problems with userinit.exe on my laptop

Discussion in 'Windows - Virus and spyware problems' started by iceroyale, Aug 3, 2008.

  1. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    hey,

    just now, my laptop started saying that userinit.exe couldn't be started normally, and i had to press ok to stop the application. after that, it just loads my background and nothing else. i can't do anything except pen up the task manager. can anyone help me with this? also, lately my laptop has been getting slower. could be related.
     
    iceroyale, Aug 3, 2008
    #1
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    2oldGeek, Aug 5, 2008
    #2
  3. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    ok doing that. (took me a while to figure out I couldn't run it in safe mode :S). I am also scanning with Malwarebytes' Anti-Malware, I'll post the log when it's done.
     
    iceroyale, Aug 5, 2008
    #3
  4. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    ok here's the log (only 2nd log, the first scan didn't save its log for some reason)

    Malwarebytes' Anti-Malware 1.24
    Database version: 1012
    Windows 5.1.2600 Service Pack 2

    15:31:49 5/08/2008
    mbam-log-8-5-2008 (15-31-49).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 109660
    Time elapsed: 45 minute(s), 1 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 3
    Registry Keys Infected: 12
    Registry Values Infected: 4
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 31

    Memory Processes Infected:
    c:\WINDOWS\system32\rwwnw64d.exe (Adware.ZenoSearch) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\WINDOWS\system32\hncljryg.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayxxuSL.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\efcBsQIy.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b332032-2b25-4767-bbe7-0d86acb43cce} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{1b332032-2b25-4767-bbe7-0d86acb43cce} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcbsqiy (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Plate (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84315332 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm870260ae (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{15-53-39-9d-dw} (Adware.ZenoSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxxusl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxxusl -> Delete on reboot.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\yayxxuSL.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\LSuxxyay.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\LSuxxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hncljryg.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\gyrjlcnh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcBsQIy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LSY9SDMT\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018711.dll (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018712.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018713.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018714.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018715.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018716.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018717.exe (Adware.ISM) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018718.exe (Adware.Rabio) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018721.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018722.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018723.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018725.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018726.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF87C584-A35B-4B50-B3B9-C4A4EECA13E6}\RP48\A0018728.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kjjbpjfy.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\Install (Rogue.Multiple) -> Delete on reboot.
    C:\WINDOWS\BM870260ae.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM870260ae.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
     
    iceroyale, Aug 5, 2008
    #4
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi iceroyale,

    Looks like you’ve got a Vundo.. Malwarebytes usually don’t get it all so let’s do the following:

    Download ComboFix from Here to your Desktop.
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall.


    2OG

    Be sure to include a HJT Log......
     
    2oldGeek, Aug 5, 2008
    #5
  6. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    combofix log: (sorry that it's in dutch)
    ComboFix 08-08-04.06 - User 2008-08-05 18:19:23.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.193 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\Deewoo.lnk
    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\DW_Start.lnk
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aafvaxbq.dll
    C:\WINDOWS\system32\cgjjqrvn.ini
    C:\WINDOWS\system32\cyntfbpe.dll
    C:\WINDOWS\system32\evsjqfvk.dll
    C:\WINDOWS\system32\gdyfbg.dll
    C:\WINDOWS\system32\glrdck.dll
    C:\WINDOWS\system32\kdyvkjnt.dll
    C:\WINDOWS\system32\klgbtdos.dll
    C:\WINDOWS\system32\ksrehs.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mseoukmx.dll
    C:\WINDOWS\system32\msrffrmg.ini
    C:\WINDOWS\system32\nrwovt.dll
    C:\WINDOWS\system32\riqjblch.ini
    C:\WINDOWS\system32\rjkbmivb.dll
    C:\WINDOWS\system32\rswnw64q.exe
    C:\WINDOWS\system32\ubxwyw.dll
    C:\WINDOWS\system32\uggsjuev.dll
    C:\WINDOWS\system32\xjqilw.dll
    C:\WINDOWS\system32\yinkuufh.dll
    C:\WINDOWS\system32\ypskbrnu.ini
    C:\WINDOWS\system32\zwzhbq.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))
    .

