Infected with MicroAV, some Trojans and Emailworms HELP NEEDED!!!

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Monday 1.12.2008 / 12:27

Search:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > infected with microav, some trojans and emailworms help needed!!!

Browse by topic

Forums

Start a new thread

Infected with MicroAV, some Trojans and Emailworms HELP NEEDED!!!

Jump to:

Posted

Message

hatseflat

Newbie

3. October 2008 @ 01:36

Link to this message

I've been trying to get rid of MicroAV wich had blocked me from my PC.
I allready have control back thanks to the tips on this website.
First I have ran Combofix (very good prog) then came Superantispyware.
Some things aren't fixed yet. Owner name of my pc is now VIRUS ALERT!!! And every couple of minutes an empty IEbox appears (annoying).

Now Im able to follow procedures so here's my first post with log of Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 02, 2008 18:32:06
Records in database: 1283871
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 122720
Threat name: 6
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 05:51:21

File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Mijn documenten\@@\Paint shop pro 8\PAINT.exe Infected: Trojan-Spy.Win32.BZub.ffd 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Nero 8 Ultra Edition DVD Proper\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Nero 8 Ultra Edition DVD Proper\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Paint shop pro 8\PAINT.exe Infected: Trojan-Spy.Win32.BZub.ffd 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Spore-RELOADED\Spore Keygen and NoCD.rar Infected: Trojan-Dropper.Win32.VB.aoc 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads\Nieuwe map\Toolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Mijn documenten\mail\HSBoutlook.ost Infected: Email-Worm.Win32.Magistr.b 1
C:\Documents and Settings\HP_Administrator\Mijn documenten\Mijn documenten\mail\HSBoutlook.ost Infected: Email-Worm.Win32.Hybris.b 1
C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\WINDOWS\system32\MicroAV.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cv 1

The selected area was scanned.

After reboot, I will run and post hijack this post...
Hope you guyz find some time to help me out of trouble.

[ + quote]

hatseflat

Newbie

3. October 2008 @ 01:51

Link to this message

Here's my Hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46, on 3-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\FTD Watchdog\FtdMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [FTD Watchdog Monitor] "C:\Program Files\FTD Watchdog\FtdMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1175628358796
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} (aComp Class) - http://webreport.imtechict.nl/agresso/api/com/axmlcomp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199734538015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ctDetection.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://hema.nl/xupload/XUpload.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13486 bytes

Hope this is going to work, it's al mumbojumbo to me ;-)

Thx in advance for taking the time and effort guyz, you're making a lot of people very happy at what seems to be the endstation before a total reformat and clean install :-(

[ + quote]

blake1234

Newbie

3. October 2008 @ 03:32

Link to this message

Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
link
update and run if you run in to problems with that heres a guide
guide
then run combofix again in safe mode

press and hold your "F8 Key" on startup at which should bring up the "Windows Advanced Options Menu. Use your arrow keys to move to "Safe Mode" and press your Enter key.
After that run combo fix.

Then post back a fresh hijack this log

[ + quote]

cdavfrew

Senior Member

3. October 2008 @ 10:39

Link to this message

Originally posted by hatseflat:
First I have ran Combofix (very good prog)

Please note that ComboFix is not a program to be used without supervision. The author of the program says so himself. Unless a trained malware helper tells you to use ComboFix and post a log (which is as important as running the program), you should not run it alone.

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

hatseflat

Newbie

5. October 2008 @ 12:42

Link to this message

Hi Blake1234,

I've executed the malwarebytes scan and ran combofix.
Here are all the logfiles (including the new hijacklog.
Thanks for the quick help and sorry for my late reaction.
Ive been away for the weekend (was planned), so I couldn't continue cleaning my system.

1st MBAMlog:
Malwarebytes' Anti-Malware 1.28
Database versie: 1229
Windows 5.1.2600 Service Pack 2

5-10-2008 17:56:25
mbam-log-2008-10-05 (17-56-25).txt

Scan type: Snelle Scan
Objecten gescand: 59924
Verstreken tijd: 6 minute(s), 58 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\dkwqgnbe.bxqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76396-OEM-0011903-00803) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAV) -> Quarantined and deleted successfully.

