Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Virus.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Virus.

Unread postby Link' » December 8th, 2008, 3:59 pm

I am sorry for not having followed your exact instructions here are the logs whit utorrent removed.

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4-4-2006 21:53:56
System Uptime: 12-8-2008 15:35:39 (2837 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 8,13 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\7E11850344FC000
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\7E11850344FC000
Service: NIC1394

==== System Restore Points ===================

RP386: 29-11-2008 0:14:28 - Controlepunt van systeem
RP387: 30-11-2008 18:22:25 - Controlepunt van systeem
RP388: 1-12-2008 15:21:15 - Software Distribution Service 3.0
RP389: 1-12-2008 19:29:26 - Installed Ad-Aware
RP390: 1-12-2008 19:46:37 - Verwijderd: QuickTime
RP391: 1-12-2008 19:57:16 - Geïnstalleerd: QuickTime
RP392: 3-12-2008 7:35:43 - Installed MangaBrowser for SHONEN JUMP 40th
RP393: 4-12-2008 8:58:34 - Removed Ad-Aware
RP394: 4-12-2008 8:59:37 - Removed MangaBrowser for SHONEN JUMP 40th
RP395: 6-12-2008 17:43:30 - Controlepunt van systeem
RP396: 6-12-2008 22:16:19 - Removed AVG Free 8.0
RP397: 6-12-2008 22:17:46 - Installed AVG Free 8.0
RP398: 6-12-2008 22:18:24 - Removed ijji Auto Installer

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Allok 3GP PSP MP4 iPod Video Converter 5.1.0821
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB899589)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901190)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913446)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB916281)
Beveiligingsupdate voor Windows XP (KB917159)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917422)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918118)
Beveiligingsupdate voor Windows XP (KB918439)
Beveiligingsupdate voor Windows XP (KB918899)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920213)
Beveiligingsupdate voor Windows XP (KB920214)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921398)
Beveiligingsupdate voor Windows XP (KB921503)
Beveiligingsupdate voor Windows XP (KB921883)
Beveiligingsupdate voor Windows XP (KB922616)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923694)
Beveiligingsupdate voor Windows XP (KB923980)
Beveiligingsupdate voor Windows XP (KB924191)
Beveiligingsupdate voor Windows XP (KB924270)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB924667)
Beveiligingsupdate voor Windows XP (KB925454)
Beveiligingsupdate voor Windows XP (KB925486)
Beveiligingsupdate voor Windows XP (KB925902)
Beveiligingsupdate voor Windows XP (KB926247)
Beveiligingsupdate voor Windows XP (KB926255)
Beveiligingsupdate voor Windows XP (KB926436)
Beveiligingsupdate voor Windows XP (KB927779)
Beveiligingsupdate voor Windows XP (KB927802)
Beveiligingsupdate voor Windows XP (KB928090)
Beveiligingsupdate voor Windows XP (KB928255)
Beveiligingsupdate voor Windows XP (KB928843)
Beveiligingsupdate voor Windows XP (KB929123)
Beveiligingsupdate voor Windows XP (KB929969)
Beveiligingsupdate voor Windows XP (KB930178)
Beveiligingsupdate voor Windows XP (KB931261)
Beveiligingsupdate voor Windows XP (KB931768)
Beveiligingsupdate voor Windows XP (KB931784)
Beveiligingsupdate voor Windows XP (KB932168)
Beveiligingsupdate voor Windows XP (KB933566)
Beveiligingsupdate voor Windows XP (KB933729)
