Resolved Google redirect

Status
Not open for further replies.
G

Gertak

Posts: 8   +0
Hi There,

Seems that my computer has a virus, symptons are:
* Google search results are redirected to other search engines or pages which hold an 404-error. After this 404 error the Windows XP Help-function is started. This happens in both Internet Explorer and Firefox, Google Chrome works fine.
* Starting of Windows XP looks like this:
-The Windows XP loading screen is shown
- After this, a black screen is shown for about 5 seconds, until the log-in screen is shown
- After logging in, my wallpaper is shown immediately. However, it takes about 1-2 minutes before the icons on the desktop and the taskbar is shown. During this process, the HD indicatorlight is not flashing. Task Manager doesn't start during this process, so I don't know if any processess are running.

I've already scanned my system with Malwarebytes, MCafee, MS Security Essentials and SuperAntiSpyware. Some malware was found (most were cookies) and delete, but the problem still exists. When searching for another spyware removal tool (yeah, I read the article in your forum: shouldn't do this :)) I found you forum and here I am.

I've already ran Malwarebytes, GMER and DDS, which gave me the following logs (the logs showed my username and computername, which are holding my real name. I changed my username in 'user' and my computername to 'NX7400' since I don't want to be find by Google relating to this topic :)
 
logs

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6987

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30-6-2011 19:47:11
mbam-log-2011-06-30 (19-47-11).txt

Scantype: Snelle scan
Objecten gescand: 219535
Verstreken tijd: 12 minuut/minuten, 25 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\documents and settings\user\local settings\Temp\jar_cache8917419490242344650.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


**********************
GMER-log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-30 20:00:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SBDO
Running: 3sbdr481.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\kwliauog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA0CE422B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA0CE41AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0CE4255]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA0CE41BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA0CE41EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0CE427F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA0CE4197]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0CE423F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA0CE41D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA0CE4201]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA0CE4217]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0CE4295]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA0CE4269]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

