TechSpot

Google redirect

Resolved
By Gertak
Jun 30, 2011
Topic Status:
Not open for further replies.
  1. Hi There,

    Seems that my computer has a virus, symptons are:
    * Google search results are redirected to other search engines or pages which hold an 404-error. After this 404 error the Windows XP Help-function is started. This happens in both Internet Explorer and Firefox, Google Chrome works fine.
    * Starting of Windows XP looks like this:
    -The Windows XP loading screen is shown
    - After this, a black screen is shown for about 5 seconds, until the log-in screen is shown
    - After logging in, my wallpaper is shown immediately. However, it takes about 1-2 minutes before the icons on the desktop and the taskbar is shown. During this process, the HD indicatorlight is not flashing. Task Manager doesn't start during this process, so I don't know if any processess are running.

    I've already scanned my system with Malwarebytes, MCafee, MS Security Essentials and SuperAntiSpyware. Some malware was found (most were cookies) and delete, but the problem still exists. When searching for another spyware removal tool (yeah, I read the article in your forum: shouldn't do this :)) I found you forum and here I am.

    I've already ran Malwarebytes, GMER and DDS, which gave me the following logs (the logs showed my username and computername, which are holding my real name. I changed my username in 'user' and my computername to 'NX7400' since I don't want to be find by Google relating to this topic :)
  2. Gertak

    Gertak TS Rookie Topic Starter

    logs

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6987

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    30-6-2011 19:47:11
    mbam-log-2011-06-30 (19-47-11).txt

    Scantype: Snelle scan
    Objecten gescand: 219535
    Verstreken tijd: 12 minuut/minuten, 25 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\documents and settings\user\local settings\Temp\jar_cache8917419490242344650.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    **********************
    GMER-log

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-30 20:00:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SBDO
    Running: 3sbdr481.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\kwliauog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA0CE422B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA0CE41AB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0CE4255]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA0CE41BF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA0CE41EB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0CE427F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA0CE4197]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0CE423F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA0CE41D5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA0CE4201]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA0CE4217]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0CE4295]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA0CE4269]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----