    2008-08-05 18:15 . 2008-08-05 18:15 268 --ah----- C:\sqmdata03.sqm
    2008-08-05 18:15 . 2008-08-05 18:15 244 --ah----- C:\sqmnoopt03.sqm
    2008-08-05 15:37 . 2008-08-05 15:37 268 --ah----- C:\sqmdata02.sqm
    2008-08-05 15:37 . 2008-08-05 15:37 244 --ah----- C:\sqmnoopt02.sqm
    2008-08-05 13:14 . 2004-08-04 01:03 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-08-05 13:14 . 2001-09-06 21:27 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-08-05 13:13 . 2001-09-06 21:27 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-08-05 13:13 . 2001-09-06 21:27 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-08-05 13:13 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-08-05 13:13 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
    2008-08-05 13:13 . 2001-09-06 21:27 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-08-05 13:13 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-08-05 13:13 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-08-05 13:13 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-08-05 13:13 . 2001-09-06 21:27 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-08-05 13:11 . 2001-08-17 21:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
    2008-08-05 13:10 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-08-05 13:09 . 2001-09-06 21:27 216,576 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 212,480 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
    2008-08-05 13:09 . 2001-09-06 21:27 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
    2008-08-05 13:09 . 2001-09-06 21:27 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
    2008-08-05 13:09 . 2001-09-06 21:27 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
    2008-08-05 13:09 . 2001-09-06 21:27 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
    2008-08-05 13:09 . 2001-09-06 21:27 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
    2008-08-05 13:09 . 2001-08-17 21:58 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
    2008-08-05 13:07 . 2001-08-17 22:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
    2008-08-05 13:07 . 2001-08-17 22:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
    2008-08-05 13:07 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
    2008-08-05 13:07 . 2001-08-17 20:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
    2008-08-05 13:07 . 2001-08-17 20:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
    2008-08-05 13:07 . 2001-09-06 21:26 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
    2008-08-05 13:07 . 2001-09-06 21:27 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
    2008-08-05 13:07 . 2001-08-17 20:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
    2008-08-05 13:07 . 2001-08-17 20:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
    2008-08-05 13:07 . 2001-09-06 18:37 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
    2008-08-05 13:05 . 2001-09-06 18:20 286,432 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-08-05 13:04 . 2001-09-06 21:27 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-08-05 13:04 . 2001-09-06 21:27 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
    2008-08-05 13:04 . 2001-08-17 21:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
    2008-08-05 13:04 . 2001-08-17 20:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
    2008-08-05 13:04 . 2001-09-06 21:27 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
    2008-08-05 13:04 . 2001-08-17 20:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
    2008-08-05 13:04 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
    2008-08-05 13:04 . 2001-08-17 21:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
    2008-08-05 13:04 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
    2008-08-05 13:04 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
    2008-08-05 13:04 . 2001-08-17 21:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
    2008-08-05 13:03 . 2001-09-06 21:26 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
    2008-08-05 13:03 . 2001-08-17 20:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
    2008-08-05 13:03 . 2001-09-06 20:56 36,425 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
    2008-08-05 13:03 . 2001-08-17 20:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
    2008-08-05 13:03 . 2001-08-17 20:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
    2008-08-05 13:03 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
    2008-08-05 13:03 . 2001-08-17 21:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
    2008-08-05 13:01 . 2001-09-06 21:26 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-08-05 13:00 . 2004-08-04 01:03 3,901 --a--c--- C:\WINDOWS\system32\dllcache\siint5.dll
    2008-08-05 12:59 . 2001-09-06 21:26 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-08-05 12:59 . 2001-09-06 20:49 161,760 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
    2008-08-05 12:59 . 2001-08-17 20:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
    2008-08-05 12:59 . 2001-08-17 20:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
    2008-08-05 12:59 . 2001-07-21 22:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
    2008-08-05 12:59 . 2001-09-06 20:47 18,176 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
    2008-08-05 12:59 . 2001-09-06 20:47 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
    2008-08-05 12:58 . 2001-09-06 21:27 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-08-05 12:58 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
    2008-08-05 12:58 . 2001-08-17 21:51 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmusbm.sys
    2008-08-05 12:58 . 2001-09-06 20:42 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmn50m.sys
    2008-08-05 12:58 . 2001-09-06 20:44 17,536 --a--c--- C:\WINDOWS\system32\dllcache\scr111.sys
    2008-08-05 12:58 . 2001-09-06 20:44 16,768 --a--c--- C:\WINDOWS\system32\dllcache\scmstcs.sys
    2008-08-05 12:58 . 2001-08-17 21:52 11,648 --a--c--- C:\WINDOWS\system32\dllcache\scsiprnt.sys
    2008-08-05 12:58 . 2001-08-17 21:53 10,880 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys
    2008-08-05 12:58 . 2001-08-17 21:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
    2008-08-05 12:56 . 2004-08-04 01:03 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-08-05 12:55 . 2001-09-06 20:29 899,594 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-08-05 12:55 . 2001-09-06 20:29 715,210 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
    2008-08-05 12:55 . 2001-09-06 21:27 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
    2008-08-05 12:55 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
    2008-08-05 12:55 . 2001-09-06 21:27 41,984 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
    2008-08-05 12:55 . 2001-08-17 20:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