Beveiligingsupdate voor Windows XP (KB935839)
Beveiligingsupdate voor Windows XP (KB935840)
Beveiligingsupdate voor Windows XP (KB936021)
Beveiligingsupdate voor Windows XP (KB937143)
Beveiligingsupdate voor Windows XP (KB937894)
Beveiligingsupdate voor Windows XP (KB938127)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB938829)
Beveiligingsupdate voor Windows XP (KB939653)
Beveiligingsupdate voor Windows XP (KB941202)
Beveiligingsupdate voor Windows XP (KB941568)
Beveiligingsupdate voor Windows XP (KB941644)
Beveiligingsupdate voor Windows XP (KB941693)
Beveiligingsupdate voor Windows XP (KB942615)
Beveiligingsupdate voor Windows XP (KB943055)
Beveiligingsupdate voor Windows XP (KB943460)
Beveiligingsupdate voor Windows XP (KB943485)
Beveiligingsupdate voor Windows XP (KB944338)
Beveiligingsupdate voor Windows XP (KB944533)
Beveiligingsupdate voor Windows XP (KB944653)
Beveiligingsupdate voor Windows XP (KB945553)
Beveiligingsupdate voor Windows XP (KB946026)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB947864)
Beveiligingsupdate voor Windows XP (KB948590)
Beveiligingsupdate voor Windows XP (KB948881)
Beveiligingsupdate voor Windows XP (KB950749)
Beveiligingsupdate voor Windows XP (KB950759)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953838)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956390)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Bonjour
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell System Restore
Digital Line Detect
DivX Web Player
Easy GIF Animator 3.5
ERUNT 1.1j
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB926239)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB888795)
Hotfix voor Windows XP (KB891593)
Hotfix voor Windows XP (KB896256)
Hotfix voor Windows XP (KB899337)
Hotfix voor Windows XP (KB899510)
Hotfix voor Windows XP (KB902841)
Hotfix voor Windows XP (KB906569)
Hotfix voor Windows XP (KB908673)
Hotfix voor Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 7
mCore
MCU
mDrWiFi
Messenger Plus! Live
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Editie 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
My Way Search Assistant
mZConfig
NetWaiting
OpenOffice.org Installer 1.0
PowerDVD 5.7
QuickSet
QuickTime
Sam & Max Season 1
Skype™ 3.8
Sonic Encoders
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 2 RC2
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update Rollup 2 voor Windows XP Media Center Edition 2005
Update voor Windows XP (KB894391)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB908531)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB911280)
Update voor Windows XP (KB916595)
Update voor Windows XP (KB920872)
Update voor Windows XP (KB922582)
Update voor Windows XP (KB927891)
Update voor Windows XP (KB929338)
Update voor Windows XP (KB930916)
Update voor Windows XP (KB931836)
Update voor Windows XP (KB933360)
Update voor Windows XP (KB936357)
Update voor Windows XP (KB938828)
Update voor Windows XP (KB942763)
Update voor Windows XP (KB942840)
Update voor Windows XP (KB946627)
Update voor Windows XP (KB951072-v2)
Ventrilo Client
VentriloMIX
VideoLAN VLC media player 0.8.6i
Videora iPod Converter 3.07
Wanadoo Europe Installer
WarRock
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Live aanmeldhulp
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB895961
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Zylom Games Player Plugin

