Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Antivira AV virus - Help appreciated

This is a discussion on Antivira AV virus - Help appreciated within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there My pc picked up a nasty virus called Antivira AV rendering it pretty much useless. Itís a bogus


 
 
Thread Tools Search this Thread
Old 02-25-2011, 03:32 PM   #1
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Hi there

My pc picked up a nasty virus called Antivira AV rendering it pretty much useless. Itís a bogus virus scanner that automatically seems to close down Windows Defender and take over.

I canít use Internet Explorer and also canít go in the Task Manager, when I press Ctrl alt delete it auto closes down. I would very much like some assistance in getting rid of this thing.

I have a second laptop from which I can post this. Iíve ran the pre scans as described on this forum and transferred them over to this pc with a USB stick.

My dds log is below and the other two are attached. Itís worth mentioning I had to do the scan in Safe Mode because it would not work in normal mode, the virus blocked it. Additionally I tried to run Gmer 4 times (also in safe mode, doesn't work due to virus) but it kept freezing so I do not have that log right now unfortunatly

I donít have a Windows Install disc or a boot cd I think (if I do I have never had to use it in 4 years). Iíve already changed my internet banking security number.

Thanks in advance,

Jasper


DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Jasper van der Bliek at 23:45:22.40 on Wed 02/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.763 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jasper van der Bliek\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/campaign.asp?cid=16321
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:18810
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [pxyrmijq] c:\docume~1\jasper~1\locals~1\temp\vlxhsdivf\kwltryasika.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\noble poker\casino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - c:\program files\dreampokermpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-4-13 223128]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
S1 MpKslf9248d31;MpKslf9248d31;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66d53c4e-9f77-4f5e-aac7-a7d4e60eb251}\mpkslf9248d31.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66d53c4e-9f77-4f5e-aac7-a7d4e60eb251}\MpKslf9248d31.sys [?]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
S3 kbeepm;kbeepm;\??\c:\docume~1\jasper~1\locals~1\temp\kbeepm.sys --> c:\docume~1\jasper~1\locals~1\temp\kbeepm.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-2 40552]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\21923\RapportIaso.sys [2011-1-2 12928]

=============== Created Last 30 ================

2011-02-23 21:26:05 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6d78103f-42ad-463a-bdc4-f0af57afa283}\mpengine.dll
2011-02-07 15:35:21 -------- d-----w- c:\program files\Eidos Interactive
2011-01-25 21:44:43 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-01-25 21:44:35 -------- d-----w- c:\program files\Microsoft Security Client

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-04 13:07:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH rev.0085002A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x873D3EB0]<<
_asm { MOV EAX, 0x873d3dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x873d6a74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x87335AB8]
\Driver\Disk[0x87336B28] -> IRP_MJ_CREATE -> 0x873D3EB0
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x873d3eb0
user & kernel MBR OK
Warning: possible MBR rootkit infection !

============= FINISH: 23:48:49.56 ===============

Oh yes I forgot to say that one time I did manage to complete the GMER scan but I couldn't see a Save option?
Anyway, hope the issue can still be diagnosed.

Thanks,
Attached Files
File Type: txt Attach.txt (22.2 KB, 48 views)
Jvdbliek is offline  
Sponsored Links
Advertisement
 
Old 02-27-2011, 03:47 AM   #2
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Anyone have any wisdom for me? I know there are a number of other threads about this same issue but I don't really fancy messing around with Combofix etc if I am not sure what I am doing.

Thanks
Jasper
Jvdbliek is offline  
Old 02-28-2011, 06:46 PM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello Jasper. Thanks for your patience. If you've run any tools since your original post, please let me know.

As stated in our pre-posting sticky topic...

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Quote:
If you have more than one antivirus software installed, leave only ONE and uninstall the others
While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, McAfee and MS Security Essentials. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
If you choose to uninstall McAfee, also run this McAfee Removal Tool.


Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

-----------------------------------------------------------------------



Please Download Rootkit Unhooker Save it to your desktop.

https://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Attach the log in reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Sponsored Links
Advertisement
 
Old 03-01-2011, 12:25 AM   #4
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Thanks for the reply. No I have tried to run Gmer a few more times but I got a blue screen twice and the third time my pc frooze.

I can't do anything almost in normal mode as the virus seems to have completely taken over my machine, so will try to do the scan in safe mode.
I will download the tool from another pc and transfer with a USB stick.