MBAM found 6 issues wich it cleaned.

Then came the Combofix.
Here are the logs (2 of them):
ComboFix 08-10-01.05 - HP_Administrator 2008-10-05 18:01:50.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1689 [GMT 2:00]
Gestart vanuit: C:\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . konden niet verwijderd worden
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . konden niet verwijderd worden
C:\WINDOWS\Downloaded Program Files\setup.inf . . . . konden niet verwijderd worden

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://78.157.143.198
hxxp://www.photoshow.com
hxxp://91.203.93.6
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))
.

2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 16:59 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 16:59 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-03 07:45 . 2008-10-03 07:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-02 19:30 . 2008-10-02 16:51 2,885,821 -ra------ C:\Combo-Fix.exe
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-02 14:53 . 2008-10-02 14:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-02 10:22 . 2008-10-02 10:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
2008-10-02 09:16 . 2008-10-02 09:16 <DIR> dr-h----- C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2008-10-02 09:16 . 2008-10-02 09:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-02 09:15 . 2008-10-02 09:15 <DIR> d-------- C:\ProgramData
2008-10-02 09:14 . 2008-10-02 09:14 1,218 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-02 09:00 . 2008-10-02 09:15 <DIR> d-------- C:\Program Files\Electronic Arts
2008-10-02 08:55 . 2008-10-02 08:56 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-10-02 08:55 . 2008-10-02 08:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-02 08:49 . 2008-10-02 08:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-10-02 08:49 . 2008-10-02 08:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-02 08:40 . 2008-10-04 10:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SACore
2008-09-29 10:42 . 2008-09-29 10:42 61,224 --a------ C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe
2008-09-26 18:53 . 2008-09-26 18:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-09-21 03:00 . 2008-09-21 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-20 15:05 . 2008-09-20 15:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Bureaublad
2008-09-20 12:02 . 2008-09-20 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-20 12:00 . 2008-09-20 12:00 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-09-20 11:29 . 2008-10-05 17:58 9,222 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-20 11:26 . 2008-09-20 11:26 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2008-09-20 11:26 . 2008-10-01 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-20 11:25 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-09-20 11:23 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-20 11:23 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-20 11:23 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-20 11:23 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-20 11:23 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-20 11:23 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-20 11:22 . 2008-09-20 11:22 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-20 11:22 . 2008-09-20 15:05 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-20 11:21 . 2008-10-02 08:29 <DIR> d-------- C:\Program Files\McAfee
2008-09-20 11:14 . 2008-10-01 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 11:04 . 2008-09-18 11:04 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-09-13 15:19 . 2008-09-13 15:20 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 15:19 . 2008-09-13 15:19 <DIR> d-------- C:\Program Files\iPod
2008-09-13 15:19 . 2008-09-13 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 15:18 . 2008-09-13 15:18 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 15:17 . 2008-09-13 15:17 <DIR> d-------- C:\Program Files\QuickTime
2008-09-11 07:11 . 2008-09-11 07:11 <DIR> d-------- C:\Program Files\Common Files\Ambrasoft
2008-09-11 07:11 . 2008-09-11 07:11 <DIR> d-------- C:\Program Files\AmbraSoft
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 19:03 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-10-02 07:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 10:23 24 ----a-w C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
2008-09-20 20:50 --------- d-----w C:\Program Files\uTorrent
2008-09-20 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-15 06:18 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-09-13 13:17 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-26 18:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-24 07:59 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 07:58 --------- d-----w C:\Program Files\Safari
2008-08-21 20:39 --------- d-----w C:\Program Files\HP
2008-08-21 20:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-15 20:12 --------- d-----w C:\Program Files\Creative
2008-08-14 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-11 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-11 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-03-16 18:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-02_17.17.57.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 15:21:27 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-02 15:21:27 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"FTD Watchdog Monitor"="C:\Program Files\FTD Watchdog\FtdMonitor.exe" [2007-12-24 176640]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-10 7311360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-10 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-02 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-11-09 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-11-09 27136]

C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Opstarten\
Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [2007-09-11 507904]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.L263"= lcodc26xE.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2007-09-10 7808]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 XDva013;XDva013;C:\WINDOWS\system32\XDva013.sys [ ]
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.nl
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll

O16 -: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} - hxxp://webreport.imtechict.nl/agresso/api/com/axmlcomp.cab
C:\WINDOWS\Downloaded Program Files\axmlcomp.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 18:06:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCES: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-05 18:15:23 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-05 16:15:12
ComboFix2.txt 2008-10-02 17:48:01
ComboFix3.txt 2008-10-02 15:18:34

Pre-Run: 106.035.449.856 bytes beschikbaar
Post-Run: 103,989,895,168 bytes beschikbaar

249 --- E O F --- 2008-10-03 05:26:07

Combolog 2:
ComboFix 08-10-01.05 - HP_Administrator 2008-10-05 18:01:50.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1689 [GMT 2:00]
Gestart vanuit: C:\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . konden niet verwijderd worden
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . konden niet verwijderd worden
C:\WINDOWS\Downloaded Program Files\setup.inf . . . . konden niet verwijderd worden

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://78.157.143.198
hxxp://www.photoshow.com
hxxp://91.203.93.6
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))
.

2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 16:59 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 16:59 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-03 07:45 . 2008-10-03 07:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-02 19:30 . 2008-10-02 16:51 2,885,821 -ra------ C:\Combo-Fix.exe
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-10-02 17:21 . 2008-10-02 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-02 14:53 . 2008-10-02 14:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-02 10:22 . 2008-10-02 10:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE
2008-10-02 09:16 . 2008-10-02 09:16 <DIR> dr-h----- C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2008-10-02 09:16 . 2008-10-02 09:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-02 09:15 . 2008-10-02 09:15 <DIR> d-------- C:\ProgramData
2008-10-02 09:14 . 2008-10-02 09:14 1,218 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-02 09:00 . 2008-10-02 09:15 <DIR> d-------- C:\Program Files\Electronic Arts
2008-10-02 08:55 . 2008-10-02 08:56 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-10-02 08:55 . 2008-10-02 08:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-02 08:49 . 2008-10-02 08:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-10-02 08:49 . 2008-10-02 08:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-02 08:40 . 2008-10-04 10:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SACore
2008-09-29 10:42 . 2008-09-29 10:42 61,224 --a------ C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe
2008-09-26 18:53 . 2008-09-26 18:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-09-21 03:00 . 2008-09-21 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-20 15:05 . 2008-09-20 15:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Bureaublad
2008-09-20 12:02 . 2008-09-20 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-20 12:00 . 2008-09-20 12:00 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-09-20 11:29 . 2008-10-05 17:58 9,222 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-20 11:26 . 2008-09-20 11:26 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2008-09-20 11:26 . 2008-10-01 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-20 11:25 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-09-20 11:23 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-09-20 11:23 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-20 11:23 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-20 11:23 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-20 11:23 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-20 11:23 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-20 11:22 . 2008-09-20 11:22 <DIR> d-------- C:\Program Files\McAfee.com
2008-09-20 11:22 . 2008-09-20 15:05 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-09-20 11:21 . 2008-10-02 08:29 <DIR> d-------- C:\Program Files\McAfee
2008-09-20 11:14 . 2008-10-01 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 11:04 . 2008-09-18 11:04 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-09-13 15:19 . 2008-09-13 15:20 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 15:19 . 2008-09-13 15:19 <DIR> d-------- C:\Program Files\iPod
2008-09-13 15:19 . 2008-09-13 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 15:18 . 2008-09-13 15:18 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 15:17 . 2008-09-13 15:17 <DIR> d-------- C:\Program Files\QuickTime
2008-09-11 07:11 . 2008-09-11 07:11 <DIR> d-------- C:\Program Files\Common Files\Ambrasoft
2008-09-11 07:11 . 2008-09-11 07:11 <DIR> d-------- C:\Program Files\AmbraSoft
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 19:03 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-10-02 07:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 10:23 24 ----a-w C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat
2008-09-20 20:50 --------- d-----w C:\Program Files\uTorrent
2008-09-20 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-15 06:18 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nero
2008-09-13 13:17 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-26 18:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-24 07:59 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 07:58 --------- d-----w C:\Program Files\Safari
2008-08-21 20:39 --------- d-----w C:\Program Files\HP
2008-08-21 20:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-15 20:12 --------- d-----w C:\Program Files\Creative
2008-08-14 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-11 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-11 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-03-16 18:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-02_17.17.57.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 15:21:27 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-02 15:21:27 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-10-02 08:47:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 05:30:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"FTD Watchdog Monitor"="C:\Program Files\FTD Watchdog\FtdMonitor.exe" [2007-12-24 176640]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-10 7311360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-10 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-02 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-11-09 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-11-09 27136]