==== Event Viewer Messages ===================


==== End Of File ===========================


DDS (Version 1.0) - NTFSx86
Run by *anon* at 20:53:23,03 on ma 08-12-2008
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1014.448 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\*anon*.*anon*\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://dellsearchedit.myway.com/samisc/ ... jhtml?p=DW
mDefault_Page_URL = hxxp://www1.euro.dell.com/content/defau ... l=nl&s=gen
mStart Page = hxxp://www1.euro.dell.com/content/defau ... l=nl&s=gen
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DC200356-0864-4F66-8964-5D43A19300F5} - c:\windows\autolo~1\AL2DLL.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cyrill~1.cyr\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {4039FCFB-9FE8-4E0C-A985-BAD5F39FF443} = 194.134.5.55,194.134.5.5
TCP: {C6044EEC-59F6-4720-B3BD-AA975E943E11} = 194.134.5.55,194.134.5.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-1 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-1 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-12-1 155160]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-12-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-12-1 352920]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\kbdcap.sys [2007-6-14 109440]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunz\gameguard\dump_wmimmc.sys []

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2008-12-06 22:33 <DIR> --d----- C:\oddbox
2008-12-06 22:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-05 08:25 <DIR> --d----- c:\program files\iPod
2008-12-05 08:25 <DIR> --d----- c:\program files\iTunes
2008-12-05 08:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 08:27 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 19:22 <DIR> --d----- C:\OutputFolder
2008-11-27 21:48 266 a------- c:\windows\system32\test.aok
2008-11-27 21:23 129,024 a------- c:\windows\system32\AVERM.dll
2008-11-27 21:23 28,672 a------- c:\windows\system32\AVEQT.dll
2008-11-27 21:23 <DIR> --d----- c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2008-11-26 21:09 <DIR> --d----- C:\Nieuwe map
2008-11-13 15:13 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-12-07 15:55 476,858 a------- c:\windows\system32\perfh013.dat
2008-12-07 15:55 85,636 a------- c:\windows\system32\perfc013.dat
2008-11-28 20:17 31 a------- c:\documents and settings\*anon*.*anon*\jagex_runescape_preferences.date
2008-10-24 12:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 12:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 18:01 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 16:42 1,846,144 a------- c:\windows\system32\win32k.sys
2008-09-15 16:42 1,846,144 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-08 07:08 0 ac------ c:\program files\temp01
2007-08-23 18:04 32 a----r-- c:\documents and settings\all users\hash.dat
2008-07-03 19:50 92,769 a--sh--- c:\windows\system32\bcdMlUtv.ini2

============= FINISH: 20:54:03,76 ===============
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top
Advertisement
Register to Remove

Re: Virus.

Unread postby Odd dude » December 8th, 2008, 4:52 pm

Thanks.

ATF-Cleaner
Download ATF-Cleaner by Atribune to your desktop.
Start the program and place a check next to the following items:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  • Recycle Bin
Now click Empty Selected and click OK.

If you use FireFox, click the FireFox tab and place a check Select All. Click Empty Selected and answer No at the prompt.
If you use Opera, click the Opera tab and place a check Select All. Click Empty Selected and answer No at the prompt.

Malwarebytes' Anti-Malware
I need you to download Malwarebytes' Anti-Malware.

  • Install the program by following the prompts after double-clicking on mbam-setup.exe
  • Once you approach the final installation screen, put a check next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish
  • MBAM (that's an acronym of Malwarebytes' Anti-Malware) will now start. Choose Perform full scan and click Scan
  • Get a cup of coffee/tea/hot chocolate and watch some TV for about an hour.
  • Once the scan has finished, click OK, then Show Results.
  • Put a check next to everything, then click Remove selected.
  • Now, a log will open. Save this to your desktop and post it. Do not attach it.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 8th, 2008, 7:37 pm

Malwarebytes' Anti-Malware 1.31
Database versie: 1475
Windows 5.1.2600 Service Pack 2

9-12-2008 0:31:15
mbam-log-2008-12-09 (00-31-15).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 158369
Verstreken tijd: 59 minute(s), 39 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 13
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\rhc35uj0e7f3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc35uj0e7f3 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: (http://www,lookanddiscover.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\*anon*\Application Data\rhc35uj0e7f3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\Documents and Settings\*anon*\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------

Here is the scan log you asked me for.
I'm really sorry that it is in dutch, I hope its not a to big of a problem.

Awaiting new instructions :)

PS: I corrupted the Look and discover link, I changed the first dot to a comma. Just to avoid any kind of trouble.



Kind regards,


Link'
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Odd dude » December 9th, 2008, 9:57 am

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts :)

Also inform me whether your home page is still being hijacked.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 9th, 2008, 12:02 pm