    2008-08-05 12:55 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
    2008-08-05 12:55 . 2001-08-17 21:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys
    2008-08-05 12:53 . 2004-08-04 01:03 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
    2008-08-05 12:53 . 2001-08-17 22:04 173,696 --a--c--- C:\WINDOWS\system32\dllcache\philcam2.sys
    2008-08-05 12:53 . 2001-09-06 21:27 121,344 --a--c--- C:\WINDOWS\system32\dllcache\phvfwext.dll
    2008-08-05 12:53 . 2001-08-17 22:04 92,416 --a--c--- C:\WINDOWS\system32\dllcache\phildec.sys
    2008-08-05 12:53 . 2001-08-17 22:07 19,840 --a--c--- C:\WINDOWS\system32\dllcache\philtune.sys
    2008-08-05 12:53 . 2001-08-17 21:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
    2008-08-05 12:53 . 2004-08-03 23:00 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys
    2008-08-05 12:53 . 2001-09-06 20:24 16,128 --a--c--- C:\WINDOWS\system32\dllcache\pscr.sys
    2008-08-05 12:53 . 2001-08-17 21:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\powerfil.sys
    2008-08-05 12:53 . 2001-08-17 21:53 7,168 --a--c--- C:\WINDOWS\system32\dllcache\pnrmc.sys
    2008-08-05 12:51 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-08-05 12:50 . 2004-08-04 01:03 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-08-05 12:49 . 2004-08-04 00:57 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-08-05 12:48 . 2004-08-04 01:03 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-08-05 12:47 . 2004-08-04 01:03 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
    2008-08-05 12:47 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
    2008-08-05 12:47 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
    2008-08-05 12:47 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
    2008-08-05 12:47 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
    2008-08-05 12:47 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-08-05 12:47 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
    2008-08-05 12:47 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
    2008-08-05 12:47 . 2001-08-17 22:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
    2008-08-05 12:45 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-08-05 12:44 . 2001-09-06 21:26 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-08-05 12:44 . 2001-09-06 21:26 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
    2008-08-05 12:44 . 2001-09-06 21:26 37,888 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
    2008-08-05 12:44 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-08-05 12:44 . 2001-09-06 21:26 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-08-05 12:44 . 2001-09-06 21:26 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-08-05 12:42 . 2001-09-06 21:26 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-08-05 12:42 . 2001-08-17 22:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys
    2008-08-05 12:42 . 2001-08-17 22:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys
    2008-08-05 12:42 . 2001-09-06 21:26 91,648 --a--c--- C:\WINDOWS\system32\dllcache\icam4com.dll
    2008-08-05 12:42 . 2001-09-06 21:26 62,976 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll
    2008-08-05 12:42 . 2001-09-06 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll
    2008-08-05 12:42 . 2001-09-06 21:26 20,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll
    2008-08-05 12:40 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-08-05 12:39 . 2001-09-06 21:26 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
    2008-08-05 12:38 . 2001-09-06 21:26 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-08-05 12:37 . 2001-08-17 20:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
    2008-08-05 12:36 . 2001-09-06 20:14 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 10:30 2,048 ----a-w C:\WINDOWS\system32\uqsehioe.exe
    2008-08-03 15:30 1,872,384 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-08-03 15:17 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-08-03 15:02 1,870,848 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-07-29 20:08 1,858,560 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-07-29 13:03 --------- d-----w C:\Program Files\Java
    2008-07-24 23:09 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-07-22 16:55 1,837,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-07-22 16:55 1,179,136 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:53 --------- d-----w C:\Program Files\Microsoft Games
    2008-06-20 11:13 --------- d-----w C:\Program Files\MSXML 4.0
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 23:25 --------- d-----w C:\Program Files\Sun
    2008-06-19 23:24 --------- d-----w C:\Program Files\Common Files\Java
    2008-06-19 20:41 --------- d-----w C:\Program Files\ESET
    2008-06-19 20:41 --------- d-----w C:\Program Files\Common Files\Stardock
    2008-06-19 20:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2008-06-19 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-19 20:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-19 20:06 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-19 19:01 --------- d-----w C:\Program Files\Hitman Pro
    2008-06-19 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-19 18:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-19 18:58 --------- d-----w C:\Program Files\Spyware Doctor
    2008-06-19 18:30 164 ----a-w C:\install.dat
    2008-06-19 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
    2008-06-19 17:58 --------- d-----w C:\Program Files\Synaptics
    2008-06-18 20:27 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-06-18 20:25 --------- d-----w C:\Program Files\Hercules
    2008-06-18 20:25 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield
    2008-06-17 17:34 --------- d-----w C:\Program Files\Windows Live
    2008-06-17 17:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-06-17 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 15:21 --------- d-----w C:\Documents and Settings\User\Application Data\gtk-2.0
    2008-06-11 14:49 --------- d-----w C:\Program Files\7-Zip
    2008-06-11 14:44 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-07 10:20 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-27 11:23 23,400 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 22:00 344064]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 07:00 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 14:34 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 14:33 561152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 88363 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Alerter.lnk - C:\Program Files\Vampirefreaks\vfalerter.exe [2008-01-23 17:10:58 9752064]
    WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2008-06-18 22:25:51 654336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=