*******************************8





.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by user at 20:02:09 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2295 [GMT 2:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\user\Application Data\Mikogo\Mikogo-Host.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\PVSW\Bin\W3DBSMGR.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Exact\GLOBEP~1\BIN\e4slash.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
C:\Program Files\Seagull\BarTender Suite\License Server\SLSSrv.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vcd.nl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.vcd.nl:3128
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Mikogo] "c:\documents and settings\user\application data\mikogo\Mikogo-Host.exe"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\jabrad~1.lnk - c:\program files\jabra\jabra pc suite\JabraDeviceService.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\pervas~1.lnk - c:\pvsw\bin\W3DBSMGR.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: NoTrayItemsDisplay = 00000000
uPolicies-explorer: NoActiveDesktop = 01000000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware server\vsocklib.dll
Trusted Zone: css-solutions.nl\employee
Trusted Zone: css-solutions.nl\rms
Trusted Zone: nx7400
DPF: {146DFD40-7FC9-439B-BFD7-150058F59E33} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAIUninstall.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26774F3E-5F15-4883-8394-89146270A8C7} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAddin.CAB
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {357BEB5B-DC01-44C2-B011-14048C3178B1} - hxxp://nx7400/SynergyNET/cab/DocParse2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252507995828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://rms.css-solutions.nl/inc/kaxRemote.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 10.20.250.36 SQLEHV
Hosts: 10.20.170.4 win2kavaya
Hosts: 10.20.170.2 sc025261
Hosts: 10.20.250.44 sumehv_01
Hosts: 10.20.250.39 EX-EHV-01
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\g90bm0ht.default\
FF - prefs.js: browser.startup.homepage - hxxp://138.evony.com/s.html?adv=www_evony_com_inde
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-6-8 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-6-8 31848]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 BarTender System Service;BarTender System Service;c:\program files\seagull\bartender suite\BtSystem.Service.exe [2010-9-21 42392]
R2 Commander Service;Commander Service;c:\program files\seagull\bartender suite\CmdrSrv.exe [2010-9-21 2192832]
R2 Maestro;Printer Maestro;c:\program files\seagull\bartender suite\Maestro.Service.exe [2010-9-21 239000]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-9 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-6-8 54608]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880]
R2 Seagull License Server;Seagull License Server;c:\program files\seagull\bartender suite\license server\SLSSrv.exe [2010-9-21 2196952]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-20 54960]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2009-10-20 57344]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-9-9 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-9-9 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-9-9 177864]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 ExactEntityService;Exact Entity Service;c:\exact\globeprog\bin\Exact.Entity.WinService.exe [2011-6-29 13312]
S2 ExactSynchronizationDispatcherMonitor_EG;Exact Globe Synchronization Dispatcher Monitor;c:\exact\globeprog\bin\Exact.Synchronization.WinServiceHost.exe [2011-6-29 33792]
S2 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2009-10-20 322096]
S3 B-Service;B-Service;c:\documents and settings\user\application data\mikogo\B-Service.exe [2011-5-16 185640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-23 39984]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]
S3 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800]
S3 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]
S3 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2010-4-3 42884448]
S3 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
S3 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2009-10-20 29744]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-9-15 280344]
S4 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== Created Last 30 ================
.
2011-06-29 11:29:22 -------- d-----w- c:\program files\Softland
2011-06-29 10:59:26 -------- d-----w- c:\program files\common files\Exact Shared
2011-06-28 22:06:16 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-28 19:43:22 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-28 14:46:12 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
2011-06-28 14:11:44 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
2011-06-28 13:13:53 -------- d-----w- c:\documents and settings\user\local settings\application data\GN_Netcom_A_S
2011-06-28 13:13:53 -------- d-----w- c:\documents and settings\all users\application data\Jabra
2011-06-28 13:13:24 -------- d-----w- c:\program files\Jabra
2011-06-25 12:27:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-25 12:27:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-22 14:32:38 -------- d-----w- C:\expdos
2011-06-22 14:28:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-22 14:28:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-22 14:28:14 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-06-22 14:28:14 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-06-15 22:20:49 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 10:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-01 11:46:46 -------- d-----w- c:\program files\LXE
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 16:04:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:06 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:44:38 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:44:38 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:44:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:44:32 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:33 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 20:03:30,03 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9-9-2009 14:19:24
System Uptime: 30-6-2011 19:49:14 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A2
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | U10 | 1828/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 9,466 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP379: 22-4-2011 20:12:05 - Controlepunt van systeem
RP380: 22-4-2011 20:13:53 - Software Distribution Service 3.0
RP381: 23-4-2011 16:24:00 - Geïnstalleerd EpsonNet Setup 3.2
RP382: 23-4-2011 16:25:37 - Geïnstalleerd EpsonNet Print
RP383: 23-4-2011 16:26:34 - Installed ABBYY FineReader 9.0 Sprint
RP384: 23-4-2011 16:28:25 - Installed Epson Event Manager
RP385: 23-4-2011 16:29:34 - Microsoft Visual C++ 2005 Redistributable is verwijderd
RP386: 23-4-2011 16:30:41 - Geïnstalleerd Easy Photo Print Plug-in for PMB(Picture Motion Br
RP387: 25-4-2011 16:16:44 - Controlepunt van systeem
RP388: 27-4-2011 11:54:38 - Controlepunt van systeem
RP389: 28-4-2011 14:44:55 - Controlepunt van systeem
RP390: 3-5-2011 9:47:46 - Controlepunt van systeem
RP391: 4-5-2011 10:56:38 - Controlepunt van systeem
RP392: 5-5-2011 11:43:19 - Controlepunt van systeem
RP393: 9-5-2011 9:02:50 - Controlepunt van systeem
RP394: 10-5-2011 0:36:44 - Software Distribution Service 3.0
RP395: 11-5-2011 13:01:30 - Controlepunt van systeem
RP396: 13-5-2011 17:46:18 - Controlepunt van systeem
RP397: 13-5-2011 18:07:24 - Software Distribution Service 3.0
RP398: 15-5-2011 20:36:50 - Geïnstalleerd Microsoft Office Outlook Connector
RP399: 17-5-2011 12:31:56 - Controlepunt van systeem
RP400: 18-5-2011 12:57:26 - Controlepunt van systeem
RP401: 19-5-2011 17:32:11 - Controlepunt van systeem
RP402: 22-5-2011 20:54:30 - Controlepunt van systeem
RP403: 24-5-2011 11:39:11 - Controlepunt van systeem
RP404: 25-5-2011 12:19:34 - Controlepunt van systeem
RP405: 26-5-2011 12:59:11 - Controlepunt van systeem
RP406: 27-5-2011 17:20:55 - Controlepunt van systeem
RP407: 30-5-2011 21:46:54 - Printerstuurprogramma novaPDF 7 Printer Driver is geïnstalleerd
RP408: 30-5-2011 21:47:09 - Printerstuurprogramma novaPDF 7 Printer Driver is geïnstalleerd
RP409: 1-6-2011 12:14:13 - Controlepunt van systeem
RP410: 1-6-2011 13:46:45 - Installed LXEConnect
RP411: 7-6-2011 14:13:49 - Controlepunt van systeem
RP412: 8-6-2011 15:07:55 - Controlepunt van systeem
RP413: 9-6-2011 18:51:15 - Controlepunt van systeem
RP414: 16-6-2011 12:29:14 - Controlepunt van systeem
RP415: 18-6-2011 1:37:58 - Controlepunt van systeem
RP416: 20-6-2011 14:20:07 - Controlepunt van systeem
RP417: 21-6-2011 15:12:30 - Controlepunt van systeem
RP418: 23-6-2011 9:14:14 - Controlepunt van systeem
RP419: 24-6-2011 14:42:03 - Controlepunt van systeem
RP420: 25-6-2011 14:25:37 - Herstelbewerking
RP421: 26-6-2011 15:07:44 - Controlepunt van systeem
RP422: 27-6-2011 17:39:32 - Controlepunt van systeem
RP423: 28-6-2011 15:13:23 - Installed Jabra PC Suite 2.5.6
RP424: 28-6-2011 23:29:02 - Software Distribution Service 3.0
RP425: 29-6-2011 0:06:06 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP426: 29-6-2011 12:02:20 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP427: 29-6-2011 13:02:58 - Printerstuurprogramma novaPDF Pro Server 5 Pri is geïnstalleerd
RP428: 29-6-2011 13:03:14 - Printerstuurprogramma novaPDF Pro Server 5 Pri is geïnstalleerd
RP429: 30-6-2011 14:08:39 - Controlepunt van systeem
RP430: 30-6-2011 19:00:20 - Installed Java(TM) 6 Update 26
RP431: 30-6-2011 19:21:45 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2010
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5 - Nederlands
Adobe Shockwave Player 11.5
AdventureWorksBI
AdventureWorksDB
Agere Systems HDA Modem
AuthenTec Fingerprint Sensor Minimum Install
BarTender 9.3
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2530548)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381)
Beveiligingsupdate voor Windows Media Encoder (KB2447961)
Beveiligingsupdate voor Windows Media Encoder (KB954156)
Beveiligingsupdate voor Windows Media Encoder (KB979332)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2124261)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2290570)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2296199)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2436673)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476490)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2503665)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2510581)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB2535512)
Beveiligingsupdate voor Windows XP (KB2536276)
Beveiligingsupdate voor Windows XP (KB2544893)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953155)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371-v2)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB970483)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB971961)
Beveiligingsupdate voor Windows XP (KB972260)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB976323)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981349)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 WLAN-adapter
CCleaner
CDBurnerXP
CeRegEditor 0.0.5.1
Citrix XenApp Web Plugin
Community Clips from Microsoft Office Labs
Compatibiliteitspakket voor het 2007 Microsoft Office system
ConTEXT v0.98.6
Crystal Corral
Crystal Delivery
Crystal Reports
Crystal Reports Basic Runtime for Visual Studio 2008
Crystal Reports XI Release 2
CSSImport
CutePDF Writer 2.7
Defraggler
Device Emulator 2.0 Preview
DVDFab 6.2.0.5 (11/11/2009)
Elektronische aangifte
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Printer Software
EPSON Scan
EPSON SX420W Series Handboek
EPSON SX420W Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.2
Exact CRW XI
Exact Globe
Exact Synergy
Exact Synergy Enterprise
Exact voor Windows
ExamDiff 1.8 (Build 1.8.0.3)
FileZilla (remove only)
Google Chrome
Hattrick Organizer (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB942288-v3)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
HP Integrated Module with Bluetooth wireless technology
HP Quick Launch Buttons 6.30 J1
Intel(R) Graphics Media Accelerator Driver
Jabra PC Suite 2.5.6
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 5.5.1 (Full)
Lotus NotesSQL 2.06 driver
LXEConnect
Malwarebytes' Anti-Malware versie 1.51.0.1200
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Communicator 2007 R2
Microsoft Office Live Meeting 2007
Microsoft Office Outlook Connector
Microsoft Office Professional Editie 2003
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft SQL Server 2000
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQL2005)
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Reporting Services (SQL2005)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Books Online
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Windows CE 5.0 Emulator
Mikogo
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Netwerkhandleiding EPSON SX420W Series
Network Stumbler 0.4.0 (remove only)
novaPDFProv4 (novaPDF 7.3 printer)
Octoshape add-in for Adobe Flash Player
Paint.NET v3.10
Pervasive Software ODBC Interface (32-Bit)
Pervasive.SQL 2000i Workstation
Pervasive.SQL 2000i Workstation (SP4)
RapidConfig 1.10
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Remote Forms Client
Report Distribution Expert
Seagull License Server 9.30
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SQL Server 2008 R2 Analysis Services
SQL Server 2008 R2 BI Development Studio
SQL Server 2008 R2 Client Tools
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Full text search
SQL Server 2008 R2 Integration Services
SQL Server 2008 R2 Management Studio
SQL Server 2008 R2 Reporting Services
Sql Server Customer Experience Improvement Program
SyncToy 2.0 (x86)
System Requirements Lab
TeamViewer 5
TeamViewer 6
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 7 (KB976749)
Update voor Windows Internet Explorer 7 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2467659)
Update voor Windows XP (KB2541763)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
Visionplanner Enterprise
VMware Server
VPN Client
WebFldrs XP
Winamp
Winamp Applicatie Detect
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll do my best, but Please do the scans in Eaglish if possible. I am a lot better at that than I am at Dutch!

Questions
1. Is this a work computer? Is there an IT available for the office?
2. Does the ISP require this proxy setting? uInternet Settings,ProxyServer = proxy.vcd.nl:3128
3. What is this?
Hosts: 10.20.250.36 SQLEHV
Hosts: 10.20.170.4 win2kavaya
Hosts: 10.20.170.2 sc025261
Hosts: 10.20.250.44 sumehv_01
Hosts: 10.20.250.39 EX-EHV-01
Click to expand...
4. What is this?
SQL Server 2008 R2 Analysis Services
SQL Server 2008 R2 BI Development Studio
SQL Server 2008 R2 Client Tools
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Full text search
SQL Server 2008 R2 Integration Services
SQL Server 2008 R2 Management Studio
SQL Server 2008 R2 Reporting Services
Sql Server Customer Experience Improvement Program
Click to expand...
 
1. It is a work computer, but last time I had a virus, they decided to format my harddrive. I'm just hoping that you can help me :) (btw. I have admin rights)

2. Setting isn't required anymore, actually proxy is turned off in the internet settings

3. These are in my host file, required for a tool I don't use anymore. I can delete them if you want, but both ip's and server names are familiar, so I do not think they have anything to do with the google redirects.

4. A complete installation of MS SQL 2008 Standard Edition R2 (legally)

And next scans off course I will choose for English instead of Dutch - do you want me to do the MBAM-scan over in the English version?
 
Forgot to mention: if you think that reinstalling Windows is the best option, then that's that's the sollution. But if my problem can be solved without the reinstalling, I would be very grateful for that.
 
Since this is a work computer with entries specifically relating to the work, it would be best to have the IT person handle it.

Do I recommend a reformat/reinstall for a redirect? It depends on what the malware is and how bad the infection is. For some file infectors, we recommend immediate R/R- this could have been the case when the IT did that. But I will meet you half way.
=============================================
The malware I see is in the Java cache, so that needs to be emptied:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
===============================================
Run the following- in English, please. If, after seeing the logs, I feel that I may be in over my head due to the work-related processes, I will let you know.
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Hi Bobbye,

Thank you for your reaction.


I just started combofix (tried both links you gave) but Combofix just seems to take over the language of the system (which is Dutch, so Combofix also starts Dutch). Is there a way I can still start it in English to provide you an English log?
 
Hi Bobbye,

Just searched for a specific English-language of combofix, but couldn't find one.

Attached is now the log (i'm sorry it's in Dutch), maybe it is already of any use for you (if you want me to translate it, please say so).

One more note: I'm not afraid of 'killing' applications which I need for my work. I always can reinstall them if the don't work anymore. If my computer is formatted, I get it back with only Windows and Office installed, so it will cost me about 2 days to reinstall all my applications. I just trying to prevent this. All the application that are installed are mainly for testing purposes. Our live-applications all run in web- and terminal server environment.

On to the log:
Note that Combofix deleted some files Windows\System directory, starting with W3. That was my Btrieve engine. I will reinstall it after the cleaning process is done, but this is just to let you know that these files were not harmfull.