    *******************************8





    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by user at 20:02:09 on 2011-06-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2295 [GMT 2:00]
    .
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Documents and Settings\user\Application Data\Mikogo\Mikogo-Host.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
    C:\PVSW\Bin\W3DBSMGR.EXE
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Exact\GLOBEP~1\BIN\e4slash.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
    C:\Program Files\Seagull\BarTender Suite\License Server\SLSSrv.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
    C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\VMware\VMware Server\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.vcd.nl/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy.vcd.nl:3128
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [Mikogo] "c:\documents and settings\user\application data\mikogo\Mikogo-Host.exe"
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\jabrad~1.lnk - c:\program files\jabra\jabra pc suite\JabraDeviceService.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\pervas~1.lnk - c:\pvsw\bin\W3DBSMGR.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    uPolicies-explorer: NoTrayItemsDisplay = 00000000
    uPolicies-explorer: NoActiveDesktop = 01000000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: c:\program files\vmware\vmware server\vsocklib.dll
    Trusted Zone: css-solutions.nl\employee
    Trusted Zone: css-solutions.nl\rms
    Trusted Zone: nx7400
    DPF: {146DFD40-7FC9-439B-BFD7-150058F59E33} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAIUninstall.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {26774F3E-5F15-4883-8394-89146270A8C7} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAddin.CAB
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    DPF: {357BEB5B-DC01-44C2-B011-14048C3178B1} - hxxp://nx7400/SynergyNET/cab/DocParse2.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252507995828
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://rms.css-solutions.nl/inc/kaxRemote.dll
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Notify: igfxcui - igfxdev.dll
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 10.20.250.36 SQLEHV
    Hosts: 10.20.170.4 win2kavaya
    Hosts: 10.20.170.2 sc025261
    Hosts: 10.20.250.44 sumehv_01
    Hosts: 10.20.250.39 EX-EHV-01
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\g90bm0ht.default\
    FF - prefs.js: browser.startup.homepage - hxxp://138.evony.com/s.html?adv=www_evony_com_inde
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-6-8 144704]
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-6-8 31848]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 BarTender System Service;BarTender System Service;c:\program files\seagull\bartender suite\BtSystem.Service.exe [2010-9-21 42392]
    R2 Commander Service;Commander Service;c:\program files\seagull\bartender suite\CmdrSrv.exe [2010-9-21 2192832]
    R2 Maestro;Printer Maestro;c:\program files\seagull\bartender suite\Maestro.Service.exe [2010-9-21 239000]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-9 104000]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-6-8 54608]
    R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880]
    R2 Seagull License Server;Seagull License Server;c:\program files\seagull\bartender suite\license server\SLSSrv.exe [2010-9-21 2196952]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-20 54960]
    R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2009-10-20 57344]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-9-9 73512]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-9-9 34408]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-9-9 177864]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S2 ExactEntityService;Exact Entity Service;c:\exact\globeprog\bin\Exact.Entity.WinService.exe [2011-6-29 13312]
    S2 ExactSynchronizationDispatcherMonitor_EG;Exact Globe Synchronization Dispatcher Monitor;c:\exact\globeprog\bin\Exact.Synchronization.WinServiceHost.exe [2011-6-29 33792]
    S2 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2009-10-20 322096]
    S3 B-Service;B-Service;c:\documents and settings\user\application data\mikogo\B-Service.exe [2011-5-16 185640]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-23 39984]
    S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]
    S3 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800]
    S3 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]
    S3 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2010-4-3 42884448]
    S3 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
    S3 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
    S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680]
    S3 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
    S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2009-10-20 29744]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-9-15 280344]
    S4 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    .
    =============== Created Last 30 ================
    .
    2011-06-29 11:29:22 -------- d-----w- c:\program files\Softland
    2011-06-29 10:59:26 -------- d-----w- c:\program files\common files\Exact Shared
    2011-06-28 22:06:16 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
    2011-06-28 19:43:22 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-06-28 14:46:12 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
    2011-06-28 14:11:44 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
    2011-06-28 13:13:53 -------- d-----w- c:\documents and settings\user\local settings\application data\GN_Netcom_A_S
    2011-06-28 13:13:53 -------- d-----w- c:\documents and settings\all users\application data\Jabra
    2011-06-28 13:13:24 -------- d-----w- c:\program files\Jabra
    2011-06-25 12:27:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-25 12:27:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-22 14:32:38 -------- d-----w- C:\expdos