Log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by *anon* at 2008-12-09 16:56:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (17%) free of 51 GB
Total RAM: 1014 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:35, on 9-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\*anon*\Bureaublad\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\*anon*.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/ ... jhtml?p=DW
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=nl&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/set ... 118_24.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4039FCFB-9FE8-4E0C-A985-BAD5F39FF443}: NameServer = 194.134.5.55,194.134.5.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6044EEC-59F6-4720-B3BD-AA975E943E11}: NameServer = 194.134.5.55,194.134.5.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}]
AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-10-11 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-06 839680]
"ShowLOMControl"=1 []
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"BuildBU"=c:\dell\bldbubg.exe [2006-04-01 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-02 15360]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\*anon*\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\*anon*\Mijn documenten\Gunz\GunzLauncher.exe"="C:\Documents and Settings\*anon*\Mijn documenten\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\SwiftSwitch\SwiftSwitch.exe"="C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe"="C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\ijji\ENGLISH\u_goonzu.exe"="C:\ijji\ENGLISH\u_goonzu.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Octoshape Streaming Services\*anon*\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\*anon*\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c06ed8f-518d-11dc-adaf-0013022a4968}]
shell\AutoRun\command - I:\autoverify.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-09 16:56:58 ----D---- C:\rsit
2008-12-08 23:27:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 14:58:07 ----D---- C:\WINDOWS\ERDNT
2008-12-07 14:56:46 ----D---- C:\Program Files\ERUNT
2008-12-06 22:33:41 ----D---- C:\oddbox
2008-12-06 22:17:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-05 08:25:26 ----D---- C:\Program Files\iPod
2008-12-05 08:25:21 ----D---- C:\Program Files\iTunes
2008-12-05 08:25:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 08:22:05 ----D---- C:\Program Files\QuickTime
2008-12-04 08:27:50 ----D---- C:\Program Files\Trend Micro
2008-12-01 19:55:26 ----D---- C:\Program Files\Apple Software Update
2008-12-01 19:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-01 08:37:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-01 08:37:39 ----D---- C:\Program Files\Alwil Software
2008-11-30 19:22:36 ----D---- C:\OutputFolder
2008-11-27 21:23:23 ----A---- C:\WINDOWS\system32\AVERM.dll
2008-11-27 21:23:23 ----A---- C:\WINDOWS\system32\AVEQT.dll
2008-11-27 21:23:22 ----D---- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2008-11-26 21:09:37 ----D---- C:\Nieuwe map
2008-11-13 15:13:34 ----D---- C:\Program Files\Bonjour
2008-11-13 15:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 14:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-09 16:57:06 ----D---- C:\WINDOWS\Prefetch
2008-12-09 16:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 16:00:34 ----D---- C:\WINDOWS\Temp
2008-12-09 11:58:29 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-09 11:58:22 ----D---- C:\WINDOWS\Registration
2008-12-09 11:58:15 ----D---- C:\WINDOWS
2008-12-09 00:54:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 00:54:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 00:54:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-09 00:54:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 00:54:02 ----HD---- C:\WINDOWS\inf
2008-12-09 00:40:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 00:31:14 ----RD---- C:\Program Files
2008-12-08 20:27:31 ----D---- C:\Documents and Settings\*anon*\Application Data\uTorrent
2008-12-08 13:11:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-07 15:55:49 ----D---- C:\WINDOWS\system32\wbem
2008-12-07 15:55:49 ----D---- C:\WINDOWS\system32
2008-12-07 15:55:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 22:19:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 22:19:23 ----D---- C:\Documents and Settings
2008-12-06 22:18:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 14:20:48 ----SHD---- C:\WINDOWS\CSC
2008-12-06 12:47:49 ----D---- C:\Config.Msi
2008-12-05 08:26:40 ----SHD---- C:\WINDOWS\Installer
2008-12-05 08:25:24 ----D---- C:\Program Files\Common Files\Apple
2008-12-04 08:58:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 13:46:21 ----D---- C:\Documents and Settings\*anon*\Application Data\SystemRequirementsLab
2008-12-01 19:55:44 ----SD---- C:\WINDOWS\Tasks
2008-12-01 18:10:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 21:22:32 ----D---- C:\dell
2008-11-27 21:54:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-27 21:27:18 ----D---- C:\Fraps
2008-11-27 21:27:11 ----HD---- C:\Documents and Settings\*anon*\Application Data\ijjigame
2008-11-27 21:25:26 ----D---- C:\Program Files\Warcraft III
2008-11-23 19:40:57 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-17 15:31:12 ----D---- C:\WINDOWS\Help
2008-11-15 21:51:35 ----D---- C:\WINDOWS\Debug
2008-11-13 16:37:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-13 16:32:20 ----D---- C:\Program Files\Project64 1.6
2008-11-13 15:15:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-13 15:02:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 15:00:33 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 14:55:50 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-09-02 40192]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-04-01 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Stuurprogramma voor Microsoft ACPI-besturingsmethode-accu; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2007-06-14 109440]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-09-02 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Stuurprogramma voor Microsoft USB Standaard-hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 a46lnnln;a46lnnln; C:\WINDOWS\system32\drivers\a46lnnln.sys []
S3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-09-02 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 E100B;Intel(R) PRO Adapter-stuurprogramma; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-09-06 117760]
S3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN-stuurprogramma; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-09-02 61824]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5632]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler-service; C:\WINDOWS\eHome\ehSched.exe [2005-08-17 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-17 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-20 66872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SNMP;SNMP-service; C:\WINDOWS\System32\snmp.exe [2006-11-21 33280]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2007-08-23 45568]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-09-02 268288]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-09-02 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap-service; C:\WINDOWS\System32\snmptrap.exe [2004-09-02 8704]
S3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-09-02 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-09-02 14336]