I need to go to work now but can post the log this evening.
Thanks
Jasper
Jvdbliek is offline  
Old 03-01-2011, 01:26 AM   #5
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Managed to run the scan, the report is attached to this reply.

Jasper
Attached Files
File Type: txt Report.txt (4.4 KB, 50 views)
Jvdbliek is offline  
Old 03-01-2011, 07:06 AM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

-----------------------------------------------------------------------

For this next step, Normal Mode is preferred. If that is not possible, use Safe Mode with Networking, so there is a live internet connection.

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware. Please note: If the Recovery Console does NOT get installed, click on NO, do not continue, and let me know.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2011, 12:00 PM   #7
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Hi Tetonbob

Combofix ran fine I think. The log is pretty big so I am attaching it to this reply if that's ok.

I've re enabled Microsoft Security Essentials.
Jasper


ComboFix 11-02-28.07 - Jasper van der Bliek 03/01/2011 19:21:22.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.424 [GMT 0:00]
Running from: c:\documents and settings\Jasper van der Bliek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\LocalApp
c:\documents and settings\All Users\Application Data\Microsoft\LocalApp\alths.rc
c:\documents and settings\All Users\Application Data\Microsoft\LocalApp\msstr.exe
c:\documents and settings\Jasper van der Bliek\GoToAssistDownloadHelper.exe
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1B5C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc23.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc25.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc37.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc38.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc408.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc45.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc500.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccF1.tmp
C:\install.exe
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 19:09 . 2011-03-01 19:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFE373DF-2584-4734-8886-5D064A7607D2}\MpKsle426d480.sys
2011-03-01 09:15 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFE373DF-2584-4734-8886-5D064A7607D2}\mpengine.dll
2011-02-07 15:35 . 2011-02-07 15:35 -------- d-----w- c:\program files\Eidos Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-10 12:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-01-25 21:44 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-13 09:41 . 2010-08-29 01:26 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2004-08-10 12:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 12:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 12:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 12:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 12:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 12:51 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 12:51 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-10 12:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-10 12:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-04 13:07 . 2006-11-06 20:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13529088]
"nwiz"="nwiz.exe" [2008-07-02 1630208]
"NVHotkey"="nvHotkey.dll" [2008-07-02 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-09-13 1384448]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"NvMediaCenter"="NvMCTray.dll" [2008-07-02 86016]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-2 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-17 10:43 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jasper van der Bliek^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Jasper van der Bliek\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-13 19:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"0240841282990695mcinstcleanup"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/3/2010 10:43 PM 59240]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2007 9:58 PM 642560]
R1 MpKsle426d480;MpKsle426d480;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFE373DF-2584-4734-8886-5D064A7607D2}\MpKsle426d480.sys [3/1/2011 7:09 PM 28752]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [3/1/2010 5:56 PM 390528]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2/28/2011 7:23 PM 55224]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 10:43 PM 169320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 10:43 PM 767208]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4/13/2007 9:17 PM 223128]
S1 MpKslf9248d31;MpKslf9248d31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66D53C4E-9F77-4F5E-AAC7-A7D4E60EB251}\MpKslf9248d31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66D53C4E-9F77-4F5E-AAC7-A7D4E60EB251}\MpKslf9248d31.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 7:14 PM 136176]
S3 kbeepm;kbeepm;\??\c:\docume~1\JASPER~1\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\JASPER~1\LOCALS~1\Temp\kbeepm.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9/7/2009 2:55 PM 7680]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys [1/2/2011 8:37 PM 12928]
S4 0240841282990695mcinstcleanup;McAfee Application Installer Cleanup (0240841282990695);c:\docume~1\JASPER~1\LOCALS~1\Temp\024084~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\JASPER~1\LOCALS~1\Temp\024084~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLE426D480
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 19:14]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 19:14]