    2011-06-22 14:28:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-22 14:28:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-22 14:28:14 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-06-22 14:28:14 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-06-15 22:20:49 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-07 10:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-06-01 11:46:46 -------- d-----w- c:\program files\LXE
    .
    ==================== Find3M ====================
    .
    2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-26 16:04:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 00:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:06 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 15:44:38 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:44:38 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:44:32 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 15:44:32 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01:33 389120 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 20:03:30,03 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9-9-2009 14:19:24
    System Uptime: 30-6-2011 19:49:14 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30A2
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | U10 | 1828/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 9,466 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP379: 22-4-2011 20:12:05 - Controlepunt van systeem
    RP380: 22-4-2011 20:13:53 - Software Distribution Service 3.0
    RP381: 23-4-2011 16:24:00 - Geïnstalleerd EpsonNet Setup 3.2
    RP382: 23-4-2011 16:25:37 - Geïnstalleerd EpsonNet Print
    RP383: 23-4-2011 16:26:34 - Installed ABBYY FineReader 9.0 Sprint
    RP384: 23-4-2011 16:28:25 - Installed Epson Event Manager
    RP385: 23-4-2011 16:29:34 - Microsoft Visual C++ 2005 Redistributable is verwijderd
    RP386: 23-4-2011 16:30:41 - Geïnstalleerd Easy Photo Print Plug-in for PMB(Picture Motion Br
    RP387: 25-4-2011 16:16:44 - Controlepunt van systeem
    RP388: 27-4-2011 11:54:38 - Controlepunt van systeem
    RP389: 28-4-2011 14:44:55 - Controlepunt van systeem
    RP390: 3-5-2011 9:47:46 - Controlepunt van systeem
    RP391: 4-5-2011 10:56:38 - Controlepunt van systeem
    RP392: 5-5-2011 11:43:19 - Controlepunt van systeem
    RP393: 9-5-2011 9:02:50 - Controlepunt van systeem
    RP394: 10-5-2011 0:36:44 - Software Distribution Service 3.0
    RP395: 11-5-2011 13:01:30 - Controlepunt van systeem
    RP396: 13-5-2011 17:46:18 - Controlepunt van systeem
    RP397: 13-5-2011 18:07:24 - Software Distribution Service 3.0
    RP398: 15-5-2011 20:36:50 - Geïnstalleerd Microsoft Office Outlook Connector
    RP399: 17-5-2011 12:31:56 - Controlepunt van systeem
    RP400: 18-5-2011 12:57:26 - Controlepunt van systeem
    RP401: 19-5-2011 17:32:11 - Controlepunt van systeem
    RP402: 22-5-2011 20:54:30 - Controlepunt van systeem
    RP403: 24-5-2011 11:39:11 - Controlepunt van systeem
    RP404: 25-5-2011 12:19:34 - Controlepunt van systeem
    RP405: 26-5-2011 12:59:11 - Controlepunt van systeem
    RP406: 27-5-2011 17:20:55 - Controlepunt van systeem
    RP407: 30-5-2011 21:46:54 - Printerstuurprogramma novaPDF 7 Printer Driver is geïnstalleerd
    RP408: 30-5-2011 21:47:09 - Printerstuurprogramma novaPDF 7 Printer Driver is geïnstalleerd
    RP409: 1-6-2011 12:14:13 - Controlepunt van systeem
    RP410: 1-6-2011 13:46:45 - Installed LXEConnect
    RP411: 7-6-2011 14:13:49 - Controlepunt van systeem
    RP412: 8-6-2011 15:07:55 - Controlepunt van systeem
    RP413: 9-6-2011 18:51:15 - Controlepunt van systeem
    RP414: 16-6-2011 12:29:14 - Controlepunt van systeem
    RP415: 18-6-2011 1:37:58 - Controlepunt van systeem
    RP416: 20-6-2011 14:20:07 - Controlepunt van systeem
    RP417: 21-6-2011 15:12:30 - Controlepunt van systeem
    RP418: 23-6-2011 9:14:14 - Controlepunt van systeem
    RP419: 24-6-2011 14:42:03 - Controlepunt van systeem
    RP420: 25-6-2011 14:25:37 - Herstelbewerking
    RP421: 26-6-2011 15:07:44 - Controlepunt van systeem
    RP422: 27-6-2011 17:39:32 - Controlepunt van systeem
    RP423: 28-6-2011 15:13:23 - Installed Jabra PC Suite 2.5.6
    RP424: 28-6-2011 23:29:02 - Software Distribution Service 3.0
    RP425: 29-6-2011 0:06:06 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP426: 29-6-2011 12:02:20 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP427: 29-6-2011 13:02:58 - Printerstuurprogramma novaPDF Pro Server 5 Pri is geïnstalleerd
    RP428: 29-6-2011 13:03:14 - Printerstuurprogramma novaPDF Pro Server 5 Pri is geïnstalleerd
    RP429: 30-6-2011 14:08:39 - Controlepunt van systeem
    RP430: 30-6-2011 19:00:20 - Installed Java(TM) 6 Update 26
    RP431: 30-6-2011 19:21:45 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Aangifte inkomstenbelasting 2010
    ABBYY FineReader 9.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5 - Nederlands
    Adobe Shockwave Player 11.5
    AdventureWorksBI
    AdventureWorksDB
    Agere Systems HDA Modem
    AuthenTec Fingerprint Sensor Minimum Install
    BarTender 9.3
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2416400)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2482017)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2497640)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2530548)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2544521)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381)
    Beveiligingsupdate voor Windows Media Encoder (KB2447961)
    Beveiligingsupdate voor Windows Media Encoder (KB954156)
    Beveiligingsupdate voor Windows Media Encoder (KB979332)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player 11 (KB954154)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2124261)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2290570)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2296199)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2393802)