-----------------EOF-----------------
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Link' » December 9th, 2008, 12:08 pm

info.txt:

info.txt logfile of random's system information tool 1.04 2008-12-09 16:57:41

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Allok 3GP PSP MP4 iPod Video Converter 5.1.0821-->"C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Beveiligingsupdate for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy GIF Animator 3.5-->"C:\Program Files\Easy GIF Animator\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{A29D0501-02A2-48DD-BC1B-09B27406FE9B}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My Way Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Sam & Max Season 1-->MsiExec.exe /I{F20AE04A-3FDC-4A14-A90B-85DEE2812030}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update Rollup 2 voor Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Update voor Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update voor Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update voor Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update voor Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update voor Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update voor Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update voor Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->C:\Program Files\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Wanadoo Europe Installer-->MsiExec.exe /X{B7AC5A96-C8BC-431C-B661-27A09781DFA8}
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live aanmeldhulp-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890927-->C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe
Windows XP Hotfix - KB895961-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

=====HijackThis Backups=====

O2 - BHO: (no name) - {46CF613D-00FF-42C7-ABF8-4A6089F24DE2} - (no file)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookanddiscover.com/
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

======Hosts File======

0.0.0.0 123spywar.com
0.0.0.0 www.123spywar.com
0.0.0.0 1clickspyclean.com
0.0.0.0 www.1clickspyclean.com
0.0.0.0 1clicksuite.net
0.0.0.0 www.1clicksuite.net
0.0.0.0 1spyware-removal.com
0.0.0.0 www.1spyware-removal.com
0.0.0.0 1spywarekiller.com
0.0.0.0 www.1spywarekiller.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081208-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------




-------------------------------------------------------------

Here are the files you reqeusted.
My homepage is no longer being hijacked.

Awaiting the next instructions :)



Kind regards,


Link'
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Link' » December 9th, 2008, 12:08 pm

Dubbel post, sorry.
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Odd dude » December 9th, 2008, 4:46 pm

Looking very good!

Copy and paste this to notepad, save as "fix.bat", quotes included, then double click it.
Code: Select all
pushd\windows\system32\drivers\etc
attrib -h -r -s hosts
echo 127.0.0.1  localhost>hosts
attrib +h +r +s hosts
popd
del %0


Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.

Kaspersky Online Scan
I would like you to run an online antivirus scan.

Please click HERE to be taken to the Kaspersky site.

  • The site will present you with a list of important items. Read those. If you're unsure about something, stop and ask! If you're sure everything is all right, close all other windows.
  • Now, click Accept.
  • It will start a download rougly 10 MB in size. If prompted by your firewall to allow internet access, allow.
  • Once the download has finished, click Next.
  • Under Please select a target to scan, choose My Computer
  • Get a cup of coffee and watch some TV. Do not run any other programs while Kaspersky is scanning! If you're on dial-up, you can now terminate the internet connection if you wish.
  • Once finished, you will be presented with the results. Click Save as text and save the log to your desktop.

Post the results in your next reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 10th, 2008, 8:02 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 10, 2008 17:31:17
Records in database: 1450261
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 114147
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:21:32


File name / Threat name / Threats count
C:\Documents and Settings\*anon*\Mijn documenten\Downloads\Allok_3GP_PSP_MP4_iPod_Video_Converter_5.1.0821-Mohsen6558\3gppspipod_converter.exe Infected: Trojan.Win32.StartPage.dbm 1
C:\Documents and Settings\*anon*\Mijn documenten\Downloads\Allok_3GP_PSP_MP4_iPod_Video_Converter_5.1.0821-Mohsen6558.rar Infected: Trojan.Win32.StartPage.dbm 1
C:\Documents and Settings\*anon*\Mijn documenten\Downloads\oude bestanden\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.n 1
C:\Documents and Settings\*anon*\Mijn documenten\Downloads\oude bestanden\wirelesskeyview.zip Infected: not-a-virus:PSWTool.Win32.Messen.n 1
C:\oddbox\winsched.exe Infected: Trojan.Win32.StartPage.dbm 1

The selected area was scanned.