2011-03-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/campaign.asp?cid=16321
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:18810
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\Noble Poker\casino.exe
IE: {{D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - c:\program files\dreampokerMPP\MPPoker.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-01 19:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2014649741-3678257676-1454887063-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,5c,4a,70,90,ef,07,89,25,e4,fb,81,0b,ea,87,2a,be,c6,b2,03,0a,46,56,
46,ec,ef,2a,14,5e,83,35,f4,c6,97,d0,4d,bb,a1,d1,a5,0a,c7,ae,37,4c,63,e8,f1,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-2014649741-3678257676-1454887063-1006\Software\SecuROM\License information*]
"datasecu"=hex:7e,f1,5c,68,91,31,19,d2,5d,43,ea,33,9d,08,c8,e5,d4,cb,10,1c,33,
5b,5c,3c,54,3b,51,ad,b7,49,8f,85,d6,b9,13,80,fa,c3,f5,61,b8,6c,4b,11,f0,7e,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\hĖÄ|ˇˇˇˇ§ēÄ|ýēA~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-03-01 19:47:48
ComboFix-quarantined-files.txt 2011-03-01 19:47
ComboFix2.txt 2009-07-18 11:15

Pre-Run: 32,546,598,912 bytes free
Post-Run: 33,208,819,712 bytes free

- - End Of File - - 487C12FAB6A8A52D3592C06AA3EA49FE
Attached Files
File Type: txt log.txt (31.5 KB, 63 views)
Jvdbliek is offline  
Old 03-01-2011, 12:17 PM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi,

Unless the log won't post due to character limitations, I will prefer them posted and not attached, unless otherwise specified. Thanks.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2011, 12:27 PM   #9
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Ok sorry about that, here's the log:

2011-03-01 19:31:03 . 2011-03-01 19:31:03 9,225 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-01 19:16:28 . 2011-03-01 19:16:28 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-02-23 22:19:20 . 2011-02-23 22:19:20 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA5.tmp.vir
2011-02-22 22:15:10 . 2011-02-22 22:15:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA4.tmp.vir
2011-02-21 22:12:18 . 2011-02-21 22:12:18 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA3.tmp.vir
2011-02-20 20:59:48 . 2011-02-20 20:59:48 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA2.tmp.vir
2011-02-19 20:58:34 . 2011-02-19 20:58:34 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA1.tmp.vir
2011-02-18 20:57:12 . 2011-02-18 20:57:12 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA0.tmp.vir
2011-02-17 20:53:56 . 2011-02-17 20:53:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9F.tmp.vir
2011-02-16 20:53:34 . 2011-02-16 20:53:34 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9E.tmp.vir
2011-02-13 21:50:26 . 2011-02-13 21:50:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9D.tmp.vir
2011-02-12 21:48:38 . 2011-02-12 21:48:38 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9C.tmp.vir
2011-02-11 21:48:05 . 2011-02-11 21:48:05 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9B.tmp.vir
2011-02-10 21:03:18 . 2011-02-10 21:03:18 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9A.tmp.vir
2011-02-09 21:02:11 . 2011-02-09 21:02:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc99.tmp.vir
2011-02-08 19:03:56 . 2011-02-08 19:03:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc98.tmp.vir
2011-02-07 17:20:38 . 2011-02-07 17:20:38 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc97.tmp.vir
2011-02-06 17:16:19 . 2011-02-06 17:16:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc96.tmp.vir
2011-02-05 13:20:36 . 2011-02-05 13:20:36 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc95.tmp.vir
2011-02-03 21:15:26 . 2011-02-03 21:15:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc94.tmp.vir
2011-01-31 20:58:07 . 2011-01-31 20:58:07 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc93.tmp.vir
2011-01-30 14:07:24 . 2011-01-30 14:07:24 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc91.tmp.vir
2011-01-28 23:11:12 . 2011-01-28 23:11:12 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc90.tmp.vir
2011-01-25 21:33:36 . 2011-01-25 21:33:36 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8E.tmp.vir
2011-01-24 18:24:04 . 2011-01-24 18:24:04 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8D.tmp.vir
2011-01-23 11:30:00 . 2011-01-23 11:30:00 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8C.tmp.vir
2011-01-21 19:49:25 . 2011-01-21 19:49:25 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8B.tmp.vir
2011-01-19 20:55:46 . 2011-01-19 20:55:46 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8A.tmp.vir
2011-01-18 20:17:50 . 2011-01-18 20:17:50 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc89.tmp.vir
2011-01-17 19:56:44 . 2011-01-17 19:56:44 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc88.tmp.vir
2011-01-16 11:54:06 . 2011-01-16 11:54:06 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc87.tmp.vir
2011-01-15 02:37:35 . 2011-01-15 02:37:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc86.tmp.vir
2011-01-13 22:11:37 . 2011-01-13 22:11:37 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc85.tmp.vir
2011-01-12 22:10:47 . 2011-01-12 22:10:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc83.tmp.vir
2011-01-10 19:16:02 . 2011-01-10 19:16:02 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc82.tmp.vir
2011-01-09 11:51:49 . 2011-01-09 11:51:49 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc81.tmp.vir
2011-01-08 11:21:00 . 2011-01-08 11:21:00 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc80.tmp.vir
2011-01-06 22:47:31 . 2011-01-06 22:47:31 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7F.tmp.vir
2011-01-05 22:20:27 . 2011-01-05 22:20:27 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7E.tmp.vir
2011-01-04 22:16:23 . 2011-01-04 22:16:23 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7D.tmp.vir
2011-01-03 20:43:53 . 2011-01-03 20:43:53 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7C.tmp.vir
2011-01-02 20:41:21 . 2011-01-02 20:41:21 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7B.tmp.vir
2011-01-01 20:16:28 . 2011-01-01 20:16:28 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7A.tmp.vir
2010-12-31 20:13:40 . 2010-12-31 20:13:40 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc79.tmp.vir
2010-12-30 20:10:29 . 2010-12-30 20:10:29 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc78.tmp.vir
2010-12-29 20:04:24 . 2010-12-29 20:04:24 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc77.tmp.vir
2010-12-28 20:01:13 . 2010-12-28 20:01:13 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc76.tmp.vir
2010-12-23 21:49:05 . 2010-12-23 21:49:05 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc74.tmp.vir
2010-12-22 20:43:38 . 2010-12-22 20:43:38 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc73.tmp.vir
2010-12-20 19:05:36 . 2010-12-20 19:05:36 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc72.tmp.vir
2010-12-19 01:01:01 . 2010-12-19 01:01:01 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc71.tmp.vir
2010-12-17 21:12:53 . 2010-12-17 21:12:53 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc70.tmp.vir
2010-12-15 21:00:45 . 2010-12-15 21:00:45 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6F.tmp.vir
2010-12-14 20:59:25 . 2010-12-14 20:59:25 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6E.tmp.vir
2010-12-13 20:54:14 . 2010-12-13 20:54:14 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6D.tmp.vir
2010-12-12 14:05:30 . 2010-12-12 14:05:30 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6C.tmp.vir
2010-12-11 14:02:27 . 2010-12-11 14:02:27 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6B.tmp.vir
2010-12-09 2231 . 2010-12-09 2231 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6A.tmp.vir
2010-12-08 22:02:44 . 2010-12-08 22:02:44 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc69.tmp.vir
2010-12-06 20:31:53 . 2010-12-06 20:31:53 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc68.tmp.vir
