2009-11-30 20:45 . 2008-08-11 11:41 -------- d-----w- c:\program files\PonyProg2000
2009-11-30 20:45 . 2009-07-04 11:05 -------- d-----w- c:\program files\NewsLeecher
2009-11-30 19:45 . 2006-08-08 17:48 -------- d-----w- c:\program files\Ares
2009-11-30 00:42 . 2006-08-06 13:16 -------- d-----w- c:\program files\zvprt40
2009-11-30 00:40 . 2006-09-19 18:36 -------- d-----w- c:\program files\WS_FTP
2009-11-30 00:39 . 2007-02-09 07:05 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-30 00:39 . 2006-09-10 10:09 -------- d-----w- c:\program files\Winamp
2009-11-30 00:38 . 2007-07-06 11:44 -------- d-----w- c:\program files\tallymaster
2009-11-30 00:37 . 2007-06-17 11:30 -------- d-----w- c:\program files\Stellar Phoenix Recovery Suite
2009-11-30 00:37 . 2004-09-10 07:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 00:35 . 2007-08-06 18:17 -------- d-----w- c:\program files\QuickTime
2009-11-30 00:20 . 2006-11-24 06:38 -------- d-----w- c:\program files\Meter
2009-11-30 00:09 . 2004-09-19 17:50 -------- d-----w- c:\program files\iview
2009-11-29 23:59 . 2009-11-04 17:07 -------- d-----w- c:\program files\FastLynx
2009-11-29 23:58 . 2007-01-17 17:10 -------- d-----w- c:\program files\emule
2009-11-29 23:22 . 2006-08-08 18:13 -------- d-----w- c:\program files\BitLord
2009-11-29 23:21 . 2008-05-17 06:52 -------- d-----w- c:\program files\AVIcodec
2009-11-29 18:49 . 2008-08-10 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-11-29 18:39 . 2004-10-12 19:06 -------- d-----w- c:\program files\FlasKMPEG
2009-11-29 18:38 . 2007-05-17 19:07 -------- d-----w- c:\program files\MixW
2009-11-29 18:22 . 2007-05-24 15:07 -------- d-----w- c:\program files\GALEP32
2009-11-29 18:20 . 2009-07-31 18:43 -------- d-----w- c:\program files\VNA
2009-11-29 18:09 . 2009-01-31 16:42 -------- d-----w- c:\program files\VX-7 Commander
2009-11-29 13:29 . 2008-07-03 18:48 -------- d-----w- c:\program files\MProg 3.0a
2009-11-17 19:48 . 2008-05-29 13:35 -------- d-----w- c:\program files\RALINK
2009-11-17 19:48 . 2006-08-12 10:55 -------- d-----w- c:\program files\Google
2009-11-17 19:43 . 2006-08-06 13:16 -------- d-----w- c:\program files\YPOPs
2009-11-17 19:39 . 2004-10-04 17:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-17 19:39 . 2009-09-05 18:09 -------- d-----w- c:\program files\Micam-1.2.4
2009-11-17 19:31 . 2007-04-06 07:27 -------- d-----w- c:\program files\NETGEAR
2009-11-17 19:22 . 2004-09-11 18:58 -------- d-----w- c:\program files\WinMX
2009-11-17 19:17 . 2007-08-16 19:28 -------- d-----w- c:\program files\Ontrack
2009-11-17 19:15 . 2006-12-31 21:45 -------- d-----w- c:\program files\CyberLink
2009-11-17 19:14 . 2004-11-13 12:49 -------- d-----w- c:\program files\CoverPro
2009-11-04 15:54 . 2009-11-04 15:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:44 . 2004-08-03 23:03 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 20:19 . 2009-10-27 20:17 -------- d-----w- c:\program files\Dialogys
2009-10-27 20:17 . 2009-10-27 20:17 828 ----a-w- c:\documents and settings\Edwin&Liza\desinstart.bat
2009-10-27 20:17 . 2009-10-27 20:17 63 ----a-w- c:\program files\dialogysclip.bat
2009-10-27 20:17 . 2009-10-27 20:17 575 ----a-w- c:\documents and settings\Edwin&Liza\desinst.bat
2009-10-27 20:17 . 2009-10-27 20:17 156 ----a-w- c:\documents and settings\Edwin&Liza\save_uninst.bat
2009-10-27 20:17 . 2009-10-27 20:17 -------- d-----w- c:\program files\_jvm
2009-10-25 07:03 . 2007-07-22 08:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-22 12:33 . 2009-10-22 12:33 -------- d-----w- c:\program files\Timesave Software
2009-10-21 05:40 . 2004-08-03 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-03 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:38 . 2004-08-03 23:03 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-03 23:03 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-03 23:03 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 20:22 . 2009-10-11 20:22 24582 ----a-w- C:\delreg2.reg
2009-10-11 20:00 . 2009-10-11 20:00 26472 ----a-w- C:\delregvirusentries.reg
2009-10-10 10:44 . 2009-10-10 10:44 730973 ---ha-w- C:\Wookie Mobius Lab(new patched version).zip.tmp
2009-09-29 15:51 . 2009-09-29 15:51 17200624 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\rp\.exe
2009-09-29 15:51 . 2009-09-29 15:50 8406648 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-29 15:50 . 2009-09-29 15:50 10309448 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-29 15:49 . 2009-09-29 15:49 64000 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-29 15:49 . 2009-09-29 15:49 52288 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-29 15:49 . 2009-09-29 15:49 50688 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-29 15:49 . 2009-09-29 15:49 114688 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-18 18:27 . 2007-08-06 18:26 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2008-05-18 07:52 . 2008-05-18 07:52 1202807 ----a-w- c:\program files\TARLibs001.txt
2006-09-22 15:53 . 2006-09-22 15:53 4096 ----a-w- c:\program files\ECLiPSE.lic
2006-07-07 00:46 . 2007-01-20 07:32 14675401 ----a-w- c:\program files\wmp11.exe
2006-03-20 14:37 . 2007-07-31 15:24 5689344 ----a-w- c:\program files\MPLAYERC.EXE
2005-01-06 08:35 . 2006-08-06 13:15 179008 ----a-w- c:\program files\gcASSoapLib.dll
2005-01-06 08:11 . 2006-08-06 13:16 56136 ----a-w- c:\program files\gcSoftwareUpdateLib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Edwin&Liza^Menu Start^Programma's^Opstarten^9956126.lnk]
backup=c:\windows\pss\9956126.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-20 20:08 135664 ----atw- c:\documents and settings\Edwin&Liza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:emuleudp
"4662:TCP"= 4662:TCP:emuletcp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [13-6-2008 21:19 3026]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [16-4-2007 20:50 4256]
R2 CommSB96;CommSB96;c:\windows\system32\drivers\COMMSB96.sys [6-7-2008 20:24 36664]
R2 CommSBEP;CommSBEP;c:\windows\system32\drivers\COMMSBEP.sys [6-7-2008 20:02 24476]
R2 glpntdrv;glpntdrv;c:\windows\system32\drivers\GLPNTDRV.SYS [24-5-2007 16:09 13728]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [6-7-2007 18:34 5152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7-12-2009 21:22 203280]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-7-2007 9:14 691696]
S2 LogWatch;Event Log Watch; [x]
S3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver; [x]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [11-8-2008 12:41 3584]
S3 FastLynx;FastLynx;c:\program files\FastLynx\FastLynx.sys [2-2-2002 0:38 2987]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [4-1-2008 22:32 44928]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\smartwi.sys [17-9-2006 13:18 46464]
S3 WlanUIG;IEEE 802.11g USB Driver; [x]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41440NL
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {D59460D1-E17F-40E9-8C21-21CEAFA27A19} = 194.134.5.5,194.134.5.55
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 11:40
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3740)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2009-12-12 11:45:10
ComboFix-quarantined-files.txt 2009-12-12 10:45
ComboFix2.txt 2009-12-12 10:02

Pre-Run: 25.527.054.336 bytes beschikbaar
Post-Run: 25.502.810.112 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 6B8A1E0BAE05AD710E1579BC1C12C41C





Hope you can find the problem I'm faceing.
Edwin

BC AdBot (Login to Remove)

 


#2 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 December 2009 - 11:42 AM

Hello All,

I just installed Virobot by Hauri. So no more NOD32 or Kaspersky for me.