    Beveiligingsupdate voor Windows XP (KB2412687)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2436673)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB2476490)
    Beveiligingsupdate voor Windows XP (KB2476687)
    Beveiligingsupdate voor Windows XP (KB2478960)
    Beveiligingsupdate voor Windows XP (KB2478971)
    Beveiligingsupdate voor Windows XP (KB2479628)
    Beveiligingsupdate voor Windows XP (KB2479943)
    Beveiligingsupdate voor Windows XP (KB2481109)
    Beveiligingsupdate voor Windows XP (KB2483185)
    Beveiligingsupdate voor Windows XP (KB2485376)
    Beveiligingsupdate voor Windows XP (KB2485663)
    Beveiligingsupdate voor Windows XP (KB2503658)
    Beveiligingsupdate voor Windows XP (KB2503665)
    Beveiligingsupdate voor Windows XP (KB2506212)
    Beveiligingsupdate voor Windows XP (KB2506223)
    Beveiligingsupdate voor Windows XP (KB2507618)
    Beveiligingsupdate voor Windows XP (KB2508272)
    Beveiligingsupdate voor Windows XP (KB2508429)
    Beveiligingsupdate voor Windows XP (KB2509553)
    Beveiligingsupdate voor Windows XP (KB2510581)
    Beveiligingsupdate voor Windows XP (KB2511455)
    Beveiligingsupdate voor Windows XP (KB2524375)
    Beveiligingsupdate voor Windows XP (KB2535512)
    Beveiligingsupdate voor Windows XP (KB2536276)
    Beveiligingsupdate voor Windows XP (KB2544893)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB938464-v2)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB953155)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371-v2)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB970483)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB971961)
    Beveiligingsupdate voor Windows XP (KB972260)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB976323)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981349)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    Broadcom 440x 10/100 Integrated Controller
    Broadcom 802.11 WLAN-adapter
    CCleaner
    CDBurnerXP
    CeRegEditor 0.0.5.1
    Citrix XenApp Web Plugin
    Community Clips from Microsoft Office Labs
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    ConTEXT v0.98.6
    Crystal Corral
    Crystal Delivery
    Crystal Reports
    Crystal Reports Basic Runtime for Visual Studio 2008
    Crystal Reports XI Release 2
    CSSImport
    CutePDF Writer 2.7
    Defraggler
    Device Emulator 2.0 Preview
    DVDFab 6.2.0.5 (11/11/2009)
    Elektronische aangifte
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON Printer Software
    EPSON Scan
    EPSON SX420W Series Handboek
    EPSON SX420W Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup 3.2
    Exact CRW XI
    Exact Globe
    Exact Synergy
    Exact Synergy Enterprise
    Exact voor Windows
    ExamDiff 1.8 (Build 1.8.0.3)
    FileZilla (remove only)
    Google Chrome
    Hattrick Organizer (remove only)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows Media Player 11 (KB939683)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB942288-v3)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    HP Integrated Module with Bluetooth wireless technology
    HP Quick Launch Buttons 6.30 J1
    Intel(R) Graphics Media Accelerator Driver
    Jabra PC Suite 2.5.6
    Java Auto Updater
    Java(TM) 6 Update 26
    K-Lite Codec Pack 5.5.1 (Full)
    Lotus NotesSQL 2.06 driver
    LXEConnect
    Malwarebytes' Anti-Malware versie 1.51.0.1200
    McAfee AntiSpyware Enterprise Module
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Dutch Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office Communicator 2007 R2
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook Connector
    Microsoft Office Professional Editie 2003
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SOAP Toolkit 3.0
    Microsoft SQL Server 2000
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (SQL2005)
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2005 Reporting Services (SQL2005)
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Books Online
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services v1.0 (x86)
    Microsoft Sync Services for ADO.NET v2.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Virtual PC 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Windows CE 5.0 Emulator
    Mikogo
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Netwerkhandleiding EPSON SX420W Series
    Network Stumbler 0.4.0 (remove only)
    novaPDFProv4 (novaPDF 7.3 printer)
    Octoshape add-in for Adobe Flash Player
    Paint.NET v3.10
    Pervasive Software ODBC Interface (32-Bit)
    Pervasive.SQL 2000i Workstation
    Pervasive.SQL 2000i Workstation (SP4)
    RapidConfig 1.10
    Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
    Remote Forms Client
    Report Distribution Expert
    Seagull License Server 9.30
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    SQL Server 2008 R2 Analysis Services
    SQL Server 2008 R2 BI Development Studio
    SQL Server 2008 R2 Client Tools
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    SQL Server 2008 R2 Full text search
    SQL Server 2008 R2 Integration Services
    SQL Server 2008 R2 Management Studio
    SQL Server 2008 R2 Reporting Services
    Sql Server Customer Experience Improvement Program
    SyncToy 2.0 (x86)
    System Requirements Lab
    TeamViewer 5
    TeamViewer 6
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 7 (KB976749)
    Update voor Windows Internet Explorer 7 (KB980182)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB2467659)
    Update voor Windows XP (KB2541763)
    Update voor Windows XP (KB898461)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971029)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    Visionplanner Enterprise
    VMware Server
    VPN Client
    WebFldrs XP
    Winamp
    Winamp Applicatie Detect
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR
    .
    ==== End Of File ===========================
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll do my best, but Please do the scans in Eaglish if possible. I am a lot better at that than I am at Dutch!