--------------------------------------------------------------------------------------

Dont know why it shows allok as a trojan, it certanly is not. Aw well.

Btw: Wirelesskeyview is not a download I just trow all my stuff in one map because it anoys me to have a whole screen filled with maps and files.


Awaiting next instructions.


Kind regards,


Link'
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Odd dude » December 11th, 2008, 4:42 pm

Hi Link,

It is funny, and most certainly suspicious, that Kaspersky identified both Allok and the other infection I cleaned to be the same. Are you absolutely sure it's safe?
If the file is under 10Mb (if it's a little over 10mb you can try zipping it), I recommend you to visit http://www.virscan.org and get a second opinion from there.

If the file is too big, it's up to you, but I recommend to delete that program. It might have been patched with malware - completely dependant of where you got it from (if it came from P2P it's infected for sure).

Delete the folder c:\oddbox (it was created by me)

Post a new RSIT log (you will only get log.txt) and an account of any remaining issues.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 12th, 2008, 9:28 am

Hello odd dude! :)

I want my computer to be 100% malware free, so i took your advice and removed the program.
Also i deleted the map you wanted me to delete.

Also, here is the file you reqeusted:

Logfile of random's system information tool 1.04 (written by random/random)
Run by *anon* at 2008-12-12 14:16:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (17%) free of 51 GB
Total RAM: 1014 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:50, on 12-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\*anon*\Bureaublad\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\*anon*.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/ ... jhtml?p=DW
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=nl&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrconnect.com/main/mod/set ... 118_24.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4039FCFB-9FE8-4E0C-A985-BAD5F39FF443}: NameServer = 194.134.5.55,194.134.5.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6044EEC-59F6-4720-B3BD-AA975E943E11}: NameServer = 194.134.5.55,194.134.5.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10197 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}]
AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-10-11 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-06 839680]
"ShowLOMControl"=1 []
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"BuildBU"=c:\dell\bldbubg.exe [2006-04-01 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-02 15360]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\*anon*\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\*anon*\Mijn documenten\Gunz\GunzLauncher.exe"="C:\Documents and Settings\*anon*\Mijn documenten\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\SwiftSwitch\SwiftSwitch.exe"="C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe"="C:\Program Files\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\ijji\ENGLISH\u_goonzu.exe"="C:\ijji\ENGLISH\u_goonzu.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Octoshape Streaming Services\*anon*\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\*anon*\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c06ed8f-518d-11dc-adaf-0013022a4968}]
shell\AutoRun\command - I:\autoverify.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-11 13:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 13:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 13:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 13:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 13:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 08:08:12 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-10 08:04:33 ----D---- C:\Program Files\NOS
2008-12-10 08:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-12-09 16:56:58 ----D---- C:\rsit
2008-12-08 23:27:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 14:58:07 ----D---- C:\WINDOWS\ERDNT
2008-12-07 14:56:46 ----D---- C:\Program Files\ERUNT
2008-12-06 22:17:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-05 08:25:26 ----D---- C:\Program Files\iPod
2008-12-05 08:25:21 ----D---- C:\Program Files\iTunes
2008-12-05 08:25:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 08:22:05 ----D---- C:\Program Files\QuickTime
2008-12-04 08:27:50 ----D---- C:\Program Files\Trend Micro
2008-12-01 19:55:26 ----D---- C:\Program Files\Apple Software Update
2008-12-01 19:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-01 08:37:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-01 08:37:39 ----D---- C:\Program Files\Alwil Software
2008-11-30 19:22:36 ----D---- C:\OutputFolder
2008-11-26 21:09:37 ----D---- C:\Nieuwe map
2008-11-13 15:13:34 ----D---- C:\Program Files\Bonjour
2008-11-13 15:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 14:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-12 14:15:54 ----RD---- C:\Program Files
2008-12-12 14:15:53 ----D---- C:\WINDOWS\system32
2008-12-12 14:14:04 ----D---- C:\WINDOWS\Prefetch
2008-12-12 13:53:52 ----D---- C:\Program Files\Mozilla Firefox
2008-12-12 13:50:24 ----D---- C:\WINDOWS\Temp
2008-12-12 13:49:24 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-12 13:49:15 ----D---- C:\WINDOWS\Registration