It was quite amazing what virobot clamed to find. I ran Super antispyware, malwarebytes, macfee, Dr Web and some other scanners. Before SAS and Dr Web installation of NOD32 still did not work.
After scanning with SAS and Dr Web, I simply installed a trial version of Virobot.
Virobot still found several infections.

I hope my system is clean.
What would be the best way to know the system realy is clean?

With kind regards,

Edwin

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 24 December 2009 - 08:00 AM

Hello and welcome to Bleeping Computer

Hi EdwinH....we can look over your log to ensure you're clean. If you'd like to do that, please follow the instructions below.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 24 December 2009 - 08:29 AM

Hi Etavares,

Thanks for the reply.
I would realy like to make shure the system is running properly, and protection is like it should be.

Here is the log made by dds.

Edwin



DDS (Ver_09-12-01.01) - NTFSx86
Run by Edwin&Liza at 14:19:18,41 on do 24-12-2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.533 [GMT 1:00]

AV: HAURI AntiVirus ViRobot *On-access scanning enabled* (Updated) {0E1A4B6B-60E9-4B3A-8031-1950BD69B260}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe
C:\Program Files\Hauri\Common\hsvcmod.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hauri\Common\Base\vrscan.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
C:\Program Files\Hauri\Common\Base\vrmonsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hauri\Common\Base\VrmonNT.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
C:\Program Files\Hauri\Common\Base\vrrepair.exe
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edwin&Liza\Mijn documenten\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uWindows: run=0000
uWindows: load=0000
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
{a057a204-bacc-4d26-9990-79a187e2698e}
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: IEHelpObj Class: {ec45e3fe-c16d-4f24-9238-d1b49ad74815} - c:\program files\hauri\virobot desktop 5.5\service\hWebMan.dll
{a057a204-bacc-4d26-9990-79a187e2698e}
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Vrmon] c:\program files\hauri\common\base\VrmonNT.exe
mRun: [HEProtect] c:\program files\hauri\virobot desktop 5.5\antispam\HSockPE.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} - hxxp://www.euras.com/euras/EIS/plugin/euras.cab
TCP: {D59460D1-E17F-40E9-8C21-21CEAFA27A19} = 194.134.5.5,194.134.5.55
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-6-13 3026]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2007-4-16 4256]
R2 CommSB96;CommSB96;c:\windows\system32\drivers\COMMSB96.sys [2008-7-6 36664]
R2 CommSBEP;CommSBEP;c:\windows\system32\drivers\COMMSBEP.sys [2008-7-6 24476]
R2 glpntdrv;glpntdrv;c:\windows\system32\drivers\GLPNTDRV.SYS [2007-5-24 13728]
R2 hpcsvc;ViRobot Communication Service;c:\program files\hauri\virobot desktop 5.5\hpcsvc.exe [2009-12-13 513616]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2007-7-6 5152]
R2 ViRobot Common Scan Service;ViRobot Common Scan Service;c:\program files\hauri\common\base\vrscan.exe [2009-12-13 172032]
R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;c:\windows\system32\drivers\VRFWNTD5.SYS [2009-12-13 85632]
R3 vrrepair;ViRobot Repairing Service;c:\program files\hauri\common\base\vrrepair.exe [2009-12-13 281264]
R3 VRsecos;VRsecos;c:\windows\system32\drivers\VRsecos.sys [2009-12-13 21016]
S2 LogWatch;Event Log Watch; [x]
S3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver; [x]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2008-8-11 3584]
S3 FastLynx;FastLynx;c:\program files\fastlynx\FastLynx.sys [2002-2-2 2987]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-1-4 44928]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\smartwi.sys [2006-9-17 46464]
S3 WlanUIG;IEEE 802.11g USB Driver; [x]