    Questions
    1. Is this a work computer? Is there an IT available for the office?
    2. Does the ISP require this proxy setting? uInternet Settings,ProxyServer = proxy.vcd.nl:3128
    3. What is this?
    4. What is this?
  4. Gertak

    Gertak TS Rookie Topic Starter

    1. It is a work computer, but last time I had a virus, they decided to format my harddrive. I'm just hoping that you can help me :) (btw. I have admin rights)

    2. Setting isn't required anymore, actually proxy is turned off in the internet settings

    3. These are in my host file, required for a tool I don't use anymore. I can delete them if you want, but both ip's and server names are familiar, so I do not think they have anything to do with the google redirects.

    4. A complete installation of MS SQL 2008 Standard Edition R2 (legally)

    And next scans off course I will choose for English instead of Dutch - do you want me to do the MBAM-scan over in the English version?
  5. Gertak

    Gertak TS Rookie Topic Starter

    Forgot to mention: if you think that reinstalling Windows is the best option, then that's that's the sollution. But if my problem can be solved without the reinstalling, I would be very grateful for that.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Since this is a work computer with entries specifically relating to the work, it would be best to have the IT person handle it.

    Do I recommend a reformat/reinstall for a redirect? It depends on what the malware is and how bad the infection is. For some file infectors, we recommend immediate R/R- this could have been the case when the IT did that. But I will meet you half way.
    =============================================
    The malware I see is in the Java cache, so that needs to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===============================================
    Run the following- in English, please. If, after seeing the logs, I feel that I may be in over my head due to the work-related processes, I will let you know.
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  7. Gertak

    Gertak TS Rookie Topic Starter

    Hi Bobbye,

    Thank you for your reaction.


    I just started combofix (tried both links you gave) but Combofix just seems to take over the language of the system (which is Dutch, so Combofix also starts Dutch). Is there a way I can still start it in English to provide you an English log?
  8. Gertak

    Gertak TS Rookie Topic Starter

    Hi Bobbye,

    Just searched for a specific English-language of combofix, but couldn't find one.

    Attached is now the log (i'm sorry it's in Dutch), maybe it is already of any use for you (if you want me to translate it, please say so).

    One more note: I'm not afraid of 'killing' applications which I need for my work. I always can reinstall them if the don't work anymore. If my computer is formatted, I get it back with only Windows and Office installed, so it will cost me about 2 days to reinstall all my applications. I just trying to prevent this. All the application that are installed are mainly for testing purposes. Our live-applications all run in web- and terminal server environment.

    On to the log:
    Note that Combofix deleted some files Windows\System directory, starting with W3. That was my Btrieve engine. I will reinstall it after the cleaning process is done, but this is just to let you know that these files were not harmfull.