    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-07-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q6cskwyh.default\
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 18:22:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...


    C:\DOCUME~1\User\LOCALS~1\Temp\TMP4352$.TMP

    Scan succesvol afgerond
    verborgen bestanden: 1

    **************************************************************************
    .
    Voltooingstijd: 2008-08-05 18:27:32
    ComboFix-quarantined-files.txt 2008-08-05 16:27:11

    Pre-Run: 11,486,855,168 bytes beschikbaar
    Post-Run: 11,469,578,240 bytes beschikbaar

    293 --- E O F --- 2008-07-13 22:48:23

    HJT log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:28:08, on 5/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Alerter.lnk = C:\Program Files\Vampirefreaks\vfalerter.exe
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6617 bytes

     
    iceroyale, Aug 5, 2008
    #6
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    iceroyale,

    Life without challenges is so boring.. LOL

    Open Notepad - it must be Notepad, not Wordpad.
    Copy the text below in the quote box by highlighting all the text with your mouse and pressing Ctrl+C

    Go to the Notepad window and click Edit > Paste
    Then click File > Save
    Name the file "CFScript.txt" (including the quotes)
    Save the file to your Desktop


    [​IMG]


    Referring to the picture above, drag CFScript into ComboFix.exe

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


    2OG
     
    2oldGeek, Aug 5, 2008
    #7
  8. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    didn't reboot. well here's another challenge for you ;)

    ComboFix 08-08-04.06 - User 2008-08-06 13:10:25.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.228 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\User\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))
    .