=============== Created Last 30 ================

2009-12-20 16:04:26 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-12-15 19:49:31 0 ----a-w- c:\windows\SYSTEM.INI
2009-12-15 18:48:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-14 07:11:00 69 ----a-w- c:\windows\NeroDigital.ini
2009-12-14 07:06:10 40 ----a-w- c:\windows\HEPMain.INI
2009-12-13 22:33:55 0 d-----w- c:\docume~1\edwin&~1\applic~1\HAURI
2009-12-13 22:02:50 33080 ------w- c:\windows\system32\drivers\vracfil.sys
2009-12-13 22:02:48 85632 ----a-w- c:\windows\system32\drivers\VRFWNTD5.SYS
2009-12-13 22:02:48 21016 ------w- c:\windows\system32\drivers\VRsecos.sys
2009-12-13 22:02:45 87744 ----a-w- c:\windows\system32\drivers\vradfil.sys
2009-12-13 22:02:40 403051 ------w- c:\windows\system32\drivers\virobot.vib
2009-12-13 22:01:19 142 ----a-w- c:\windows\win.ini
2009-12-13 22:01:11 0 d-----w- c:\program files\Hauri
2009-12-13 21:41:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 17:56:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-13 17:56:26 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-13 17:56:26 0 d-----w- c:\docume~1\edwin&~1\applic~1\SUPERAntiSpyware.com
2009-12-13 17:39:05 0 d-sh--w- C:\found.000
2009-12-12 09:34:50 0 d-sha-r- C:\cmdcons
2009-12-12 09:23:36 98816 ----a-w- c:\windows\sed.exe
2009-12-12 09:23:36 77312 ----a-w- c:\windows\MBR.exe
2009-12-12 09:23:36 261632 ----a-w- c:\windows\PEV.exe
2009-12-12 09:23:36 161792 ----a-w- c:\windows\SWREG.exe
2009-12-12 08:57:43 0 d-----w- c:\windows\junk
2009-12-12 08:51:59 0 d-----w- c:\windows\system32\junk
2009-12-11 21:32:54 36308992 ----a-w- C:\eav_nt32_enu.msi
2009-12-11 21:01:52 0 d-----w- c:\program files\ESET
2009-12-11 20:24:05 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-11 20:23:47 0 d-----w- c:\program files\MSECACHE
2009-12-11 19:42:00 0 d-----w- c:\docume~1\edwin&~1\applic~1\Foxit
2009-12-11 19:41:59 0 d-----w- c:\program files\Foxit Software
2009-12-10 19:24:31 11780096 ----a-w- c:\documents and settings\edwin&liza\s-1-5-21-1960408961-920026266-839522115-1003.rrr
2009-12-09 21:18:12 0 d-----w- c:\docume~1\edwin&~1\applic~1\Uniblue
2009-12-07 19:35:28 0 d-----w- C:\AVGTemp
2009-12-06 21:11:09 0 d-----w- c:\windows\RegCure
2009-12-06 19:34:04 0 d-sh--w- c:\documents and settings\edwin&liza\IECompatCache
2009-12-06 19:32:47 0 d-sh--w- c:\documents and settings\edwin&liza\PrivacIE
2009-12-06 16:25:32 0 d-----w- c:\windows\l2schemas
2009-12-06 16:25:28 0 d-----w- c:\windows\system32\nl
2009-12-06 15:54:40 0 d-----w- c:\windows\network diagnostic
2009-12-06 13:51:36 0 d-sh--w- c:\documents and settings\edwin&liza\IETldCache
2009-12-06 13:42:12 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-12-06 13:42:12 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-06 13:39:24 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-06 13:38:31 0 d-----w- c:\windows\ie8updates
2009-12-06 13:36:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-06 13:36:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-06 13:36:49 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-06 13:36:48 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-06 13:36:48 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-06 13:36:47 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-06 13:30:49 0 dc-h--w- c:\windows\ie8
2009-12-06 13:30:49 0 d-----w- c:\windows\system32\nl-NL
2009-12-06 11:50:58 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-12-06 11:49:51 294912 -c----w- c:\windows\system32\dllcache\msaud32.acm
2009-12-06 11:48:56 233472 ------w- c:\windows\system32\azroles.dll
2009-12-06 11:48:52 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-06 11:19:48 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-06 11:19:40 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-06 11:18:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-06 11:16:40 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-06 11:16:31 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-06 11:16:31 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-06 11:16:30 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-06 11:16:28 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-06 11:16:26 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-06 11:16:24 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-06 11:16:23 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-06 11:16:22 735744 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-06 11:14:39 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-06 11:12:58 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-06 11:12:57 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-06 11:12:56 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-06 11:12:56 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-06 11:11:42 1850752 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-06 08:00:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-05 21:18:40 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-05 21:18:11 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-05 16:53:04 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2009-12-05 16:51:59 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2009-12-05 16:50:58 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-12-05 16:49:59 66594 -c--a-w- c:\windows\system32\dllcache\c_864.nls
2009-12-05 16:36:40 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-05 16:10:01 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-05 16:10:01 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-05 16:10:01 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-05 16:10:01 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-05 16:09:50 8599 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2009-12-05 16:09:50 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-12-05 16:09:49 808234 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2009-12-05 16:09:49 399670 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-12-05 16:09:49 37509 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2009-12-05 16:09:49 13497 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2009-12-05 16:09:48 1014139 -c--a-w- c:\windows\system32\dllcache\SP2.CAT
2009-12-05 15:29:08 25294 ----a-w- C:\delreg9.reg
2009-12-05 15:20:28 0 d--h--r- c:\documents and settings\edwin&liza\Onlangs geopend
2009-12-04 21:47:44 4096 ----a-w- c:\windows\system32\drivers\unpr.sys
2009-12-04 17:54:14 40960 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2009-12-04 17:54:13 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 17:54:12 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-12-04 17:54:12 73728 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2009-12-04 17:54:05 638816 -c--a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-04 17:51:57 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-12-04 17:51:57 42575 -c--a-w- c:\windows\system32\dllcache\chkrzm.exe
2009-12-04 17:51:56 42573 -c--a-w- c:\windows\system32\dllcache\shvlzm.exe
2009-12-04 17:51:56 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2009-12-01 19:51:42 12288 -c--a-w- c:\windows\system32\dllcache\wb32.exe
2009-12-01 19:51:42 12288 -c--a-w- c:\windows\system32\dllcache\cb32.exe
2009-12-01 19:51:40 4639 -c--a-w- c:\windows\system32\dllcache\mplayer2.exe
2009-12-01 19:51:36 12288 ----a-w- c:\windows\system32\mstinit.exe
2009-11-29 17:54:45 334720 ----a-w- C:\RootkitRevealer.exe
2009-11-29 17:54:45 102160 ----a-w- C:\RootkitRevealer.chm
2009-11-29 15:43:00 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-11-29 10:18:12 0 d-----w- c:\windows\system32\ActiveScan
2009-11-29 10:18:11 0 d-----w- C:\najmaddin

==================== Find3M ====================

2009-12-20 15:55:06 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-10 17:59:28 68630 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 17:59:28 394466 ----a-w- c:\windows\system32\perfh013.dat
2009-12-06 09:16:52 165743 ----a-w- C:\P110_5T.NEW.zip
2009-12-06 09:16:37 167245 ----a-w- C:\P110_5t(286PC).zip
2009-12-06 09:16:15 643189 ----a-w- C:\MRSS.zip
2009-12-06 09:15:06 67204 ----a-w- C:\memtest86+-1.65.floppy.zip
2009-12-06 09:14:34 294123 ----a-w- C:\kpg-28d.zip
2009-12-04 21:43:07 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-29 07:44:29 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 20:17:12 828 ----a-w- c:\documents and settings\edwin&liza\desinstart.bat
2009-10-27 20:17:12 63 ----a-w- c:\program files\dialogysclip.bat
2009-10-27 20:17:12 575 ----a-w- c:\documents and settings\edwin&liza\desinst.bat
2009-10-27 20:17:12 156 ----a-w- c:\documents and settings\edwin&liza\save_uninst.bat
2009-10-21 05:40:47 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:47 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:38:29 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40:22 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40:22 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 20:22:08 24582 ----a-w- C:\delreg2.reg
2009-10-11 20:00:44 26472 ----a-w- C:\delregvirusentries.reg
2008-05-18 07:52:03 1202807 ----a-w- c:\program files\TARLibs001.txt
2006-09-22 15:53:01 4096 ----a-w- c:\program files\ECLiPSE.lic
2006-07-07 00:46:08 14675401 ----a-w- c:\program files\wmp11.exe
2006-03-20 14:37:00 5689344 ----a-w- c:\program files\MPLAYERC.EXE
2005-01-06 08:35:16 179008 ----a-w- c:\program files\gcASSoapLib.dll
2005-01-06 08:11:16 56136 ----a-w- c:\program files\gcSoftwareUpdateLib.dll

============= FINISH: 14:21:18,98 ===============

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 24 December 2009 - 11:10 AM

Please run a rootkit scan for me and we'll continue from there.

Download and Run GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 24 December 2009 - 05:05 PM

The next log.

Have a great X-mas.

Edwin




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-24 23:03:34
Windows 5.1.2600 Service Pack 3
Running: v7rvnpne.exe; Driver: C:\DOCUME~1\EDWIN&~1\LOCALS~1\Temp\pwlirkod.sys


---- System - GMER 1.0.15 ----

SSDT spns.sys ZwCreateKey [0xF76920E0]
SSDT spns.sys ZwEnumerateKey [0xF76AFCA2]
SSDT spns.sys ZwEnumerateValueKey [0xF76B0030]
SSDT spns.sys ZwOpenKey [0xF76920C0]
SSDT spns.sys ZwQueryKey [0xF76B0108]
SSDT spns.sys ZwQueryValueKey [0xF76AFF88]
SSDT spns.sys ZwSetValueKey [0xF76B019A]

INT 0x35 ? 870ADBF8
INT 0x35 ? 870ADBF8
INT 0x3B ? 870ADBF8
INT 0x3E ? 8736BBF8
INT 0x3F ? 8736BBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873D71F8

AttachedDevice \FileSystem\Ntfs \Ntfs vracfil.sys (VRAC Filter for Windows NT/2K/XP/HAURI)
AttachedDevice \FileSystem\Ntfs \Ntfs VRADFIL.SYS (VR Filter for Windows NT/2K/XP/Vista(advanced)/HAURI)