2010-12-05 12:12:57 . 2010-12-05 12:12:57 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc67.tmp.vir
2010-12-04 10:05:00 . 2010-12-04 10:05:00 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc66.tmp.vir
2010-12-03 09:34:47 . 2010-12-03 09:34:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc65.tmp.vir
2010-12-01 09:02:31 . 2010-12-01 09:02:31 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc64.tmp.vir
2010-11-29 17:51:50 . 2010-11-29 17:51:50 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc63.tmp.vir
2010-11-28 17:51:07 . 2010-11-28 17:51:07 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc62.tmp.vir
2010-11-27 17:46:26 . 2010-11-27 17:46:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5F.tmp.vir
2010-11-26 17:42:55 . 2010-11-26 17:42:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5E.tmp.vir
2010-11-24 21:33:40 . 2010-11-24 21:33:40 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5D.tmp.vir
2010-11-23 21:32:30 . 2010-11-23 21:32:30 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5C.tmp.vir
2010-11-22 21:29:46 . 2010-11-22 21:29:46 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5B.tmp.vir
2010-11-21 21:25:25 . 2010-11-21 21:25:25 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5A.tmp.vir
2010-11-20 19:45:16 . 2010-11-20 19:45:16 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc59.tmp.vir
2010-11-19 18:38:48 . 2010-11-19 18:38:48 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc57.tmp.vir
2010-11-17 22:19:52 . 2010-11-17 22:19:52 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc45.tmp.vir
2010-11-16 22:16:22 . 2010-11-16 22:16:22 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc44.tmp.vir
2010-11-15 22:10:26 . 2010-11-15 22:10:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc42.tmp.vir
2010-11-14 22:10:00 . 2010-11-14 22:10:00 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc92.tmp.vir
2010-11-13 22:02:32 . 2010-11-13 22:02:32 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc41.tmp.vir
2010-11-12 22:02:11 . 2010-11-12 22:02:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc40.tmp.vir
2010-11-11 21:58:52 . 2010-11-11 21:58:52 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3E.tmp.vir
2010-11-10 20:51:11 . 2010-11-10 20:51:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc5.tmp.vir
2010-11-09 19:43:39 . 2010-11-09 19:43:39 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3C.tmp.vir
2010-11-08 11:17:37 . 2010-11-08 11:17:37 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3B.tmp.vir
2010-11-07 11:12:55 . 2010-11-07 11:12:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc36.tmp.vir
2010-11-05 18:02:05 . 2010-11-05 18:02:05 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc35.tmp.vir
2010-11-02 20:16:55 . 2010-11-02 20:16:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc31.tmp.vir
2010-10-31 11:39:55 . 2010-10-31 11:39:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc30.tmp.vir
2010-10-30 10:31:16 . 2010-10-30 10:31:16 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2F.tmp.vir
2010-10-28 20:58:23 . 2010-10-28 20:58:23 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2E.tmp.vir
2010-10-27 20:55:43 . 2010-10-27 20:55:43 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2D.tmp.vir
2010-10-26 18:15:18 . 2010-10-26 18:15:18 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2B.tmp.vir
2010-10-25 18:10:43 . 2010-10-25 18:10:43 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2A.tmp.vir
2010-10-24 18:04:25 . 2010-10-24 18:04:25 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc29.tmp.vir
2010-10-23 18:02:10 . 2010-10-23 18:02:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc28.tmp.vir
2010-10-22 18:01:47 . 2010-10-22 18:01:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc27.tmp.vir
2010-10-20 21:17:56 . 2010-10-20 21:17:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc26.tmp.vir
2010-10-19 21:14:58 . 2010-10-19 21:14:58 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc25.tmp.vir
2010-10-18 20:03:40 . 2010-10-18 20:03:40 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc24.tmp.vir
2010-10-17 20:00:56 . 2010-10-17 20:00:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc23.tmp.vir
2010-10-15 17:42:20 . 2010-10-15 17:42:20 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc22.tmp.vir
2010-10-13 08:24:39 . 2010-10-13 08:24:39 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc21.tmp.vir
2010-10-11 19:51:12 . 2010-10-11 19:51:12 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc20.tmp.vir
2010-10-10 10:02:24 . 2010-10-10 10:02:24 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1F.tmp.vir
2010-10-09 09:34:43 . 2010-10-09 09:34:43 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1D.tmp.vir
2010-10-07 19:24:06 . 2010-10-07 19:24:06 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc56.tmp.vir
2010-10-06 19:21:56 . 2010-10-06 19:21:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3A.tmp.vir
2010-10-05 19:17:05 . 2010-10-05 19:17:05 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3.tmp.vir
2010-10-04 20:42:56 . 2010-10-04 20:42:56 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1C.tmp.vir
2010-10-03 19:38:58 . 2010-10-03 19:38:58 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1B.tmp.vir
2010-09-29 18:28:54 . 2010-09-29 18:28:54 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1B5C.tmp.vir
2010-09-28 18:28:06 . 2010-09-28 18:28:06 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1A.tmp.vir
2010-09-27 18:26:32 . 2010-09-27 18:26:32 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc19.tmp.vir
2010-09-26 10:26:13 . 2010-09-26 10:26:13 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc18.tmp.vir
2010-09-25 09:58:11 . 2010-09-25 09:58:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc17.tmp.vir
2010-09-23 21:05:33 . 2010-09-23 21:05:33 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc15.tmp.vir
2010-09-21 18:35:27 . 2010-09-21 18:35:27 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc16.tmp.vir
2010-09-20 18:34:47 . 2010-09-20 18:34:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc14.tmp.vir
2010-09-17 17:54:07 . 2010-09-17 17:54:07 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc13.tmp.vir