2008-12-12 13:49:08 ----D---- C:\WINDOWS
2008-12-12 07:58:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 13:12:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 13:06:47 ----HD---- C:\WINDOWS\inf
2008-12-11 13:06:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-11 13:06:39 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 13:06:30 ----SHD---- C:\WINDOWS\Installer
2008-12-11 13:06:30 ----D---- C:\Config.Msi
2008-12-11 13:06:14 ----A---- C:\WINDOWS\win.ini
2008-12-11 13:05:04 ----D---- C:\Program Files\Internet Explorer
2008-12-11 13:04:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 16:02:20 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-10 08:08:28 ----D---- C:\Program Files\Adobe
2008-12-10 08:08:12 ----D---- C:\Program Files\Common Files
2008-12-10 08:07:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-10 08:07:18 ----D---- C:\Program Files\Common Files\Adobe
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 00:54:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-09 00:54:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 00:40:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 20:27:31 ----D---- C:\Documents and Settings\*anon*\Application Data\uTorrent
2008-12-07 15:55:49 ----D---- C:\WINDOWS\system32\wbem
2008-12-07 15:55:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 22:19:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-06 22:19:23 ----D---- C:\Documents and Settings
2008-12-06 22:18:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-06 14:20:48 ----SHD---- C:\WINDOWS\CSC
2008-12-05 08:25:24 ----D---- C:\Program Files\Common Files\Apple
2008-12-04 08:58:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 13:46:21 ----D---- C:\Documents and Settings\*anon*\Application Data\SystemRequirementsLab
2008-12-01 19:55:44 ----SD---- C:\WINDOWS\Tasks
2008-12-01 18:10:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 21:22:32 ----D---- C:\dell
2008-11-27 21:27:18 ----D---- C:\Fraps
2008-11-27 21:27:11 ----HD---- C:\Documents and Settings\*anon*\Application Data\ijjigame
2008-11-27 21:25:26 ----D---- C:\Program Files\Warcraft III
2008-11-23 19:40:57 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-17 15:31:12 ----D---- C:\WINDOWS\Help
2008-11-15 21:51:35 ----D---- C:\WINDOWS\Debug
2008-11-13 16:37:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-13 16:32:20 ----D---- C:\Program Files\Project64 1.6
2008-11-13 15:15:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-13 14:55:50 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-09-02 40192]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-04-01 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN-transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Stuurprogramma voor Microsoft ACPI-besturingsmethode-accu; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 kbdcap;kbdcap; C:\WINDOWS\system32\drivers\kbdcap.sys [2007-06-14 109440]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-09-02 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Stuurprogramma voor Microsoft USB Standaard-hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 ac1axxkb;ac1axxkb; C:\WINDOWS\system32\drivers\ac1axxkb.sys []
S3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-09-02 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 E100B;Intel(R) PRO Adapter-stuurprogramma; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-09-06 117760]
S3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN-stuurprogramma; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-09-02 61824]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5632]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler-service; C:\WINDOWS\eHome\ehSched.exe [2005-08-17 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-17 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-20 66872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SNMP;SNMP-service; C:\WINDOWS\System32\snmp.exe [2006-11-21 33280]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2007-08-23 45568]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-09-02 268288]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-09-02 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap-service; C:\WINDOWS\System32\snmptrap.exe [2004-09-02 8704]
S3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-09-02 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-09-02 14336]

-----------------EOF-----------------



Awaiting next instructions. :cheers:


Kind regards,

Link'
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Odd dude » December 14th, 2008, 4:37 am

Hi Link,

Install a firewall
There is no firewall installed on your computer! Either that, or you're using Windows Firewall, which is not a good idea.

Firewalls are programs that monitor incoming and outcoming connections to your computer. Did you know that, just by connecting to the internet, you are being exposed to hundreds of treats immediately? The way to solve this, is to use a firewall, and up-to-date antivirus software.

Windows Firewall only monitors incoming connections. This means that, once you are infected, the malware is free to ask for new instructions, send private data to its creator, or invite its malware buddies to come over. In other words: it's almost as good as no firewall at all.