    The ESET-log will follow later (it's on 67% now after 1,5 hours scanning)

    ComboFix 11-06-30.05 - user 01-07-2011 18:18:05.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2327 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\user\Application Data\inst.exe
    c:\documents and settings\user\Application Data\Local
    c:\documents and settings\user\WINDOWS
    C:\System
    c:\windows\IsUn0413.exe
    c:\windows\system\olepro32.dll
    c:\windows\system\W32MAINT.DLL
    c:\windows\system\W32MAINT.EXE
    c:\windows\system\W32RBLD.DLL
    c:\windows\system\W32RBLD.EXE
    c:\windows\system\W3MONV75.DLL
    c:\windows\system\W3MONV75.EXE
    c:\windows\system32\Cache
    c:\windows\system32\test
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-06-01 to 2011-07-01 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-29 11:29 . 2011-06-29 11:29 -------- d-----w- c:\program files\Softland
    2011-06-29 10:59 . 2011-06-29 11:03 -------- d-----w- c:\program files\Common Files\Exact Shared
    2011-06-28 22:06 . 2011-06-29 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-06-28 19:43 . 2011-06-28 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-06-28 14:46 . 2011-06-28 14:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
    2011-06-28 14:11 . 2011-07-01 14:10 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
    2011-06-28 13:13 . 2011-06-28 13:21 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\GN_Netcom_A_S
    2011-06-28 13:13 . 2011-06-28 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Jabra
    2011-06-28 13:13 . 2011-06-28 13:13 -------- d-----w- c:\program files\Jabra
    2011-06-25 12:27 . 2011-06-25 12:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-22 14:32 . 2011-06-22 14:38 -------- d-----w- C:\expdos
    2011-06-22 14:28 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-22 14:28 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-22 14:28 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2011-06-22 14:28 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-06-15 22:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 07:11 . 2010-07-23 11:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2010-07-23 11:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-26 16:04 . 2011-05-26 16:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-04 02:52 . 2010-12-12 21:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 00:25 . 2010-12-12 21:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31 . 2009-09-09 12:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 15:44 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:44 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 15:44 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mikogo"="c:\documents and settings\user\Application Data\Mikogo\Mikogo-Host.exe" [2011-05-16 2748416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
    Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-9-15 1528880]
    Jabra Device Service.lnk - c:\program files\Jabra\Jabra PC Suite\JabraDeviceService.exe [2011-5-31 547840]
    Pervasive.SQL Workstation Engine.lnk - c:\pvsw\Bin\W3DBSMGR.EXE [2009-9-14 106564]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-9-9 81920]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\PVSW\\Bin\\W3DBSMGR.EXE"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
    "c:\\Documents and Settings\\user\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\BtSystem.Service.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\HistoryExplorer.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\ReprintConsole.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\SystemDatabaseWizard.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\SystemDatabaseSetup.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\Maestro.Service.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\License Server\\SLS.exe"=
    "c:\\Program Files\\Seagull\\BarTender Suite\\License Server\\SLSSrv.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
    "c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
    "c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\LXE\\LXEConnect\\LXEConnect.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048]
    R2 BarTender System Service;BarTender System Service;c:\program files\Seagull\BarTender Suite\BtSystem.Service.exe [21-9-2010 17:25 42392]
    R2 Commander Service;Commander Service;c:\program files\Seagull\BarTender Suite\CmdrSrv.exe [21-9-2010 17:47 2192832]
    R2 Maestro;Printer Maestro;c:\program files\Seagull\BarTender Suite\Maestro.Service.exe [21-9-2010 17:22 239000]
    R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26-8-2005 17:00 92880]
    R2 Seagull License Server;Seagull License Server;c:\program files\Seagull\BarTender Suite\License Server\SLSSrv.exe [21-9-2010 17:48 2196952]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20-10-2009 16:22 54960]
    R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20-10-2009 23:27 57344]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S2 ExactEntityService;Exact Entity Service;c:\exact\Globeprog\bin\Exact.Entity.WinService.exe [29-6-2011 13:00 13312]
    S2 ExactSynchronizationDispatcherMonitor_EG;Exact Globe Synchronization Dispatcher Monitor;c:\exact\Globeprog\bin\Exact.Synchronization.WinServiceHost.exe [29-6-2011 13:00 33792]
    S2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20-10-2009 16:21 322096]
    S3 B-Service;B-Service;c:\documents and settings\user\Application Data\Mikogo\B-Service.exe [16-5-2011 15:51 185640]
    S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [3-4-2010 12:57 214880]
    S3 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [3-4-2010 12:56 25768800]
    S3 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14-10-2005 4:51 28768528]
    S3 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [3-4-2010 13:56 42884448]
    S3 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14-10-2005 4:44 14552]
    S3 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [3-4-2010 12:56 1177952]
    S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14-10-2005 4:51 318680]
    S3 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [3-4-2010 13:56 367456]
    S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20-10-2009 16:22 29744]
    S4 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [3-4-2010 12:56 28512]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3-4-2010 13:56 44896]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2-12-2006 6:17 2805000]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3-4-2010 12:02 240608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-879983540-725345543-1003Core.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:46]
    .
    2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-879983540-725345543-1003UA.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:46]
    .
    2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{23F9ED3F-54DB-4285-893D-9FECE0BD87FE}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.vcd.nl/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy.vcd.nl:3128
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    LSP: c:\program files\VMware\VMware Server\vsocklib.dll
    Trusted Zone: css-solutions.nl\employee
    Trusted Zone: css-solutions.nl\rms
    Trusted Zone: nx7400
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: {146DFD40-7FC9-439B-BFD7-150058F59E33} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAIUninstall.CAB
    DPF: {26774F3E-5F15-4883-8394-89146270A8C7} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAddin.CAB
    DPF: {357BEB5B-DC01-44C2-B011-14048C3178B1} - hxxp://nx7400/SynergyNET/cab/DocParse2.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\g90bm0ht.default\
    FF - prefs.js: browser.startup.homepage - hxxp://138.evony.com/s.html?adv=www_evony_com_inde
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Notify-TPSvc - TPSvc.dll
    AddRemove-Evw2Uninstall - c:\windows\IsUn0413.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-01 18:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2011-07-01 18:26:32
    ComboFix-quarantined-files.txt 2011-07-01 16:26
    .
    Pre-Run: 9.943.281.664 bytes beschikbaar
    Post-Run: 10.090.094.592 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 7B0D0A8574F61C4630A3E83646DF6A81
  9. Gertak