Device \FileSystem\Fastfat \FatCdrom 86FF8500
Device \Driver\usbuhci \Device\USBPDO-0 871651F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D91F8
Device \Driver\dmio \Device\DmControl\DmConfig 873D91F8
Device \Driver\dmio \Device\DmControl\DmPnP 873D91F8
Device \Driver\dmio \Device\DmControl\DmInfo 873D91F8
Device \Driver\usbuhci \Device\USBPDO-1 871651F8
Device \Driver\usbehci \Device\USBPDO-2 871591F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8736C1F8
Device \Driver\Cdrom \Device\CdRom0 8716B500
Device \Driver\Cdrom \Device\CdRom1 8716B500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F75C5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F75C5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F75C5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F75C5B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\746600992 spns.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 86FDC1F8
Device \Driver\NetBT \Device\NetbiosSmb 86FDC1F8
Device \Driver\PCI_PNP8400 \Device\0000005a spns.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{D59460D1-E17F-40E9-8C21-21CEAFA27A19} 86FDC1F8
Device \Driver\usbuhci \Device\USBFDO-0 871651F8
Device \Driver\usbuhci \Device\USBFDO-1 871651F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86E92500
Device \Driver\usbehci \Device\USBFDO-2 871591F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86E92500
Device \Driver\Ftdisk \Device\FtControl 8736C1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target0Lun0 873D81F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 873D81F8
Device \Driver\amvn5l9s \Device\Scsi\amvn5l9s1 87112500
Device \FileSystem\Fastfat \Fat 86FF8500

AttachedDevice \FileSystem\Fastfat \Fat vracfil.sys (VRAC Filter for Windows NT/2K/XP/HAURI)
AttachedDevice \FileSystem\Fastfat \Fat VRADFIL.SYS (VR Filter for Windows NT/2K/XP/Vista(advanced)/HAURI)

Device \FileSystem\Cdfs \Cdfs 86EAF500

---- EOF - GMER 1.0.15 ----

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 24 December 2009 - 06:03 PM

Let's run Combofix again. The GMER log looks okay.

--
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 26 December 2009 - 04:49 PM

Hello, sorry for late reply, haveing a merry x-mas here. Hope you had one too.
Hopefully you can only see a cleam system.
See the Log below.

Edwin






ComboFix 09-12-22.09 - Edwin&Liza 26-12-2009 10:03:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.425 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Edwin
AV: HAURI AntiVirus ViRobot *On-access scanning disabled* (Updated) {0E1A4B6B-60E9-4B3A-8031-1950BD69B260}
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\drivers\unpr.sys
c:\windows\system32\winio.vxd
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-11-26 to 2009-12-26 ))))))))))))))))))))))))))))))
.

2009-12-26 08:58 . 2009-12-26 08:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\HAURI
2009-12-20 16:04 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-12-15 18:48 . 2009-12-15 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-14 14:59 . 2009-12-14 20:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\HAURI
2009-12-13 22:33 . 2009-12-15 20:02 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\HAURI
2009-12-13 22:02 . 2008-12-17 12:43 33080 ------w- c:\windows\system32\drivers\vracfil.sys
2009-12-13 22:02 . 2008-09-25 17:20 85632 ----a-w- c:\windows\system32\drivers\VRFWNTD5.SYS
2009-12-13 22:02 . 2008-09-25 17:20 21016 ------w- c:\windows\system32\drivers\VRsecos.sys
2009-12-13 22:02 . 2009-02-15 04:55 87744 ----a-w- c:\windows\system32\drivers\vradfil.sys
2009-12-13 22:01 . 2009-12-13 22:01 -------- d-----w- c:\program files\Hauri
2009-12-13 21:41 . 2009-12-13 21:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 21:40 . 2009-12-13 21:40 152576 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-13 21:39 . 2009-12-13 21:39 79488 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 18:02 . 2009-12-13 18:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-13 18:01 . 2009-12-13 18:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-13 17:56 . 2009-12-13 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-13 17:56 . 2009-12-13 21:01 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\SUPERAntiSpyware.com
2009-12-13 17:56 . 2009-12-13 21:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-13 17:39 . 2009-12-13 17:39 -------- d-----w- C:\found.000
2009-12-12 12:10 . 2009-12-12 14:40 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-12-12 12:09 . 2009-12-12 12:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-12 08:57 . 2009-12-12 08:57 -------- d-----w- c:\windows\junk
2009-12-12 08:51 . 2009-12-12 08:52 -------- d-----w- c:\windows\system32\junk
2009-12-11 21:32 . 2009-12-11 20:06 36308992 ----a-w- C:\eav_nt32_enu.msi
2009-12-11 21:01 . 2009-12-11 21:01 -------- d-----w- c:\program files\ESET
2009-12-11 20:24 . 2009-12-11 20:24 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-11 20:23 . 2009-12-11 20:23 -------- d-----w- c:\program files\MSECACHE
2009-12-11 19:42 . 2009-12-11 19:42 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Foxit
2009-12-11 19:41 . 2009-12-11 19:41 -------- d-----w- c:\program files\Foxit Software
2009-12-09 21:18 . 2009-12-09 21:18 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Uniblue
2009-12-08 18:47 . 2009-12-08 18:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-07 20:28 . 2009-12-07 20:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-07 19:35 . 2009-12-07 19:35 -------- d-----w- C:\AVGTemp
2009-12-06 22:44 . 2009-12-06 22:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-06 21:11 . 2009-12-06 21:27 -------- d-----w- c:\program files\RegCure
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\RegCure
2009-12-06 19:34 . 2009-12-06 19:34 -------- d-sh--w- c:\documents and settings\Edwin&Liza\IECompatCache
2009-12-06 19:32 . 2009-12-06 19:32 -------- d-sh--w- c:\documents and settings\Edwin&Liza\PrivacIE
2009-12-06 18:18 . 2009-12-06 18:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-06 16:25 . 2009-12-06 16:25 -------- d-----w- c:\windows\l2schemas
2009-12-06 16:25 . 2009-12-06 16:25 -------- d-----w- c:\windows\system32\nl
2009-12-06 13:51 . 2009-12-06 13:51 -------- d-sh--w- c:\documents and settings\Edwin&Liza\IETldCache
2009-12-06 13:42 . 2009-09-25 05:50 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-12-06 13:42 . 2009-09-25 05:50 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-06 13:39 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-06 13:38 . 2009-12-06 13:39 -------- d-----w- c:\windows\ie8updates
2009-12-06 13:36 . 2009-10-29 07:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-06 13:36 . 2009-10-29 07:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-06 13:36 . 2009-10-29 07:44 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-06 13:36 . 2009-10-29 07:44 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-06 13:36 . 2009-10-29 07:44 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-06 13:36 . 2009-10-29 07:44 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-06 13:30 . 2009-12-06 16:25 -------- d-----w- c:\windows\system32\nl-NL
2009-12-06 13:30 . 2009-12-06 13:36 -------- dc-h--w- c:\windows\ie8
2009-12-06 11:51 . 2008-04-14 17:02 276992 ------w- c:\windows\system32\wmphoto.dll
2009-12-06 11:51 . 2008-04-14 17:02 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-06 11:49 . 2008-04-14 17:02 397312 ------w- c:\windows\system32\mmcex.dll
2009-12-06 11:48 . 2008-04-14 17:02 233472 ------w- c:\windows\system32\azroles.dll
2009-12-06 11:48 . 2008-04-14 17:02 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-06 11:19 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-06 11:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-06 11:18 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-06 11:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-06 11:16 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-06 11:16 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-06 11:16 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-06 11:16 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-06 11:16 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-06 11:16 . 2009-06-25 08:27 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-06 11:16 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-06 11:16 . 2009-02-09 10:56 735744 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-06 11:14 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-06 11:12 . 2009-08-04 21:59 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-06 11:12 . 2009-08-04 17:29 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-06 11:12 . 2009-08-04 17:29 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-06 11:12 . 2009-08-04 17:29 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-06 11:11 . 2009-08-14 15:16 1850752 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-06 08:00 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-05 21:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-05 21:18 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-05 16:51 . 2001-09-07 11:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2009-12-05 16:50 . 2001-09-07 11:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-12-05 16:49 . 2001-09-07 11:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-05 16:36 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-05 16:10 . 2001-09-07 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-05 16:10 . 2001-09-07 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-05 16:10 . 2001-09-07 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-05 16:10 . 2001-09-07 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-05 15:29 . 2009-12-05 15:29 25294 ----a-w- C:\delreg9.reg
2009-12-05 15:20 . 2009-12-26 08:02 -------- d--h--r- c:\documents and settings\Edwin&Liza\Onlangs geopend
2009-12-04 17:54 . 2001-09-07 11:00 40960 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2009-12-04 17:54 . 2001-09-07 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 17:54 . 2008-04-14 17:03 73728 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2009-12-04 17:54 . 2008-04-14 17:03 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-12-04 17:54 . 2009-03-08 13:09 638816 -c--a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-04 17:51 . 2001-09-07 11:00 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42575 -c--a-w- c:\windows\system32\dllcache\chkrzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42573 -c--a-w- c:\windows\system32\dllcache\shvlzm.exe
2009-12-04 17:51 . 2001-09-07 11:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2009-12-03 15:50 . 2009-12-03 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-02 21:30 . 2009-12-02 21:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-01 19:51 . 2001-09-07 11:00 12288 -c--a-w- c:\windows\system32\dllcache\wb32.exe
2009-12-01 19:51 . 2001-09-07 11:00 12288 -c--a-w- c:\windows\system32\dllcache\cb32.exe
2009-12-01 19:51 . 2008-04-14 17:03 4639 -c--a-w- c:\windows\system32\dllcache\mplayer2.exe
2009-12-01 19:51 . 2008-04-14 17:03 12288 ----a-w- c:\windows\system32\mstinit.exe
2009-11-29 17:54 . 2006-11-01 13:07 334720 ----a-w- C:\RootkitRevealer.exe
2009-11-29 15:43 . 2009-08-06 18:24 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-11-29 15:43 . 2009-08-06 18:24 53472 ------w- c:\windows\system32\wuauclt.exe
2009-11-29 10:18 . 2009-12-04 02:20 -------- d-----w- c:\windows\system32\ActiveScan
2009-11-29 10:18 . 2009-11-29 10:18 -------- d-----w- C:\najmaddin