The ESET-log will follow later (it's on 67% now after 1,5 hours scanning)

ComboFix 11-06-30.05 - user 01-07-2011 18:18:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2327 [GMT 2:00]
Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\inst.exe
c:\documents and settings\user\Application Data\Local
c:\documents and settings\user\WINDOWS
C:\System
c:\windows\IsUn0413.exe
c:\windows\system\olepro32.dll
c:\windows\system\W32MAINT.DLL
c:\windows\system\W32MAINT.EXE
c:\windows\system\W32RBLD.DLL
c:\windows\system\W32RBLD.EXE
c:\windows\system\W3MONV75.DLL
c:\windows\system\W3MONV75.EXE
c:\windows\system32\Cache
c:\windows\system32\test
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-06-01 to 2011-07-01 ))))))))))))))))))))))))))))))
.
.
2011-06-29 11:29 . 2011-06-29 11:29 -------- d-----w- c:\program files\Softland
2011-06-29 10:59 . 2011-06-29 11:03 -------- d-----w- c:\program files\Common Files\Exact Shared
2011-06-28 22:06 . 2011-06-29 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-28 19:43 . 2011-06-28 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-28 14:46 . 2011-06-28 14:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2011-06-28 14:11 . 2011-07-01 14:10 -------- d--h--r- c:\documents and settings\user\Onlangs geopend
2011-06-28 13:13 . 2011-06-28 13:21 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\GN_Netcom_A_S
2011-06-28 13:13 . 2011-06-28 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Jabra
2011-06-28 13:13 . 2011-06-28 13:13 -------- d-----w- c:\program files\Jabra
2011-06-25 12:27 . 2011-06-25 12:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-22 14:32 . 2011-06-22 14:38 -------- d-----w- C:\expdos
2011-06-22 14:28 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-22 14:28 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-22 14:28 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-06-22 14:28 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-06-15 22:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-07-23 11:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-07-23 11:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 16:04 . 2011-05-26 16:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-12-12 21:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-12-12 21:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-09-09 12:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:44 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:44 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:44 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\documents and settings\user\Application Data\Mikogo\Mikogo-Host.exe" [2011-05-16 2748416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-9-15 1528880]
Jabra Device Service.lnk - c:\program files\Jabra\Jabra PC Suite\JabraDeviceService.exe [2011-5-31 547840]
Pervasive.SQL Workstation Engine.lnk - c:\pvsw\Bin\W3DBSMGR.EXE [2009-9-14 106564]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-9-9 81920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\PVSW\\Bin\\W3DBSMGR.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\Program Files\\Seagull\\BarTender Suite\\BtSystem.Service.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\HistoryExplorer.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\ReprintConsole.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\SystemDatabaseWizard.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\SystemDatabaseSetup.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\Maestro.Service.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\License Server\\SLS.exe"=
"c:\\Program Files\\Seagull\\BarTender Suite\\License Server\\SLSSrv.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\LXE\\LXEConnect\\LXEConnect.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048]
R2 BarTender System Service;BarTender System Service;c:\program files\Seagull\BarTender Suite\BtSystem.Service.exe [21-9-2010 17:25 42392]
R2 Commander Service;Commander Service;c:\program files\Seagull\BarTender Suite\CmdrSrv.exe [21-9-2010 17:47 2192832]
R2 Maestro;Printer Maestro;c:\program files\Seagull\BarTender Suite\Maestro.Service.exe [21-9-2010 17:22 239000]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26-8-2005 17:00 92880]
R2 Seagull License Server;Seagull License Server;c:\program files\Seagull\BarTender Suite\License Server\SLSSrv.exe [21-9-2010 17:48 2196952]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20-10-2009 16:22 54960]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20-10-2009 23:27 57344]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 ExactEntityService;Exact Entity Service;c:\exact\Globeprog\bin\Exact.Entity.WinService.exe [29-6-2011 13:00 13312]
S2 ExactSynchronizationDispatcherMonitor_EG;Exact Globe Synchronization Dispatcher Monitor;c:\exact\Globeprog\bin\Exact.Synchronization.WinServiceHost.exe [29-6-2011 13:00 33792]
S2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [20-10-2009 16:21 322096]
S3 B-Service;B-Service;c:\documents and settings\user\Application Data\Mikogo\B-Service.exe [16-5-2011 15:51 185640]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [3-4-2010 12:57 214880]
S3 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [3-4-2010 12:56 25768800]
S3 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14-10-2005 4:51 28768528]
S3 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [3-4-2010 13:56 42884448]
S3 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14-10-2005 4:44 14552]
S3 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [3-4-2010 12:56 1177952]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14-10-2005 4:51 318680]
S3 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [3-4-2010 13:56 367456]
S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [20-10-2009 16:22 29744]
S4 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [3-4-2010 12:56 28512]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3-4-2010 13:56 44896]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2-12-2006 6:17 2805000]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3-4-2010 12:02 240608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-879983540-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:46]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-879983540-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:46]
.
2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{23F9ED3F-54DB-4285-893D-9FECE0BD87FE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.vcd.nl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.vcd.nl:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
Trusted Zone: css-solutions.nl\employee
Trusted Zone: css-solutions.nl\rms
Trusted Zone: nx7400
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {146DFD40-7FC9-439B-BFD7-150058F59E33} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAIUninstall.CAB
DPF: {26774F3E-5F15-4883-8394-89146270A8C7} - hxxps://employee.css-solutions.nl/cab/SynergyOfficeAddin.CAB
DPF: {357BEB5B-DC01-44C2-B011-14048C3178B1} - hxxp://nx7400/SynergyNET/cab/DocParse2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\g90bm0ht.default\
FF - prefs.js: browser.startup.homepage - hxxp://138.evony.com/s.html?adv=www_evony_com_inde
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-TPSvc - TPSvc.dll
AddRemove-Evw2Uninstall - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-01 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2011-07-01 18:26:32
ComboFix-quarantined-files.txt 2011-07-01 16:26
.
Pre-Run: 9.943.281.664 bytes beschikbaar
Post-Run: 10.090.094.592 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7B0D0A8574F61C4630A3E83646DF6A81
 
Hi Bobbye,

ESET didn't find anything, so I have no log for that.

Just rebooted my computer: nothing actually changed (slow start-up) but I accidentally noticed the following:
When searching on the site www.google.com (actually it redirects me to www.google.nl) it all seems to work fine. But when searching starts in the 'standard search engine' bar (in the right top of the Internet Explorer, next to the adressbar) all the search results are redirected to other sites.....

Does this ring any bells to you?

EDIT: Forget the remark about the search bar - the problem seems to relate to the site i'm visiting.

Example: I search google on 'browser hijack' - the first hit gives a link to the Microsoft-site, which is working. The second hit is an article on www.pcstats.com. If I just move my mouse over the link, I see it is linked to http://adsense.previewmediastation.com/........................... All the site which are redirecting, have a link to adsense???
 
I am not going to be able to work with you on this. I don't know why Combofix deleted the Pervasive (Btriev). Enries. Or why the system file c:\windows\system\olepro32.dll was also removed.

I now see this entry:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\documents and settings\user\Application Data\Mikogo\Mikogo-Host.exe" [2011-05-16 2748416]
Mikogo-Host.exe is identified as a Trojan/Backdoor.
But Mikogo alone is identified as a Mikogo is a free Remote Desktop tool for your Online Meeting

The adsense link too me to http://www.google.com/
===================================
You may not mind killing your work related processes, but I do. Between the language difference, unknown entries and work processes, this system is bet helped by the IT for the office. Unfortunately, some ITs don't know how to troubleshoot or don't want to take the time to do it, so they will frequently reformat/reinstall.

I'm sorry I can't help you further. You can go ahead and remove the cleaning tools:
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Ok, I understand. I will see if our IT-staff can do anything for me next week.

Anyway, thanks for you help so far (I know you've tried and I imagine that it would never be easy for you when someone posts his logfile in Dutch and has a dozen of (probably) for you unknown applications :)
 
You're welcome. I am responsible for knowing the entry is legitimate and safe. One letter in an entry can change to completely. Trying to overcome a language I don't know & special work-related programs I am not familiar would be too time consuming and leave you short of valid assistance.

Best of luck with the IT> Perhaps you can request he review what's on the system first and not just throw everything out!
 
Status
Not open for further replies.

Similar threads

A
Google will introduce one-tap "Unsubscribe" in Gmail for Android
Replies
2
Views
202
Mr Majestyk
M
D
Could Google charge a fee for AI search results? We don't think so.
Replies
16
Views
189
Ecurb
Ecurb
M
Virus warning popup
Replies
1
Views
528
Mark Fuller
M

Latest posts

Back