    Gertak TS Rookie Topic Starter

    Hi Bobbye,

    ESET didn't find anything, so I have no log for that.

    Just rebooted my computer: nothing actually changed (slow start-up) but I accidentally noticed the following:
    When searching on the site www.google.com (actually it redirects me to www.google.nl) it all seems to work fine. But when searching starts in the 'standard search engine' bar (in the right top of the Internet Explorer, next to the adressbar) all the search results are redirected to other sites.....

    Does this ring any bells to you?

    EDIT: Forget the remark about the search bar - the problem seems to relate to the site i'm visiting.

    Example: I search google on 'browser hijack' - the first hit gives a link to the Microsoft-site, which is working. The second hit is an article on www.pcstats.com. If I just move my mouse over the link, I see it is linked to http://adsense.previewmediastation.com/........................... All the site which are redirecting, have a link to adsense???
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am not going to be able to work with you on this. I don't know why Combofix deleted the Pervasive (Btriev). Enries. Or why the system file c:\windows\system\olepro32.dll was also removed.

    I now see this entry:
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mikogo"="c:\documents and settings\user\Application Data\Mikogo\Mikogo-Host.exe" [2011-05-16 2748416]

    Mikogo-Host.exe is identified as a Trojan/Backdoor.
    But Mikogo alone is identified as a Mikogo is a free Remote Desktop tool for your Online Meeting

    The adsense link too me to http://www.google.com/
    ===================================
    You may not mind killing your work related processes, but I do. Between the language difference, unknown entries and work processes, this system is bet helped by the IT for the office. Unfortunately, some ITs don't know how to troubleshoot or don't want to take the time to do it, so they will frequently reformat/reinstall.

    I'm sorry I can't help you further. You can go ahead and remove the cleaning tools:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
  11. Gertak

    Gertak TS Rookie Topic Starter

    Ok, I understand. I will see if our IT-staff can do anything for me next week.

    Anyway, thanks for you help so far (I know you've tried and I imagine that it would never be easy for you when someone posts his logfile in Dutch and has a dozen of (probably) for you unknown applications :)
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. I am responsible for knowing the entry is legitimate and safe. One letter in an entry can change to completely. Trying to overcome a language I don't know & special work-related programs I am not familiar would be too time consuming and leave you short of valid assistance.

    Best of luck with the IT> Perhaps you can request he review what's on the system first and not just throw everything out!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.