2010-09-15 20:01:53 . 2010-09-15 20:01:53 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc12.tmp.vir
2010-09-14 19:23:43 . 2010-09-14 19:23:43 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc1E.tmp.vir
2010-09-13 19:22:11 . 2010-09-13 19:22:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc11.tmp.vir
2010-09-12 11:27:02 . 2010-09-12 11:27:02 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccF.tmp.vir
2010-09-10 17:37:15 . 2010-09-10 17:37:15 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8.tmp.vir
2010-09-08 21:28:52 . 2010-09-08 21:28:52 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc6.tmp.vir
2010-09-07 21:24:35 . 2010-09-07 21:24:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccD.tmp.vir
2010-09-06 21:19:47 . 2010-09-06 21:19:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc10.tmp.vir
2010-09-05 21:17:23 . 2010-09-05 21:17:23 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc9.tmp.vir
2010-09-04 21:16:28 . 2010-09-04 21:16:28 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccE.tmp.vir
2010-09-03 21:13:46 . 2010-09-03 21:13:46 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc7.tmp.vir
2010-09-02 21:10:47 . 2010-09-02 21:10:47 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccC.tmp.vir
2010-08-30 20:32:49 . 2010-08-30 20:32:49 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccB.tmp.vir
2010-08-29 20:31:08 . 2010-08-29 20:31:08 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA.tmp.vir
2010-08-27 20:00:31 . 2010-08-27 20:00:31 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc84.tmp.vir
2010-08-26 20:03:21 . 2010-08-26 20:03:21 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc61.tmp.vir
2010-08-25 20:01:41 . 2010-08-25 20:01:41 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc32.tmp.vir
2010-08-24 19:07:39 . 2010-08-24 19:07:39 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc55.tmp.vir
2010-08-23 19:11:35 . 2010-08-23 19:11:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc33.tmp.vir
2010-08-22 10:14:14 . 2010-08-22 10:14:14 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc54.tmp.vir
2010-08-21 09:18:05 . 2010-08-21 09:18:05 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc53.tmp.vir
2010-08-18 19:53:55 . 2010-08-18 19:53:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc38.tmp.vir
2010-08-17 1818 . 2010-08-17 1818 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc52.tmp.vir
2010-08-16 1635 . 2010-08-16 1635 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc500.tmp.vir
2010-08-15 16:07:06 . 2010-08-15 16:07:06 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc15E.tmp.vir
2010-08-14 16:05:33 . 2010-08-14 16:05:33 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc60.tmp.vir
2010-08-13 13:11:16 . 2010-08-13 13:11:16 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc75.tmp.vir
2010-08-12 08:32:49 . 2010-08-12 08:32:49 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3D.tmp.vir
2010-08-10 21:25:58 . 2010-08-10 21:25:58 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc39.tmp.vir
2010-08-09 19:31:52 . 2010-08-09 19:31:52 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc51.tmp.vir
2010-08-08 11:08:23 . 2010-08-08 11:08:23 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc37.tmp.vir
2010-08-07 10:12:43 . 2010-08-07 10:12:43 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc34.tmp.vir
2010-08-06 09:20:02 . 2010-08-06 09:20:02 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc50.tmp.vir
2010-08-01 14:13:21 . 2010-08-01 14:13:21 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4E.tmp.vir
2010-07-30 22:45:40 . 2010-07-30 22:45:40 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc46.tmp.vir
2010-07-29 19:38:21 . 2010-07-29 19:38:21 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccF1.tmp.vir
2010-07-28 19:35:30 . 2010-07-28 19:35:30 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccA8.tmp.vir
2010-07-27 19:37:12 . 2010-07-27 19:37:12 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4C.tmp.vir
2010-07-26 19:13:42 . 2010-07-26 19:13:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4B.tmp.vir
2010-07-25 17:44:17 . 2010-07-25 17:44:17 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc408.tmp.vir
2010-07-24 17:42:26 . 2010-07-24 17:42:26 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccD7.tmp.vir
2010-07-23 17:44:32 . 2010-07-23 17:44:32 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4A.tmp.vir
2010-07-21 20:02:28 . 2010-07-21 20:02:28 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc47.tmp.vir
2010-07-20 18:11:27 . 2010-07-20 18:11:27 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc3F.tmp.vir
2010-07-19 18:03:17 . 2010-07-19 18:03:17 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4F.tmp.vir
2010-07-17 23:19:23 . 2010-07-17 23:19:23 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc49.tmp.vir
2010-07-16 19:43:27 . 2010-07-16 19:43:27 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc8F.tmp.vir
2010-07-15 19:38:13 . 2010-07-15 19:38:13 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mccE4.tmp.vir
2010-07-14 19:36:37 . 2010-07-14 19:36:37 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc48.tmp.vir
2010-07-13 18:34:09 . 2010-07-13 18:34:09 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc58.tmp.vir
2010-07-12 13:11:39 . 2010-07-12 13:11:39 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc4D.tmp.vir
2010-07-09 19:19:35 . 2010-07-09 19:19:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc43.tmp.vir
2010-07-08 18:12:35 . 2010-07-08 18:12:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\Local Settings\Temporary Internet Files\mcc2C.tmp.vir
2009-11-07 13:35:57 . 2009-11-07 13:35:58 61,224 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jasper van der Bliek\GoToAssistDownloadHelper.exe.vir
2007-11-07 07:03:18 . 2007-11-07 07:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2004-08-10 12:50:55 . 2008-04-14 00:12:14 94,836 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\LocalApp\alths.rc.vir
2004-08-10 12:50:55 . 2008-04-14 00:12:14 2,560 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\LocalApp\msstr.exe.vir
Jvdbliek is offline  
Old 03-01-2011, 12:35 PM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Thanks!