    2008-08-06 13:06 . 2008-08-06 13:06 268 --ah----- C:\sqmdata04.sqm
    2008-08-06 13:06 . 2008-08-06 13:06 244 --ah----- C:\sqmnoopt04.sqm
    2008-08-05 18:27 . 2008-08-05 18:27 <DIR> d-------- C:\Program Files\Trend Micro
    2008-08-05 18:15 . 2008-08-05 18:15 268 --ah----- C:\sqmdata03.sqm
    2008-08-05 18:15 . 2008-08-05 18:15 244 --ah----- C:\sqmnoopt03.sqm
    2008-08-05 15:37 . 2008-08-05 15:37 268 --ah----- C:\sqmdata02.sqm
    2008-08-05 15:37 . 2008-08-05 15:37 244 --ah----- C:\sqmnoopt02.sqm
    2008-08-05 13:14 . 2004-08-04 01:03 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-08-05 13:14 . 2001-09-06 21:27 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-08-05 13:13 . 2001-09-06 21:27 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-08-05 13:13 . 2001-09-06 21:27 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-08-05 13:13 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-08-05 13:13 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
    2008-08-05 13:13 . 2001-09-06 21:27 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-08-05 13:13 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-08-05 13:13 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-08-05 13:13 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-08-05 13:13 . 2001-09-06 21:27 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-08-05 13:11 . 2001-08-17 21:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
    2008-08-05 13:10 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-08-05 13:09 . 2001-09-06 21:27 216,576 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 212,480 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
    2008-08-05 13:09 . 2001-09-06 21:27 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
    2008-08-05 13:09 . 2001-09-06 21:27 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
    2008-08-05 13:09 . 2001-09-06 21:27 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
    2008-08-05 13:09 . 2001-09-06 21:27 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
    2008-08-05 13:09 . 2001-09-06 21:27 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
    2008-08-05 13:09 . 2001-09-06 21:27 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
    2008-08-05 13:09 . 2001-08-17 21:58 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
    2008-08-05 13:07 . 2001-08-17 22:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
    2008-08-05 13:07 . 2001-08-17 22:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
    2008-08-05 13:07 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
    2008-08-05 13:07 . 2001-08-17 20:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
    2008-08-05 13:07 . 2001-08-17 20:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
    2008-08-05 13:07 . 2001-09-06 21:26 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
    2008-08-05 13:07 . 2001-09-06 21:27 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
    2008-08-05 13:07 . 2001-08-17 20:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
    2008-08-05 13:07 . 2001-08-17 20:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
    2008-08-05 13:07 . 2001-09-06 18:37 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
    2008-08-05 13:05 . 2001-09-06 18:20 286,432 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-08-05 13:04 . 2001-09-06 21:27 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-08-05 13:04 . 2001-09-06 21:27 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
    2008-08-05 13:04 . 2001-08-17 21:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
    2008-08-05 13:04 . 2001-08-17 20:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
    2008-08-05 13:04 . 2001-09-06 21:27 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
    2008-08-05 13:04 . 2001-08-17 20:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
    2008-08-05 13:04 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
    2008-08-05 13:04 . 2001-08-17 21:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
    2008-08-05 13:04 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
    2008-08-05 13:04 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
    2008-08-05 13:04 . 2001-08-17 21:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
    2008-08-05 13:03 . 2001-09-06 21:26 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
    2008-08-05 13:03 . 2001-08-17 20:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
    2008-08-05 13:03 . 2001-09-06 20:56 36,425 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
    2008-08-05 13:03 . 2001-08-17 20:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