Download a free for personal use firewall NOW from one of these sources:
COMODO Personal Firewall
Online Armor Free

(COMODO also bundles antivirus - if you already have antivirus software make sure you don't install COMODO's antivirus as well).

Rehide hidden files and folders
Now let's reverse the changes we made.

  • Open the Control Panel (Start > Control Panel)
  • Double-click Folder Settings
  • On the View tab, check Hide protected system files (recommended).
  • Uncheck Show the contents of system directories
  • Check Hide extensions for known file types
  • Scroll down and choose Do not show hidden files and folders
  • Press OK to save changes.

Purge System Restore
We've now arrived at the stage where we can clean the System Restore points. Malware can easily hide itself in System Restore points. This is BAD. While inside the restore point, it is completely harmless. But once you restore from that restore point, the malware will spread again.
To purge System Restore, please do the following:
  • First, launch System Restore (Start > All Programs > Accessories > System Tools > System Restore).
  • Choose the second option: Create a restore point. Name it something like All Clean.

    Now, for the actual purging:

  • Click Start > All Programs > Accessories > Disk Cleaner.
  • Wait for the program to load... this will take a few seconds.
  • Click the More Options tab, and click the Cleanup button under the System Restore heading. Click Yes if you're prompted whether you're sure.

  • Don't close the program yet.


Clean up some more leftovers
  • Get back to the previous tab. Tick the following items:
    • Temporary Internet Files
    • Offline Web Pages
    • Recycle Bin
    • Temporary Files
    • WebClient/Publisher temporary files
  • Click OK. If you're asked whether you're sure, click Yes.


If you don't have any other issues, then I think all the malware is gone!


Congratulations!
Image Image Image Image Image Image

As far as I can tell, you are CLEAN!

Image


Have a big cup of Image, sit back & relax, and now please follow a few of the following tips; they will dramatically reduce your chance of getting infected again.


  • Turn on Automatic Updates if you have not done so. It is MANDATORY to keep your Windows updated, otherwise you are vulnerable to exploits! To turn on Automatic Updates: click Start > Control Panel > Security Centre > Automatic Updates.

Below are optional items. It's highly recommended to read them through, but decide for yourself how many of these recommendations (if any) you follow.

  • Install WinPatrol from here. Instructions for use are here.

  • Install SpywareBlaster to protect you from bad sites. Download - How to use it

  • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
    First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
    The disabling routine:
    1. Click Start, then Run
    2. Copy and paste the following:
      Code: Select all
      sc config dnscache start= disabled
    3. Click OK.
    Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

  • Install Sandboxie. Sandboxie isolates programs into a sandbox. When you get infected, and the program that caused this (i.e. Internet Explorer) is inside the sandbox, the infection will remain trapped inside the sandbox. Then it only takes a few clicks to empty the sandbox and thus kill the virus. Sandboxie is completely free! Download it here.
Note that using Sandboxie does not guarantee that you will never get infected. Some malware can bypass Sandboxie, so don't let your guard down!

Please reply to this thread once more so we know it can be archived

Happy surfing!! :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 15th, 2008, 10:36 am

Hello odd dude!

I installed Online armor,
Rehided hidden files and folders
and Purgded the system restore after making a "all clean" restore point.

Thanks alot for helping me.

My computer sure is faster now, and 'feels' safer to use.


:cheers: Thank you! :cheers:

Edit: Wich of the programs you let me use (like: AFT-cleaner/Rsit) can be removed?
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top

Re: Virus.

Unread postby Odd dude » December 16th, 2008, 4:42 pm

ATF Cleaner: keep it if you want it, otherwise just delete it
Delete the folder c:\rsit
You can delete the rsit executable if you wish but you can also keep it in case you ever get infected again
Any fix.bat files you made can be deleted
DDS.scr can be deleted
ERUNT can be uninstalled but I recommend keeping it just in case you ever need it again
You can keep Malwarebytes Anti-Malware, it's a great program. Performing a quick scan once a week is recommended.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Top

Re: Virus.

Unread postby Link' » December 17th, 2008, 3:33 am

Thanks alot odd dude for all you help.

As for me, this thread can be locked and archived.


Kind regards,

Link'
Link'
Regular Member
 
Posts: 18
Joined: December 3rd, 2008, 11:53 am
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 166 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index