C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Opstarten\
Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [2007-09-11 507904]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.L263"= lcodc26xE.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2007-09-10 7808]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 XDva013;XDva013;C:\WINDOWS\system32\XDva013.sys [ ]
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.nl
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll

O16 -: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} - hxxp://webreport.imtechict.nl/agresso/api/com/axmlcomp.cab
C:\WINDOWS\Downloaded Program Files\axmlcomp.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 18:06:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCES: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-05 18:15:23 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-05 16:15:12
ComboFix2.txt 2008-10-02 17:48:01
ComboFix3.txt 2008-10-02 15:18:34

Pre-Run: 106.035.449.856 bytes beschikbaar
Post-Run: 103,989,895,168 bytes beschikbaar

249 --- E O F --- 2008-10-03 05:26:07

And finally my new HijJachThislog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27, on 5-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\FTD Watchdog\FtdMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [FTD Watchdog Monitor] "C:\Program Files\FTD Watchdog\FtdMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1175628358796
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} (aComp Class) - http://webreport.imtechict.nl/agresso/api/com/axmlcomp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199734538015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ctDetection.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://hema.nl/xupload/XUpload.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13144 bytes

I am awaiting your verdict and next steps...

Kind regards,
Hatseflat.

@cdavfrew,

Thx for the warning. I've read about your warning in other posts, but this was the only way to get enough control back to do the initial scans...

[ + quote]

hatseflat

Newbie

10. October 2008 @ 19:00

Link to this message

I haven't been hearing anything from you guys.
All's well I hope. Please find some time to browse through my log files and tell me how my pc is doing?

Hatse.

[ + quote]

cdavfrew

Senior Member

11. October 2008 @ 05:25

Link to this message

Hey hatseflat

Sorry for the terribly late reply. I thought Blake was going to continue what he started.

I don't read this language, so I would be grateful if you could tell me what this means: konden niet verwijderd worden

Please run HijackThis.

• Click on the button which says Main Menu, then Do a system scan only.
• Please wait for the scan to be completed.
• After the scan has completed, check the following entries.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click on the button Fix checked

NOTE:: Close all browsers before fixing anything.

Tell me what problems you have left.

Best Regards :D

[ + quote]

hatseflat

Newbie

12. October 2008 @ 09:03

Link to this message

Hi CDAVFREW,

I was able to check and fix all of the entries you gave me.
"konden niet verwijderd worden" means couldn't be removed.

I should have chosen for English language during installation of the tools you guys tipped me to install, maybe good to point out in your future fix supports?

I don't have any problems left that I am aware of. The only thing that bugs me more than a little is that ugly green monster with that banner in his hand shouting my IP info back to me.
Can you give me directions on how to operate more safely on the net?
Once in a while I find myself visiting torrentsites, so that's one of the darker neighboorhoods in the digital world.

As for my PC, I think it operates ok. But then again I'm not looking "under the hood", the darned thing just has to work for me and (preferably) at top speed and in perfect condition.
It's too bad there isn't a good dashboard to monitor the fuel, oil pressure, speed and gauge like in my car. Hmm, there are possibilities here, using SNMP in combination with free or open source tooling wich is recommended by the guys from Afterdawn. It is possible to translate all that information into a dashboard. Then you get a great overview of the status of a PC.
Microsoft sells it to companys as the product Microsoft Operations Manager, but I guess it's just as possible to build it with open source.

Greetings and lots of thanks for your help sofar!!!
I have been afraid that I would have to install everything from scratch.

With kind regards,

Hatse.

[ + quote]

cdavfrew

Senior Member

12. October 2008 @ 23:38


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.