    2008-08-05 13:03 . 2001-08-17 20:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
    2008-08-05 13:03 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
    2008-08-05 13:03 . 2001-08-17 21:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
    2008-08-05 13:01 . 2001-09-06 21:26 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
    2008-08-05 13:00 . 2004-08-04 01:03 3,901 --a--c--- C:\WINDOWS\system32\dllcache\siint5.dll
    2008-08-05 12:59 . 2001-09-06 21:26 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-08-05 12:59 . 2001-09-06 20:49 161,760 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
    2008-08-05 12:59 . 2001-08-17 20:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
    2008-08-05 12:59 . 2001-08-17 20:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
    2008-08-05 12:59 . 2001-07-21 22:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
    2008-08-05 12:59 . 2001-09-06 20:47 18,176 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
    2008-08-05 12:59 . 2001-09-06 20:47 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
    2008-08-05 12:58 . 2001-09-06 21:27 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-08-05 12:58 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
    2008-08-05 12:58 . 2001-08-17 21:51 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmusbm.sys
    2008-08-05 12:58 . 2001-09-06 20:42 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmn50m.sys
    2008-08-05 12:58 . 2001-09-06 20:44 17,536 --a--c--- C:\WINDOWS\system32\dllcache\scr111.sys
    2008-08-05 12:58 . 2001-09-06 20:44 16,768 --a--c--- C:\WINDOWS\system32\dllcache\scmstcs.sys
    2008-08-05 12:58 . 2001-08-17 21:52 11,648 --a--c--- C:\WINDOWS\system32\dllcache\scsiprnt.sys
    2008-08-05 12:58 . 2001-08-17 21:53 10,880 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys
    2008-08-05 12:58 . 2001-08-17 21:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
    2008-08-05 12:56 . 2004-08-04 01:03 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-08-05 12:55 . 2001-09-06 20:29 899,594 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-08-05 12:55 . 2001-09-06 20:29 715,210 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
    2008-08-05 12:55 . 2001-09-06 21:27 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
    2008-08-05 12:55 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
    2008-08-05 12:55 . 2001-09-06 21:27 41,984 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
    2008-08-05 12:55 . 2001-08-17 20:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
    2008-08-05 12:55 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
    2008-08-05 12:55 . 2001-08-17 21:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys
    2008-08-05 12:53 . 2004-08-04 01:03 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
    2008-08-05 12:53 . 2001-08-17 22:04 173,696 --a--c--- C:\WINDOWS\system32\dllcache\philcam2.sys
    2008-08-05 12:53 . 2001-09-06 21:27 121,344 --a--c--- C:\WINDOWS\system32\dllcache\phvfwext.dll
    2008-08-05 12:53 . 2001-08-17 22:04 92,416 --a--c--- C:\WINDOWS\system32\dllcache\phildec.sys
    2008-08-05 12:53 . 2001-08-17 22:07 19,840 --a--c--- C:\WINDOWS\system32\dllcache\philtune.sys
    2008-08-05 12:53 . 2001-08-17 21:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
    2008-08-05 12:53 . 2004-08-03 23:00 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys
    2008-08-05 12:53 . 2001-09-06 20:24 16,128 --a--c--- C:\WINDOWS\system32\dllcache\pscr.sys
    2008-08-05 12:53 . 2001-08-17 21:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\powerfil.sys
    2008-08-05 12:53 . 2001-08-17 21:53 7,168 --a--c--- C:\WINDOWS\system32\dllcache\pnrmc.sys
    2008-08-05 12:51 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-08-05 12:50 . 2004-08-04 01:03 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-08-05 12:49 . 2004-08-04 00:57 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-08-05 12:48 . 2004-08-04 01:03 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-08-05 12:47 . 2004-08-04 01:03 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
    2008-08-05 12:47 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
    2008-08-05 12:47 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
    2008-08-05 12:47 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
    2008-08-05 12:47 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
    2008-08-05 12:47 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
    2008-08-05 12:47 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
    2008-08-05 12:47 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
    2008-08-05 12:47 . 2001-08-17 22:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
