LiveJasmin blokkeren

Quukske

08-08-2010 13:00

Goedemiddag,
Sinds een paar dagen als ik mijn pc opstart krijg ik na het welkomstscherm van XP, waar je je wachtwoord moet invoeren, een site met allemaal ontblote dames in beeld. Niet iedere keer, maar storend is het wel.
Livejasmin.com of zoiets.
Het wil me maar niet lukken om hier vanaf te komen.
Jullie hebben mij in het verleden al eens perfect geholpen, dus ik hoop dat jullie dat nu weer kunnen.
Ik heb alle stappen uit het voer dit eerst uit gedaan en hierbij mijn logjes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/8/2010 11:24:36 AM
mbam-log-2010-08-08 (11-24-36).txt
Scantype: Snelle scan
Objecten gescand: 146272
Verstreken tijd: 4 minuut/minuten, 0 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:52 PM, on 8/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: KHALMNPR.EXE
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: CTXFIHLP.EXE
O4 - HKLM\..\Run: “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU\..\Run: C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: C:\WINDOWS\system32\timesync.exe
O4 - HKCU\..\Run: “C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
O4 - HKUS\S-1-5-18\..\RunOnce: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User ‘Default user’)
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246735106250
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://92.51.137.94/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC101BB-7989-45A4-9A5F-5C21B64F6921}: NameServer = 192.168.178.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 13462 bytes
fazantje

09-08-2010 22:01

Hoi Quukske,
Ik zie zo geen bijzonderheden in jou logjes;)
Hoe staat jou pop up blokkering:S
Deze kun je vinden, als je internet hebt geopend, dan rechts boven aan op extra klikken, dan op pop up blokkering klikken.
Nu kun je de pop up blokkering inschakelen.
Staat ie al ingeschakeld, ga dan eens kijken in het menu van pop up blokkering. (instellingen voor pop up blokkeringen)
Laat dit even weten voor we evt verder moeten zoeken.
Succes,
Huib:)
Quukske

10-08-2010 06:40

Hoi Huib,
Ik neem aan dat pop up blokkering in IE8 staat? Die staat op gemiddeld.
Ik gebruik namelijk ook Firefox, daarin heb ik pop up blokkering ook aanstaan.
Ik ben gister voor mijn werk hele dag weg geweest en mijn vrouw zei dat ze gistermiddag toen ze de pc weer aanzette die site weer in beeld had.
Naar mijn mening heeft dit niets met een pop up blokkering te maken, daar de pc net aan het opstarten is. Maar ik kan er natuurlijk naast zitten.
Ik hoop op een berichtje van je,
Grt quukske
fazantje

10-08-2010 09:44

Hoi Quukske,
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het “NirCmd” venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post het logje van ComboFix samen met een nieuw HijackThis logje, en vertel hoe het met jou probleem is.
* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
Deze scan kan een poosje duren, dus denk niet van hij zit vast.
Succes,
Huib:)
Quukske