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    Driver::
    kbeepm
    0240841282990695mcinstcleanup
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:18810
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000

    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2011, 02:41 PM   #11
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Hi Combofix finished, here is the log:

ComboFix 11-02-28.07 - Jasper van der Bliek 03/01/2011 21:57:38.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.458 [GMT 0:00]
Running from: c:\documents and settings\Jasper van der Bliek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jasper van der Bliek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0240841282990695MCINSTCLEANUP
-------\Legacy_KBEEPM
-------\Service_0240841282990695mcinstcleanup
-------\Service_kbeepm


((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 19:55 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDE9CD20-1317-4DB9-A70D-11027639AF84}\mpengine.dll
2011-02-07 15:35 . 2011-02-07 15:35 -------- d-----w- c:\program files\Eidos Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-10 12:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-01-25 21:44 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-13 09:41 . 2010-08-29 01:26 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2004-08-10 12:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 12:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 12:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 12:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 12:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 12:51 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 12:51 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-10 12:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-10 12:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-04 13:07 . 2006-11-06 20:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13529088]
"nwiz"="nwiz.exe" [2008-07-02 1630208]
"NVHotkey"="nvHotkey.dll" [2008-07-02 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-09-13 1384448]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"NvMediaCenter"="NvMCTray.dll" [2008-07-02 86016]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-2 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-17 10:43 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jasper van der Bliek^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Jasper van der Bliek\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-13 19:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"0240841282990695mcinstcleanup"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/3/2010 10:43 PM 59240]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2007 9:58 PM 642560]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [3/1/2010 5:56 PM 390528]
R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2/28/2011 7:23 PM 55224]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 10:43 PM 169320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 10:43 PM 767208]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4/13/2007 9:17 PM 223128]
S1 MpKsl2d72986d;MpKsl2d72986d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDE9CD20-1317-4DB9-A70D-11027639AF84}\MpKsl2d72986d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDE9CD20-1317-4DB9-A70D-11027639AF84}\MpKsl2d72986d.sys [?]
S1 MpKslf9248d31;MpKslf9248d31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66D53C4E-9F77-4F5E-AAC7-A7D4E60EB251}\MpKslf9248d31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66D53C4E-9F77-4F5E-AAC7-A7D4E60EB251}\MpKslf9248d31.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 7:14 PM 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9/7/2009 2:55 PM 7680]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys [1/2/2011 8:37 PM 12928]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 19:14]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 19:14]