    2008-08-05 12:45 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-08-05 12:44 . 2001-09-06 21:26 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-08-05 12:44 . 2001-09-06 21:26 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
    2008-08-05 12:44 . 2001-09-06 21:26 37,888 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
    2008-08-05 12:44 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-08-05 12:44 . 2001-09-06 21:26 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-08-05 12:44 . 2001-09-06 21:26 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-08-05 12:42 . 2001-09-06 21:26 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-08-05 12:42 . 2001-08-17 22:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys
    2008-08-05 12:42 . 2001-08-17 22:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys
    2008-08-05 12:42 . 2001-09-06 21:26 91,648 --a--c--- C:\WINDOWS\system32\dllcache\icam4com.dll
    2008-08-05 12:42 . 2001-09-06 21:26 62,976 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll
    2008-08-05 12:42 . 2001-09-06 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll
    2008-08-05 12:42 . 2001-09-06 21:26 20,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll
    2008-08-05 12:40 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-08-05 12:39 . 2001-09-06 21:26 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 10:30 2,048 ----a-w C:\WINDOWS\system32\uqsehioe.exe
    2008-08-03 15:30 1,872,384 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-08-03 15:17 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-08-03 15:02 1,870,848 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-07-29 20:08 1,858,560 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-07-29 13:03 --------- d-----w C:\Program Files\Java
    2008-07-24 23:09 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-07-22 16:55 1,837,056 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-07-22 16:55 1,179,136 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:53 --------- d-----w C:\Program Files\Microsoft Games
    2008-06-20 11:13 --------- d-----w C:\Program Files\MSXML 4.0
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 23:25 --------- d-----w C:\Program Files\Sun
    2008-06-19 23:24 --------- d-----w C:\Program Files\Common Files\Java
    2008-06-19 20:41 --------- d-----w C:\Program Files\ESET
    2008-06-19 20:41 --------- d-----w C:\Program Files\Common Files\Stardock
    2008-06-19 20:40 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2008-06-19 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-19 20:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-19 20:06 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-19 19:01 --------- d-----w C:\Program Files\Hitman Pro
    2008-06-19 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-19 18:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-19 18:58 --------- d-----w C:\Program Files\Spyware Doctor
    2008-06-19 18:30 164 ----a-w C:\install.dat
    2008-06-19 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
    2008-06-19 17:58 --------- d-----w C:\Program Files\Synaptics
    2008-06-18 20:27 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-06-18 20:25 --------- d-----w C:\Program Files\Hercules
    2008-06-18 20:25 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield
    2008-06-17 17:34 --------- d-----w C:\Program Files\Windows Live
    2008-06-17 17:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-06-17 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 15:21 --------- d-----w C:\Documents and Settings\User\Application Data\gtk-2.0
    2008-06-11 14:49 --------- d-----w C:\Program Files\7-Zip
    2008-06-11 14:44 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-07 10:20 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-27 11:23 23,400 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 22:00 344064]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 07:00 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 14:34 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 14:33 561152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 88363 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Alerter.lnk - C:\Program Files\Vampirefreaks\vfalerter.exe [2008-01-23 17:10:58 9752064]
    WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2008-06-18 22:25:51 654336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NEXON\EuropeMapleStory\GameGuard\dump_wmimmc.sys []
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-07-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-06 13:14:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...