12-08-2010 19:56

Hoi Huib,
Net weer thuis van een paar dagen werk, maar volgens mijn vrouw is die site weer eens opgedoken tijdens starten.
Hierbij mijn logjes:
ComboFix 10-08-11.05 - Ronnie Maurix 08/12/2010 19:39:49.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2362
Running from: c:\documents and settings\Ronnie Maurix\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-08 10:54 . 2010-08-08 10:54 388096 —-a-r- c:\documents and settings\Ronnie Maurix\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-08 10:54 . 2010-08-08 10:54 ——– d—–w- c:\program files\Trend Micro
2010-08-04 19:22 . 2010-08-04 19:22 ——– d—–w- c:\program files\Common Files\Java
2010-08-04 19:10 . 2010-08-04 19:10 503808 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49853d07-n\msvcp71.dll
2010-08-04 19:10 . 2010-08-04 19:10 499712 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49853d07-n\jmc.dll
2010-08-04 19:10 . 2010-08-04 19:10 348160 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49853d07-n\msvcr71.dll
2010-08-04 19:10 . 2010-08-04 19:10 61440 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-131bebd9-n\decora-sse.dll
2010-08-04 19:10 . 2010-08-04 19:10 12800 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-131bebd9-n\decora-d3d.dll
2010-07-31 17:01 . 2010-07-31 17:01 ——– d—–w- c:\program files\The One Ring 3D Screensaver
2010-07-30 21:07 . 2010-07-30 21:07 ——– d–h–w- c:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2010-07-30 21:07 . 2010-07-30 21:07 2422684 —-a-w- c:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe
2010-07-30 21:06 . 2010-06-01 02:22 2594167 —-a-w- c:\documents and settings\All Users\Application Data\{B7FA0661-862B-4AE4-A12A-F08D226ED546}\Setup.exe
2010-07-30 21:06 . 2010-07-30 21:06 ——– d–h–w- c:\documents and settings\All Users\Application Data\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2010-07-30 05:17 . 2010-07-30 05:21 9885216 —-a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Centrale 1.19.02__\Centrale_PCApp_LA_1_19_02.exe
2010-07-30 04:49 . 2010-07-30 05:17 86046152 —-a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative ZEN X-Fi2 Firmware 1.21.05__\ZENX-Fi2_PCFW_L22_1_21_05.exe
2010-07-25 16:43 . 2010-07-25 16:43 ——– d—–w- c:\program files\Common Files\xing shared
2010-07-25 16:43 . 2010-07-25 16:43 ——– d—–w- c:\program files\real
2010-07-19 12:16 . 2010-08-12 14:38 65536 —-a-w- c:\documents and settings\Ronnie Maurix\timeset.exe
2010-07-19 12:16 . 2010-08-12 14:38 65536 —-a-w- c:\documents and settings\Ronnie Maurix\timeset.bin
2010-07-18 11:11 . 2010-05-26 20:10 36864 —-a-w- c:\windows\system32\timeset.exe
2010-07-18 11:11 . 2010-05-26 20:09 32768 —-a-w- c:\windows\system32\timesync.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 14:34 . 2009-07-04 16:17 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-04 19:22 . 2009-07-04 19:46 ——– d—–w- c:\program files\Java
2010-07-31 09:39 . 2009-07-04 18:57 70784 —-a-w- c:\documents and settings\Ronnie Maurix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 21:07 . 2009-07-05 11:44 ——– d—–w- c:\program files\Creative
2010-07-25 16:44 . 2010-07-25 16:44 49152 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-25 16:44 . 2010-07-25 16:44 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-25 16:44 . 2010-07-25 16:44 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-25 16:44 . 2010-07-25 16:44 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-25 16:44 . 2010-07-25 16:44 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-25 16:44 . 2010-07-25 16:44 40960 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-25 16:44 . 2010-07-25 16:44 308808 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-25 16:44 . 2010-07-25 16:44 14848 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-25 16:44 . 2010-07-25 16:44 341600 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-25 16:44 . 2009-07-07 20:20 ——– d—–w- c:\program files\Common Files\Real
2010-07-24 19:03 . 2010-01-16 13:45 ——– d—–w- c:\program files\McAfee
2010-07-18 11:14 . 2010-07-18 11:11 24 –sh–w- c:\windows\S7A83F33E.tmp
2010-07-17 03:00 . 2010-04-22 19:31 423656 —-a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:18 . 2010-01-16 13:45 120136 —-a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-13 11:50 . 2010-05-30 16:10 ——– d—–w- c:\program files\Common Files\Cloanto
2010-07-13 11:50 . 2010-05-30 16:10 ——– d—–w- c:\documents and settings\All Users\Application Data\Cloanto
2010-07-13 11:46 . 2010-06-06 20:30 ——– d—–w- c:\program files\VirtualFem
2010-07-13 06:06 . 2010-05-23 15:20 114688 —-a-w- c:\windows\system32\OpenAL32.dll
2010-07-13 06:06 . 2010-07-13 06:06 ——– d—–w- c:\documents and settings\LocalService\Application Data\Creative
2010-07-13 05:51 . 2009-07-05 12:01 ——– d—–w- c:\documents and settings\Ronnie Maurix\Application Data\Creative
2010-07-10 06:09 . 2010-07-10 06:09 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-07-06 17:22 . 2010-03-25 06:35 439816 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\Real\Update\setup3.10\setup.exe
2010-07-03 17:20 . 2010-07-03 17:02 ——– d—–w- c:\program files\JLC's Software
2010-07-03 17:02 . 2010-07-03 17:02 ——– d—–w- c:\documents and settings\Ronnie Maurix\Application Data\JLC's Software
2010-06-30 12:31 . 2004-08-04 12:00 149504 —-a-w- c:\windows\system32\schannel.dll
2010-06-26 08:06 . 2010-06-26 08:06 ——– d—–w- c:\documents and settings\Ronnie Maurix\Application Data\Nokia Ovi Suite
2010-06-26 08:06 . 2009-07-16 15:12 ——– d—–w- c:\documents and settings\Ronnie Maurix\Application Data\Nokia
2010-06-26 08:05 . 2010-06-26 08:05 0 —ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-06-26 08:05 . 2010-06-26 08:05 0 —ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-26 08:01 . 2010-06-26 08:01 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 08:01 . 2010-06-26 08:01 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-26 07:52 . 2010-06-26 07:52 ——– d—–w- c:\program files\Common Files\Nokia
2010-06-26 07:52 . 2010-06-26 07:50 ——– d—–w- c:\program files\Nokia
2010-06-26 07:52 . 2010-06-26 07:52 ——– d—–w- c:\program files\PC Connectivity Solution
2010-06-26 07:51 . 2010-06-26 07:51 12212040 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-26 07:51 . 2010-06-26 07:51 13930312 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-26 07:51 . 2010-06-26 07:51 77824 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 07:51 . 2010-06-26 07:51 38912 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-26 07:51 . 2010-06-26 07:51 38912 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-26 07:51 . 2010-06-26 07:51 50000 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 07:50 . 2010-06-26 07:50 ——– d—–w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-26 07:49 . 2010-06-26 07:51 103404272 —-a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-26 07:28 . 2010-06-26 07:28 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-26 07:28 . 2010-06-26 07:28 ——– d—–w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-25 04:34 . 2009-07-04 21:28 ——– d—–w- c:\documents and settings\All Users\Application Data\NOS
2010-06-24 17:18 . 2010-06-24 17:18 2568656 —-a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-24 12:22 . 2004-08-04 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 —-a-w- c:\windows\system32\win32k.sys
2010-06-22 16:24 . 2010-06-25 18:23 273351058 —-a-w- c:\windows\webgirl340.scr