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 15:55 . 2007-07-22 08:14 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-15 19:31 . 2007-01-17 17:10 -------- d-----w- c:\program files\emule
2009-12-15 18:57 . 2009-11-17 19:35 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Skype
2009-12-15 18:48 . 2009-11-17 19:37 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\skypePM
2009-12-13 22:01 . 2004-10-04 17:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 21:40 . 2007-07-31 17:40 -------- d-----w- c:\program files\Java
2009-12-13 21:37 . 2007-07-31 17:39 -------- d-----w- c:\program files\Common Files\Java
2009-12-11 20:16 . 2009-11-13 08:12 -------- d-----w- c:\program files\Snooper
2009-12-10 20:41 . 2009-04-12 09:06 -------- d-----w- c:\program files\eQSO_PC_Client
2009-12-10 19:51 . 2008-01-01 20:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-10 17:59 . 2001-09-07 12:00 68630 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 17:59 . 2001-09-07 12:00 394466 ----a-w- c:\windows\system32\perfh013.dat
2009-12-08 21:35 . 2008-07-20 10:46 -------- d-----w- c:\program files\Notepad++
2009-12-08 21:35 . 2008-07-20 10:46 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Notepad++
2009-12-06 16:54 . 2004-09-08 18:06 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-12-06 09:16 . 2009-10-10 10:44 165743 ----a-w- C:\P110_5T.NEW.zip
2009-12-06 09:16 . 2009-10-10 10:44 167245 ----a-w- C:\P110_5t(286PC).zip
2009-12-06 09:16 . 2009-10-10 10:44 643189 ----a-w- C:\MRSS.zip
2009-12-06 09:15 . 2009-10-10 10:44 67204 ----a-w- C:\memtest86+-1.65.floppy.zip
2009-12-06 09:14 . 2009-10-10 10:44 294123 ----a-w- C:\kpg-28d.zip
2009-12-05 15:20 . 2004-09-10 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-04 21:43 . 2007-08-12 18:02 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-11-30 20:49 . 2007-04-24 16:55 -------- d-----w- c:\program files\XPRepairPro2006
2009-11-30 20:45 . 2008-08-11 11:41 -------- d-----w- c:\program files\PonyProg2000
2009-11-30 20:45 . 2009-07-04 11:05 -------- d-----w- c:\program files\NewsLeecher
2009-11-30 19:45 . 2006-08-08 17:48 -------- d-----w- c:\program files\Ares
2009-11-30 00:42 . 2006-08-06 13:16 -------- d-----w- c:\program files\zvprt40
2009-11-30 00:40 . 2006-09-19 18:36 -------- d-----w- c:\program files\WS_FTP
2009-11-30 00:39 . 2007-02-09 07:05 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-30 00:39 . 2006-09-10 10:09 -------- d-----w- c:\program files\Winamp
2009-11-30 00:38 . 2007-07-06 11:44 -------- d-----w- c:\program files\tallymaster
2009-11-30 00:37 . 2007-06-17 11:30 -------- d-----w- c:\program files\Stellar Phoenix Recovery Suite
2009-11-30 00:37 . 2004-09-10 07:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 00:35 . 2007-08-06 18:17 -------- d-----w- c:\program files\QuickTime
2009-11-30 00:20 . 2006-11-24 06:38 -------- d-----w- c:\program files\Meter
2009-11-30 00:09 . 2004-09-19 17:50 -------- d-----w- c:\program files\iview
2009-11-29 23:59 . 2009-11-04 17:07 -------- d-----w- c:\program files\FastLynx
2009-11-29 23:22 . 2006-08-08 18:13 -------- d-----w- c:\program files\BitLord
2009-11-29 23:21 . 2008-05-17 06:52 -------- d-----w- c:\program files\AVIcodec
2009-11-29 18:49 . 2008-08-10 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-11-29 18:39 . 2004-10-12 19:06 -------- d-----w- c:\program files\FlasKMPEG
2009-11-29 18:38 . 2007-05-17 19:07 -------- d-----w- c:\program files\MixW
2009-11-29 18:22 . 2007-05-24 15:07 -------- d-----w- c:\program files\GALEP32
2009-11-29 18:20 . 2009-07-31 18:43 -------- d-----w- c:\program files\VNA
2009-11-29 18:09 . 2009-01-31 16:42 -------- d-----w- c:\program files\VX-7 Commander
2009-11-29 18:05 . 2009-11-17 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 13:29 . 2008-07-03 18:48 -------- d-----w- c:\program files\MProg 3.0a
2009-11-17 20:07 . 2009-11-17 20:07 -------- d-----w- c:\documents and settings\Edwin&Liza\Application Data\Malwarebytes
2009-11-17 20:07 . 2009-11-17 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-17 19:48 . 2008-05-29 13:35 -------- d-----w- c:\program files\RALINK
2009-11-17 19:48 . 2006-08-12 10:55 -------- d-----w- c:\program files\Google
2009-11-17 19:43 . 2006-08-06 13:16 -------- d-----w- c:\program files\YPOPs
2009-11-17 19:39 . 2009-09-05 18:09 -------- d-----w- c:\program files\Micam-1.2.4
2009-11-17 19:35 . 2009-11-17 19:35 -------- d-----r- c:\program files\Skype
2009-11-17 19:35 . 2009-11-17 19:35 -------- d-----w- c:\program files\Common Files\Skype
2009-11-17 19:35 . 2009-11-17 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-17 19:31 . 2007-04-06 07:27 -------- d-----w- c:\program files\NETGEAR
2009-11-17 19:22 . 2004-09-11 18:58 -------- d-----w- c:\program files\WinMX
2009-11-17 19:17 . 2007-08-16 19:28 -------- d-----w- c:\program files\Ontrack
2009-11-17 19:15 . 2006-12-31 21:45 -------- d-----w- c:\program files\CyberLink
2009-11-17 19:14 . 2004-11-13 12:49 -------- d-----w- c:\program files\CoverPro
2009-10-29 07:44 . 2004-08-03 23:03 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 20:19 . 2009-10-27 20:17 -------- d-----w- c:\program files\Dialogys
2009-10-27 20:17 . 2009-10-27 20:17 828 ----a-w- c:\documents and settings\Edwin&Liza\desinstart.bat
2009-10-27 20:17 . 2009-10-27 20:17 63 ----a-w- c:\program files\dialogysclip.bat
2009-10-27 20:17 . 2009-10-27 20:17 575 ----a-w- c:\documents and settings\Edwin&Liza\desinst.bat
2009-10-27 20:17 . 2009-10-27 20:17 156 ----a-w- c:\documents and settings\Edwin&Liza\save_uninst.bat
2009-10-27 20:17 . 2009-10-27 20:17 -------- d-----w- c:\program files\_jvm
2009-10-21 05:40 . 2004-08-03 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-03 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:38 . 2004-08-03 23:03 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-03 23:03 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-03 23:03 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 20:22 . 2009-10-11 20:22 24582 ----a-w- C:\delreg2.reg
2009-10-11 20:00 . 2009-10-11 20:00 26472 ----a-w- C:\delregvirusentries.reg
2009-09-29 15:51 . 2009-09-29 15:51 17200624 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\rp\.exe
2009-09-29 15:51 . 2009-09-29 15:50 8406648 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-29 15:50 . 2009-09-29 15:50 10309448 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-29 15:49 . 2009-09-29 15:49 64000 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-29 15:49 . 2009-09-29 15:49 52288 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-29 15:49 . 2009-09-29 15:49 50688 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-29 15:49 . 2009-09-29 15:49 114688 ----a-w- c:\documents and settings\Edwin&Liza\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2008-05-18 07:52 . 2008-05-18 07:52 1202807 ----a-w- c:\program files\TARLibs001.txt
2006-09-22 15:53 . 2006-09-22 15:53 4096 ----a-w- c:\program files\ECLiPSE.lic
2006-07-07 00:46 . 2007-01-20 07:32 14675401 ----a-w- c:\program files\wmp11.exe
2006-03-20 14:37 . 2007-07-31 15:24 5689344 ----a-w- c:\program files\MPLAYERC.EXE
2005-01-06 08:35 . 2006-08-06 13:15 179008 ----a-w- c:\program files\gcASSoapLib.dll
2005-01-06 08:11 . 2006-08-06 13:16 56136 ----a-w- c:\program files\gcSoftwareUpdateLib.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-12_10.40.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-26 08:58 . 2009-12-26 08:58 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
- 2004-09-08 18:09 . 2009-12-12 08:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 17:46 . 2009-12-13 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-09-08 18:09 . 2009-12-12 08:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2004-09-08 18:09 . 2009-12-13 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-12-13 17:46 . 2009-12-13 22:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-07-16 16:36 . 2002-07-25 15:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll
+ 2007-07-16 16:36 . 2002-07-25 16:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll
+ 2009-12-13 21:41 . 2009-12-13 21:40 149280 c:\windows\system32\javaws.exe
+ 2009-12-13 21:41 . 2009-12-13 21:40 145184 c:\windows\system32\javaw.exe
+ 2009-12-13 21:41 . 2009-12-13 21:40 145184 c:\windows\system32\java.exe
- 2009-12-06 18:18 . 2009-12-12 08:47 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-06 18:18 . 2009-12-13 22:04 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-20 16:04 . 2008-02-22 11:30 334792 c:\windows\system32\_AxShlEx.dll
+ 2009-12-13 21:40 . 2009-12-13 21:40 537600 c:\windows\Installer\1db1cf.msi
+ 2009-12-13 21:37 . 2009-12-13 21:37 172544 c:\windows\Installer\1db1c7.msi
+ 2009-12-15 18:47 . 2009-12-15 18:47 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2007-07-16 16:36 . 2002-07-25 15:13 196608 c:\windows\Downloaded Program Files\DWUSPLAY.EXE
+ 2007-07-16 16:36 . 2002-07-25 16:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe
+ 2009-12-15 18:47 . 2009-12-15 18:47 1565696 c:\windows\Installer\56b6c5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-12-20 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"Vrmon"="c:\program files\Hauri\Common\Base\VrmonNT.exe" [2009-12-09 315960]
"HEProtect"="c:\program files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe" [2008-11-04 385112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Edwin&Liza^Menu Start^Programma's^Opstarten^9956126.lnk]
backup=c:\windows\pss\9956126.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-20 20:08 135664 ----atw- c:\documents and settings\Edwin&Liza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:emuleudp
"4662:TCP"= 4662:TCP:emuletcp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [13-6-2008 21:19 3026]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [16-4-2007 20:50 4256]
R2 CommSB96;CommSB96;c:\windows\system32\drivers\COMMSB96.sys [6-7-2008 20:24 36664]
R2 CommSBEP;CommSBEP;c:\windows\system32\drivers\COMMSBEP.sys [6-7-2008 20:02 24476]
R2 glpntdrv;glpntdrv;c:\windows\system32\drivers\GLPNTDRV.SYS [24-5-2007 16:09 13728]
R2 hpcsvc;ViRobot Communication Service;c:\program files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe [13-12-2009 23:02 513616]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [6-7-2007 18:34 5152]
R2 ViRobot Common Scan Service;ViRobot Common Scan Service;c:\program files\Hauri\Common\Base\vrscan.exe [13-12-2009 23:22 172032]
R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;c:\windows\system32\drivers\VRFWNTD5.SYS [13-12-2009 23:02 85632]
R3 vrrepair;ViRobot Repairing Service;c:\program files\Hauri\Common\Base\vrrepair.exe [13-12-2009 23:02 281264]
R3 VRsecos;VRsecos;c:\windows\system32\drivers\VRsecos.sys [13-12-2009 23:02 21016]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-7-2007 9:14 716272]
S2 LogWatch;Event Log Watch; [x]
S3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver; [x]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [11-8-2008 12:41 3584]
S3 FastLynx;FastLynx;c:\program files\FastLynx\FastLynx.sys [2-2-2002 0:38 2987]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [4-1-2008 22:32 44928]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\smartwi.sys [17-9-2006 13:18 46464]
S3 WlanUIG;IEEE 802.11g USB Driver; [x]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {D59460D1-E17F-40E9-8C21-21CEAFA27A19} = 194.134.5.5,194.134.5.55
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 10:14
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Voltooingstijd: 2009-12-26 10:20:47
ComboFix-quarantined-files.txt 2009-12-26 09:20
ComboFix2.txt 2009-12-12 10:45
ComboFix3.txt 2009-12-12 10:02

Pre-Run: 31.715.119.104 bytes beschikbaar
Post-Run: 31.692.316.672 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 2A67F0CA83DD4302904916D538D11A24

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 27 December 2009 - 12:02 PM

Hello.

Can you run GMEr again for me and this time please check the REGISTRY section of the GMER scan and post the log upon completion.

Thanks.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 27 December 2009 - 03:19 PM

Hi EB,

The next log.........


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-27 21:17:57
Windows 5.1.2600 Service Pack 3
Running: mceu8jq6.exe; Driver: C:\DOCUME~1\EDWIN&~1\LOCALS~1\Temp\pwlirkod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1293293992
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1359015891
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE1 0x9A 0xF1 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xDE 0xDA 0x66 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE1 0x9A 0xF1 0xAE ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xC4 0x95 0x06 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x2F 0xAE 0x0E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x1B 0xA1 0x3E ...

---- EOF - GMER 1.0.15 ----

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 28 December 2009 - 11:08 AM

Hello again.

Download and Run OTM
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    LogWatch
    BT4501D
    WlanUIG
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • If OTM requires are reboot, please allow it to do so.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Also, do you know what this folder is in your C:\ drive is?

C:\najmaddin

--
Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 28 December 2009 - 02:48 PM

Hi Extremeboy,

C:\najmaddin is a folder containing a backup of a friends laptop. (personal folders only)
I don't need it anymore. I removed it.

Below you see logs of OTM and MBAM.

Rgdrs Edwin








All processes killed
========== SERVICES/DRIVERS ==========
Service LogWatch stopped successfully!
Service LogWatch deleted successfully!
Service BT4501D stopped successfully!
Service BT4501D deleted successfully!
Service WlanUIG stopped successfully!
Service WlanUIG deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Edwin&Liza
->Temp folder emptied: 1846 bytes
->Temporary Internet Files folder emptied: 422514 bytes
->Java cache emptied: 25758679 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 80387388 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 12282009_200314

Files moved on Reboot...

Registry entries deleted on Reboot...
















Malwarebytes' Anti-Malware 1.42
Database versie: 3444
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28-12-2009 20:42:13
mbam-log-2009-12-28 (20-42-13).txt

Scan type: Snelle Scan
Objecten gescand: 115473
Verstreken tijd: 16 minute(s), 19 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 1
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 29 December 2009 - 09:57 AM

Hello.

Let's run an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 EdwinH

EdwinH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 December 2009 - 12:49 PM

Hello again,

The computer seems to runn quite well though I did not attempt to install NOD32 or Kaspersky again.
Hauri Virobot seems to run quite well, installing was no problem

I'm still in my trial month, should I continue this, of migt NOD or Kaspersky be a better choice?

I see Kasperski found some files, wich should not be to hard to remove, but how to clean the e-mail database.

Hope to hear form you soon..


Have a great 2010, please stay away from the booze and fireworks :-)

With kind regards,

Edwin






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 29, 2009 18:56:50
Records in database: 3416407
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 147456
Threats found: 8
Infected objects found: 15
Suspicious objects found: 0
Scan duration: 11:01:46


File name / Threat / Threats count
C:\amp\Deamon Tools 4.0.3 (Full Pack).rar Infected: not-a-virus:WebToolbar.Win32.WhenU.a 2
C:\dld\setup snooper.exe Infected: not-a-virus:Monitor.Win32.SoundSnooper.k 1
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Identities\{809C0AF3-1890-4FED-B5F5-8719EC5C98F5}\Microsoft\Outlook Express\Postvak IN.dbx Infected: Email-Worm.Win32.Sober.i 1
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Identities\{809C0AF3-1890-4FED-B5F5-8719EC5C98F5}\Microsoft\Outlook Express\Postvak IN.dbx Infected: Worm.Win32.AutoRun.adsp 2
C:\music\BootCD (3 in 1 - Hiren BootCD v7.4, MiniPE-XT v2k5.09.03, Ultimate BootCD v3.3).iso Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\music\BootCD (3 in 1 - Hiren BootCD v7.4, MiniPE-XT v2k5.09.03, Ultimate BootCD v3.3).iso Infected: Trojan.Win32.Genome.effx 1
C:\music\Snooper.v1.37.1-ARN.zip Infected: not-a-virus:Monitor.Win32.SoundSnooper.k 1
C:\outlookbackup\Microsoft\Outlook Express\Postvak IN.dbx Infected: Email-Worm.Win32.NetSky.q 1
C:\outlookbackup\Microsoft\Outlook Express\Postvak IN.dbx Infected: Email-Worm.Win32.Bagle.j 1
C:\outlookbackup\Microsoft\Outlook Express\Postvak IN.dbx Infected: Email-Worm.Win32.Sober.i 2
C:\outlookbackup\Microsoft\Outlook Express\Postvak IN.dbx Infected: Worm.Win32.AutoRun.adsp 2

Selected area has been scanned.










DDS (Ver_09-12-01.01) - NTFSx86
Run by Edwin&Liza at 18:38:30,56 on wo 30-12-2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.589 [GMT 1:00]

AV: HAURI AntiVirus ViRobot *On-access scanning disabled* (Updated) {0E1A4B6B-60E9-4B3A-8031-1950BD69B260}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe
C:\Program Files\Hauri\Common\hsvcmod.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hauri\Common\Base\vrscan.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edwin&Liza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Edwin&Liza\Mijn documenten\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
{a057a204-bacc-4d26-9990-79a187e2698e}
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: IEHelpObj Class: {ec45e3fe-c16d-4f24-9238-d1b49ad74815} - c:\program files\hauri\virobot desktop 5.5\service\hWebMan.dll
{a057a204-bacc-4d26-9990-79a187e2698e}
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Vrmon] c:\program files\hauri\common\base\VrmonNT.exe
mRun: [HEProtect] c:\program files\hauri\virobot desktop 5.5\antispam\HSockPE.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} - hxxp://www.euras.com/euras/EIS/plugin/euras.cab
TCP: {D59460D1-E17F-40E9-8C21-21CEAFA27A19} = 194.134.5.5,194.134.5.55
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-6-13 3026]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2007-4-16 4256]
R2 CommSB96;CommSB96;c:\windows\system32\drivers\COMMSB96.sys [2008-7-6 36664]
R2 CommSBEP;CommSBEP;c:\windows\system32\drivers\COMMSBEP.sys [2008-7-6 24476]
R2 glpntdrv;glpntdrv;c:\windows\system32\drivers\GLPNTDRV.SYS [2007-5-24 13728]
R2 hpcsvc;ViRobot Communication Service;c:\program files\hauri\virobot desktop 5.5\hpcsvc.exe [2009-12-13 513616]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2007-7-6 5152]
R2 ViRobot Common Scan Service;ViRobot Common Scan Service;c:\program files\hauri\common\base\vrscan.exe [2009-12-13 172032]
R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;c:\windows\system32\drivers\VRFWNTD5.SYS [2009-12-13 85632]
R3 VRsecos;VRsecos;c:\windows\system32\drivers\VRsecos.sys [2009-12-13 21016]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2008-8-11 3584]
S3 FastLynx;FastLynx;c:\program files\fastlynx\FastLynx.sys [2002-2-2 2987]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-1-4 44928]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\smartwi.sys [2006-9-17 46464]
S3 vrrepair;ViRobot Repairing Service;c:\program files\hauri\common\base\vrrepair.exe [2009-12-13 281264]

=============== Created Last 30 ================

2009-12-28 19:02:52 0 d-----w- C:\_OTM
2009-12-20 16:04:26 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-12-15 19:49:31 0 ----a-w- c:\windows\system.ini
2009-12-15 18:48:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-14 07:11:00 69 ----a-w- c:\windows\NeroDigital.ini
2009-12-14 07:06:10 40 ----a-w- c:\windows\HEPMain.INI
2009-12-13 22:33:55 0 d-----w- c:\docume~1\edwin&~1\applic~1\HAURI
2009-12-13 22:02:50 33080 ------w- c:\windows\system32\drivers\vracfil.sys
2009-12-13 22:02:48 85632 ----a-w- c:\windows\system32\drivers\VRFWNTD5.SYS
2009-12-13 22:02:48 21016 ------w- c:\windows\system32\drivers\VRsecos.sys
2009-12-13 22:02:45 87744 ----a-w- c:\windows\system32\drivers\vradfil.sys
2009-12-13 22:02:40 403051 ------w- c:\windows\system32\drivers\virobot.vib
2009-12-13 22:01:19 142 ----a-w- c:\windows\win.ini
2009-12-13 22:01:11 0 d-----w- c:\program files\Hauri
2009-12-13 21:41:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 17:56:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-13 17:56:26 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-13 17:56:26 0 d-----w- c:\docume~1\edwin&~1\applic~1\SUPERAntiSpyware.com
2009-12-13 17:39:05 0 d-----w- C:\found.000
2009-12-12 09:34:50 0 d-sha-r- C:\cmdcons
2009-12-12 09:23:36 98816 ----a-w- c:\windows\sed.exe
2009-12-12 09:23:36 77312 ----a-w- c:\windows\MBR.exe
2009-12-12 09:23:36 261632 ----a-w- c:\windows\PEV.exe
2009-12-12 09:23:36 161792 ----a-w- c:\windows\SWREG.exe
2009-12-12 08:57:43 0 d-----w- c:\windows\junk
2009-12-12 08:51:59 0 d-----w- c:\windows\system32\junk
2009-12-11 21:32:54 36308992 ----a-w- C:\eav_nt32_enu.msi
2009-12-11 21:01:52 0 d-----w- c:\program files\ESET
2009-12-11 20:24:05 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-11 20:23:47 0 d-----w- c:\program files\MSECACHE
2009-12-11 19:42:00 0 d-----w- c:\docume~1\edwin&~1\applic~1\Foxit
2009-12-11 19:41:59 0 d-----w- c:\program files\Foxit Software
2009-12-10 19:24:31 11780096 ----a-w- c:\documents and settings\edwin&liza\s-1-5-21-1960408961-920026266-839522115-1003.rrr
2009-12-09 21:18:12 0 d-----w- c:\docume~1\edwin&~1\applic~1\Uniblue
2009-12-07 19:35:28 0 d-----w- C:\AVGTemp
2009-12-06 21:11:09 0 d-----w- c:\windows\RegCure
2009-12-06 19:34:04 0 d-sh--w- c:\documents and settings\edwin&liza\IECompatCache
2009-12-06 19:32:47 0 d-sh--w- c:\documents and settings\edwin&liza\PrivacIE
2009-12-06 16:25:32 0 d-----w- c:\windows\l2schemas
2009-12-06 16:25:28 0 d-----w- c:\windows\system32\nl
2009-12-06 15:54:40 0 d-----w- c:\windows\network diagnostic
2009-12-06 13:51:36 0 d-sh--w- c:\documents and settings\edwin&liza\IETldCache
2009-12-06 13:42:12 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-12-06 13:42:12 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-06 13:39:24 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-06 13:38:31 0 d-----w- c:\windows\ie8updates
2009-12-06 13:36:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-06 13:36:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-06 13:36:49 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-06 13:36:48 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-06 13:36:48 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-06 13:36:47 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-06 13:30:49 0 dc-h--w- c:\windows\ie8
2009-12-06 13:30:49 0 d-----w- c:\windows\system32\nl-NL
2009-12-06 11:50:58 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-12-06 11:49:51 294912 -c----w- c:\windows\system32\dllcache\msaud32.acm
2009-12-06 11:48:56 233472 ------w- c:\windows\system32\azroles.dll
2009-12-06 11:48:52 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-06 11:19:48 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-06 11:19:40 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-06 11:18:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-06 11:16:40 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-06 11:16:31 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-06 11:16:31 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-06 11:16:30 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-06 11:16:28 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-06 11:16:26 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-06 11:16:24 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-06 11:16:23 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-06 11:16:22 735744 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-06 11:14:39 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-06 11:12:58 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-06 11:12:57 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-06 11:12:56 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-06 11:12:56 2070400 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-06 11:11:42 1850752 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-06 08:00:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-05 21:18:40 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-05 21:18:11 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-05 16:53:04 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2009-12-05 16:51:59 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2009-12-05 16:50:58 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-12-05 16:49:59 66594 -c--a-w- c:\windows\system32\dllcache\c_864.nls
2009-12-05 16:36:40 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-05 16:10:01 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-05 16:10:01 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-05 16:10:01 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-05 16:10:01 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-05 16:09:50 8599 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2009-12-05 16:09:50 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-12-05 16:09:49 808234 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2009-12-05 16:09:49 399670 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-12-05 16:09:49 37509 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2009-12-05 16:09:49 13497 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2009-12-05 16:09:48 1014139 -c--a-w- c:\windows\system32\dllcache\SP2.CAT
2009-12-05 15:29:08 25294 ----a-w- C:\delreg9.reg
2009-12-05 15:20:28 0 d--h--r- c:\documents and settings\edwin&liza\Onlangs geopend
2009-12-04 17:54:14 40960 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2009-12-04 17:54:13 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 17:54:12 786432 -c--a-w- c:\windows\system32\dllcache\migrate.exe
2009-12-04 17:54:12 73728 -c--a-w- c:\windows\system32\dllcache\wmplayer.exe
2009-12-04 17:54:05 638816 -c--a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-04 17:51:57 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-12-04 17:51:57 42575 -c--a-w- c:\windows\system32\dllcache\chkrzm.exe
2009-12-04 17:51:56 42573 -c--a-w- c:\windows\system32\dllcache\shvlzm.exe
2009-12-04 17:51:56 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2009-12-01 19:51:42 12288 -c--a-w- c:\windows\system32\dllcache\wb32.exe
2009-12-01 19:51:42 12288 -c--a-w- c:\windows\system32\dllcache\cb32.exe
2009-12-01 19:51:40 4639 -c--a-w- c:\windows\system32\dllcache\mplayer2.exe
2009-12-01 19:51:36 12288 ----a-w- c:\windows\system32\mstinit.exe

==================== Find3M ====================

2009-12-29 18:05:55 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-20 15:55:06 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-10 17:59:28 68630 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 17:59:28 394466 ----a-w- c:\windows\system32\perfh013.dat
2009-12-06 09:16:52 165743 ----a-w- C:\P110_5T.NEW.zip
2009-12-06 09:16:37 167245 ----a-w- C:\P110_5t(286PC).zip
2009-12-06 09:16:15 643189 ----a-w- C:\MRSS.zip
2009-12-06 09:15:06 67204 ----a-w- C:\memtest86+-1.65.floppy.zip
2009-12-06 09:14:34 294123 ----a-w- C:\kpg-28d.zip
2009-12-04 21:43:07 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:44:29 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 20:17:12 828 ----a-w- c:\documents and settings\edwin&liza\desinstart.bat
2009-10-27 20:17:12 63 ----a-w- c:\program files\dialogysclip.bat
2009-10-27 20:17:12 575 ----a-w- c:\documents and settings\edwin&liza\desinst.bat
2009-10-27 20:17:12 156 ----a-w- c:\documents and settings\edwin&liza\save_uninst.bat
2009-10-21 05:40:47 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:47 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:38:29 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40:22 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40:22 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 20:22:08 24582 ----a-w- C:\delreg2.reg
2009-10-11 20:00:44 26472 ----a-w- C:\delregvirusentries.reg
2008-05-18 07:52:03 1202807 ----a-w- c:\program files\TARLibs001.txt
2006-09-22 15:53:01 4096 ----a-w- c:\program files\ECLiPSE.lic
2006-07-07 00:46:08 14675401 ----a-w- c:\program files\wmp11.exe
2006-03-20 14:37:00 5689344 ----a-w- c:\program files\MPLAYERC.EXE
2005-01-06 08:35:16 179008 ----a-w- c:\program files\gcASSoapLib.dll
2005-01-06 08:11:16 56136 ----a-w- c:\program files\gcSoftwareUpdateLib.dll

============= FINISH: 18:39:33,00 ===============

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 01 January 2010 - 01:15 PM

Looks good. How's your computer running?

I would remove what Kaspersky detected but regarding the Outlook folders/files. The Postvak IN.dbx inbox database can contain e-mails that you need but one or more of the mails in there is infected. You would need to manually remove some of the mails in there. As long as you don't physically run it, then the infection can't start.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users