    C:\DOCUME~1\User\LOCALS~1\Temp\RGI7.tmp

    Scan succesvol afgerond
    verborgen bestanden: 1

    **************************************************************************
    .
    Voltooingstijd: 2008-08-06 13:18:21
    ComboFix-quarantined-files.txt 2008-08-06 11:18:06
    ComboFix2.txt 2008-08-05 16:27:32

    Pre-Run: 11,745,935,360 bytes beschikbaar
    Post-Run: 11,750,735,872 bytes beschikbaar

    261 --- E O F --- 2008-07-13 22:48:23
     
    iceroyale, Aug 6, 2008
    #8
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    It’s like skinning a cat, there’s more than way ; )

    Delete Files on Reboot

    Start Hijackthis
    Click on the Config button
    Click on the Misc Tools button
    Click on the button labeled Delete a file on reboot...
    A new window will open asking you to select the file that you would like to delete on reboot.
    Navigate to this file and click on it once, and then click on the Open button.

    C:\Documents and Settings\michael\Local Settings\Temp\RGI1B.tmp

    You will now be asked if you would like to reboot your computer to delete the file.
    Click on the Yes button.


    after the reboot,
    Check to see if it’s gone… It should be, and that’s the last of the Vundo.. A Rootkit..

    Let me know.
     
    2oldGeek, Aug 6, 2008
    #9
  10. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    C:\Documents and Settings\michael isn't there :s
     
    iceroyale, Aug 6, 2008
    #10
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Good, that should have been the last of the lurks.

    Are you having any problems now?

     
    2oldGeek, Aug 6, 2008
    #11
  12. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    nope none at all, it runs as good as the day I got it :)

    thanks for your help!
     
    iceroyale, Aug 7, 2008
    #12
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Congratulations iceroyale, your log looks CLEAN [​IMG]




    There are a few things you must do once you are completely clean:

    1. Time for some housekeeping

    Please download the OTMoveIt2 by OldTimer

    Save it to your desktop.
    Run the tool by clicking on the icon.
    • Click the Cleanup button.

    • The tools that we used as well as this one will be removed from your system.


    2. Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.

    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.

    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.

    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.

    • Click Exit on the Main menu to close the program.



    3. Now Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:

    • Go to Start > Programs > Accessories > System Tools and click "System Restore".

    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

    • Then go to Start > Run and type: Cleanmgr
    • Click "OK"
    Select the drive you want to clean usually C:
    Click OK
    When it completes the scan:
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


    4. Defragment your Hard Drive

    1.Open My Computer.
    2.Right-click the local disk volume that you want to defragment, and then click Properties.
    3.On the Tools tab, click Defragment Now.
    4.Click Defragment.




    And here are some tips to reduce the potential for spyware infection in the future:


    It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones are are Comodo Free and Online Armor Personal Firewall
    I have recently changed my firewall to Comodo, love it and highly recommend it..

    Make sure you keep your Windows OS current by visiting Windows update
    regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

    I strongly recommend installing the following applications:

    Spywareblaster <= SpywareBlaster will prevent spyware from being installed.


    Go to these sites and read about these you may decide to use them, I do, because they work.

    Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Malware, Cookies etc) from the sites listed, although you will still be able to connect to the sites.

    MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know Malware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer


    And also see TonyKlein's good advice
    So how did I get infected in the first place?




    Enjoy your clean computer. Any questions?

    The oldgeek knows how to get the bugs out…. Oops, missed one..[​IMG]



    2OG
     
    2oldGeek, Aug 7, 2008
    #13
  14. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    i have ZoneAlarm Pro installed. would you say it is any good?
     
    iceroyale, Aug 7, 2008
    #14
  15. iceroyale

    iceroyale Member

    Joined:
    Aug 3, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    oh and by the way, starting tomorrow, I'll be on vacation for the next 2 weeks, so I might not be able to check back here.
     
    iceroyale, Aug 7, 2008
    #15

Share This Page