2010-06-21 15:27 . 2004-08-04 12:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
2010-06-20 12:01 . 2010-06-20 11:55 217468 —-a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-20 12:01 . 2010-06-20 11:55 1 —-a-w- c:\windows\system32\nvdrssel.bin
2010-06-20 12:01 . 2010-06-20 11:55 217464 —-a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-07 15:35 . 2010-06-07 15:35 81920 —-a-w- c:\windows\system32\nvwddi.dll
2010-05-31 03:26 . 2010-07-30 21:02 311296 —-a-w- c:\documents and settings\All Users\Application Data\{B7FA0661-862B-4AE4-A12A-F08D226ED546}\offline\DA2189BB\FFC7909E\CTOrSync.exe
2010-05-30 09:56 . 2010-05-30 09:56 290816 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-30 09:56 . 2010-05-30 09:56 290816 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-30 09:56 . 2010-05-30 09:56 290816 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-30 09:56 . 2010-05-30 09:56 290816 —-a-w- c:\documents and settings\Ronnie Maurix\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-25 19:13 . 2010-05-23 15:20 413696 —-a-w- c:\windows\system32\wrap_oal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
“RemoteCenter”=“c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe”
“LogitechSoftwareUpdate”=“c:\program files\Logitech\Video\ManifestEngine.exe”
“NokiaOviSuite2”=“c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe”
“Creative MediaSource Go”=“c:\program files\Creative\MediaSource\Go\CTCMSGo.exe”
“timesync.exe”=“c:\windows\system32\timesync.exe”
“SoftAuto.exe”=“c:\program files\Creative\Software Update 3\SoftAuto.exe”
“NokiaMServer”=“c:\program files\Common Files\Nokia\MPlatform\NokiaMServer”
“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“SBDrvDet”=“c:\program files\Creative\SB Drive Det\SBDrvDet.exe”
“UpdReg”=“c:\windows\UpdReg.EXE”
“CTSysVol”=“c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe”
“CTDVDDET”=“c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“RemoteControl9”=“c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe”
“PDVD9LanguageShortcut”=“c:\program files\CyberLink\PowerDVD9\Language\Language.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“McENUI”=“c:\progra~1\McAfee\MHN\McENUI.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE”
“LogitechVideoRepair”=“c:\program files\Logitech\Video\ISStart.exe”
“LogitechVideoTray”=“c:\program files\Logitech\Video\LogiTray.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“CTHelper”=“CTHELPER.EXE”
“CTxfiHlp”=“CTXFIHLP.EXE”
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“SetDefaultMIDI”=“MIDIDEF.EXE”
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe
2009-07-20 11:28 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
@=“”
@=“”
@=“Service”
@=“Driver”
@=“”
@=“Service”
2009-02-28 17:40 75048 ——w- c:\program files\CyberLink\Shared Files\brs.exe
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe”=
“c:\\Program Files\\Mozilla Firefox\\firefox.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\java.exe”=
“c:\\Program Files\\Azureus\\Azureus.exe”=
“c:\\Program Files\\Ubisoft Entertainment\\Wheelman\\Binaries\\WheelmanGame-Final.exe”=
“c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe”=
“49465:TCP”= 49465:TCP:Azureus
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control ;c:\program files\CyberLink\PowerDVD9\000.fcl
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys
S3 USTOR;Intelligent Stick Manager 2;c:\windows\system32\drivers\UStork.sys
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
Contents of the ‘Scheduled Tasks’ folder
2010-01-06 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4254852250.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2010-05-14 c:\windows\Tasks\Mausjes08.job
- c:\windows\system32\ntbackup.exe
2010-05-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-07-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-08-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-329068152-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
2010-08-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-329068152-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {ECC101BB-7989-45A4-9A5F-5C21B64F6921} = 192.168.178.1
FF - ProfilePath - c:\documents and settings\Ronnie Maurix\Application Data\Mozilla\Firefox\Profiles\9hk0im0u.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.lu”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.nu”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.nz”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–p1ai”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbayh7gpa”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.tel”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.proxy.type”, 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.buffer.cache.count”, 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.buffer.cache.size”, 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.ipc.plugins.timeoutSecs”, 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accelerometer.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_broken”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.nptest.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npswf32.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npctrl.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled.npqtplugin.dll”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 19:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
“ImagePath”=“\??\c:\program files\CyberLink\PowerDVD9\000.fcl”
.
——————— LOCKED REGISTRY KEYS ———————
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“??”=hex:65,c4,db,e0,9d,6a,3b,bb,68,76,9f,cd,e7,bc,08,f5,4a,66,14,27,cb,8f,b6,
d3,d7,28,3c,63,c4,05,0f,19,b0,d4,bb,dd,60,66,bc,10,73,72,24,6a,e7,7f,be,db,\
“??”=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
“datasecu”=hex:35,a5,ea,aa,40,83,cf,b4,4a,2f,9e,58,7b,8c,18,72,8e,0b,dc,ad,fe,
81,af,8f,e4,2f,87,03,07,bf,60,54,e2,93,6b,00,24,e1,49,58,21,d3,61,7a,76,b8,\
“rkeysecu”=hex:e0,cc,6a,5c,55,6c,d2,8a,d3,17,9f,fe,2d,2a,47,9f
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > ‘winlogon.exe’(852)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > ‘explorer.exe’(3880)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-12 19:42:45
ComboFix-quarantined-files.txt 2010-08-12 17:42
ComboFix2.txt 2010-08-12 17:23
Pre-Run: 93,293,035,520 bytes free
Post-Run: 93,241,163,776 bytes free
- - End Of File - - F21BD66A9BA3CAAD611C00373BB12702
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:02 PM, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Documents and Settings\Ronnie Maurix\timeset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: KHALMNPR.EXE
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: CTXFIHLP.EXE
O4 - HKLM\..\Run: “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU\..\Run: C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: C:\WINDOWS\system32\timesync.exe
O4 - HKCU\..\Run: “C:\Program Files\Creative\Software Update 3\SoftAuto.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User ‘Default user’)
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246735106250
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://92.51.137.94/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC101BB-7989-45A4-9A5F-5C21B64F6921}: NameServer = 192.168.178.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 13259 bytes
Quukske

17-08-2010 09:09

FYI Huib,
Het is een ‘webpage dialog’ die opent in IE8. Dus het is geen volledige pagina met adresbalk enzo.
Maar ik klik in het begin nergens op. Komt bij het opstarten soms ineens spontaan op mn bureaublad.
Heb ergens gelezen dat dat via het register word aangestuurd??
vriendelijke groet, quukske
Ruudje

17-08-2010 14:21

2010-07-13 11:46 . 2010-06-06 20:30 ——– d—–w- c:\program files\VirtualFem
2010-06-22 16:24 . 2010-06-25 18:23 273351058 —-a-w- c:\windows\webgirl340.scr
Zou het hier aan kunnen liggen?
Quukske

22-08-2010 08:06

Hoi Ruudje,
Ik heb die 2 dingen verwijderd en het leek dat ik er vanaf was.
Maar vanmorgen zette ik de pc aan en nu tot 2x toe kwam deze “webpage dialog” weer opduiken.
De eerste keer toen ik Firefox aanklikte om het nieuws te gaan lezen (die webpage komt via IE8 en niet via FF, wat ik erg raar vind) en de 2e keer toen ik gewoon bezig was met surfen via FF.
Ik vind het erg irritant worden. Kan ik niet heel IE eraf gooien? Of gaat dat niet met XP-home?
Kevander

22-08-2010 15:32

LiveJasmin duikt hier regelmatig ook wel eens open.
fazantje

22-08-2010 15:59

Hoi Samen,
Ik zal straks ff verder kijken want ik ga nu eerst BBQ-en.
Groetjes Huib:)

1 2 3