2011-03-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/campaign.asp?cid=16321
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\Noble Poker\casino.exe
IE: {{D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - c:\program files\dreampokerMPP\MPPoker.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-01 22:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2014649741-3678257676-1454887063-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,5c,4a,70,90,ef,07,89,25,e4,fb,81,0b,ea,87,2a,be,c6,b2,03,0a,46,56,
46,ec,ef,2a,14,5e,83,35,f4,c6,97,d0,4d,bb,a1,d1,a5,0a,c7,ae,37,4c,63,e8,f1,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-2014649741-3678257676-1454887063-1006\Software\SecuROM\License information*]
"datasecu"=hex:7e,f1,5c,68,91,31,19,d2,5d,43,ea,33,9d,08,c8,e5,d4,cb,10,1c,33,
5b,5c,3c,54,3b,51,ad,b7,49,8f,85,d6,b9,13,80,fa,c3,f5,61,b8,6c,4b,11,f0,7e,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\hĖÄ|ˇˇˇˇ§ēÄ|ýēA~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(6500)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\system32\RunDLL32.exe
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-01 22:34:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-01 22:34
ComboFix2.txt 2011-03-01 19:47
ComboFix3.txt 2009-07-18 11:15

Pre-Run: 33,215,938,560 bytes free
Post-Run: 33,082,433,536 bytes free

- - End Of File - - B24BD60CA3EC3A7C9B3CD1C564F29ED4
Jvdbliek is offline  
Old 03-01-2011, 02:57 PM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good work. Next...

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-01-2011, 03:27 PM   #13
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Right here is the Malwarebytes log. There was one infected item, a trojan, which I removed.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5922

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2011 11:26:05 PM
mbam-log-2011-03-01 (23-26-05).txt

Scan type: Quick scan
Objects scanned: 165169
Time elapsed: 23 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Jvdbliek is offline  
Old 03-01-2011, 05:08 PM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good. Next steps...

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Quote:
3. Uninstall the following via Add or Remove Programs in Control Panel:

  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------


Your Java is out of date.

Java(TM) 6 Update 22 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Let me know if it does not.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-02-2011, 03:52 PM   #15
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Hi there

This is just a quick one to say I am still on this. The ESET scan is just taking very long so I will let it run overnight now and post the log tomorrow.
PC runs fine apart from it although it starts up much slower than before and it also takes a long time to load IE, so overall it's slowed down quite drastically from before the infection.

Thanks
Jasper
Jvdbliek is offline  
Old 03-03-2011, 12:21 AM   #16
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Hi, the scan finally finished so the log is below. I've also updated Java. As I said in the previous post the machine seems ok now but it does run slower particularly when starting up (takes like 5 mins now instead of 2-3 before) and when opening Internet Explorer.

Thanks
Jasper

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=5b303d1f79f5654c9a68d3068a35c774
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-03 01:25:55
# local_time=2011-03-03 01:25:55 (+0000, GMT Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 4850 11143053 0 0
# compatibility_mode=8192 67108863 100 0 3798 3798 0 0
# scanned=171241
# found=1
# cleaned=0
# scan_time=16968
C:\Documents and Settings\Jasper van der Bliek\Application Data\Sun\Java\Deployment\cache\6.0\14\2993370e-4721bdfd multiple threats (unable to clean) 00000000000000000000000000000000 I
Jvdbliek is offline  
Old 03-03-2011, 06:43 AM   #17
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



From a malware perspective, we should be done. Some machines never recover from infection. We can try clearing out temp files, which will also remove the find of Eset. You might also try disabling unnecessary startups. See this topic for additional suggestions

https://www.techsupportforum.com/secu...ning-slow.html




This tool cleans files from temp locations, and empties the Recycle Bin.

1. Download TFC (Temp File Cleaner) to your desktop, or other location.
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.


Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall
This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

---------------------------------------------------------------------------------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - Microsoft Windows Update
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here OSI - Consumer - Products for out of date & vulnerable common applications on your computer

  • https://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look here:
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-03-2011, 09:35 AM   #18
Registered Member
 
Join Date: Jul 2009
Posts: 19
OS: XP



Thanks, I will follow these last steps and have a look which of the free programs I could use.

I thought I'd reply now as it's likely I don't have time to do work on my home pc until the weekend.
I'd like to thank you for all the help, I really appreciate it, there was a point where I thought that was the end of that pc.

Thanks again
Jasper van der Bliek
Jvdbliek is offline  
Old 03-03-2011, 09:34 PM   #19
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



You're quite welcome, I'm happy to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Troubleshoot! A Virus. OH, NO!
:wave: Hello, This first time I have ever gotten a virus on my labtop since I've gotten it. Ugh, very fustrating, also, I'm the type of person whose a do it herself person, plus I literally have no money to spend on professional help or professional programs. I've spend quite a bit of...
Lishy Inactive Malware Help Topics 0 01-25-2011 11:57 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:56 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts