WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


DR/Delphi.gen trouble

2 posters

descriptionDR/Delphi.gen trouble EmptyDR/Delphi.gen trouble12th January 2010, 9:25 pm

more_horiz
I have a annoying problem and I hope you could help me. My avira is telling me that I have DR/delphi.gen in my C:\windows\temp\xxxx.tmp and I can't get rid of it. Here is my hijackthis log. Thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:30, on 12/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\HoeKey\HoeKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.119.220.171 www.vandewalle.be
O1 - Hosts: 85.119.220.171 www.ciac.be
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: ApacheMonitor.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Startup: HoeKey.lnk = C:\Program Files\HoeKey\HoeKey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15B5245A-54A8-4E76-9F60-CDB1DEC0FDA2}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9921 bytes

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble13th January 2010, 12:19 am

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 85.119.220.171 www.vandewalle.be
    O1 - Hosts: 85.119.220.171 www.ciac.be
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
DR/Delphi.gen trouble DXwU4
DR/Delphi.gen trouble VvYDg

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble13th January 2010, 5:05 pm

more_horiz
The virus is still popping up:

Malwarebytes' Anti-Malware 1.44
Database versie: 3554
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

13/01/2010 17:38:12
mbam-log-2010-01-13 (17-38-12).txt

Scan type: Snelle Scan
Objecten gescand: 113007
Verstreken tijd: 7 minute(s), 38 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble13th January 2010, 6:48 pm

more_horiz

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

DR/Delphi.gen trouble CF_download_FF

DR/Delphi.gen trouble 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
DR/Delphi.gen trouble DXwU4
DR/Delphi.gen trouble VvYDg

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble13th January 2010, 7:32 pm

more_horiz
Is it normal that it renamed itself again to combofix.exe after rebooting?

ComboFix 10-01-13.04 - Brecht 13/01/2010 20:11:51.2.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1043.18.2494.1068 [GMT 1:00]
Running from: c:\users\Brecht\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 19:24 . 2010-01-13 19:24 -------- d-----w- c:\users\Brecht\AppData\Local\temp
2010-01-13 19:24 . 2010-01-13 19:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-13 19:24 . 2010-01-13 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 06:19 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 06:19 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:28 . 2010-01-12 21:28 -------- d-----w- c:\program files\SQLyog Community
2010-01-12 20:13 . 2010-01-12 20:13 -------- d-----w- c:\program files\ESET
2010-01-09 14:15 . 2010-01-09 14:15 -------- d-----w- C:\elime
2009-12-29 16:56 . 2009-12-29 16:56 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-12-29 16:06 . 2009-12-29 16:09 -------- d-----w- c:\users\Brecht\.netbeans
2009-12-29 16:06 . 2009-12-29 16:06 -------- d-----w- c:\users\Brecht\.netbeans-registration
2009-12-29 16:03 . 2009-12-29 16:06 -------- d-----w- c:\program files\NetBeans 6.8
2009-12-29 16:01 . 2009-12-29 16:06 -------- d-----w- c:\users\Brecht\.nbi
2009-12-18 17:28 . 2009-12-18 17:28 -------- d-----w- c:\programdata\CyberLink
2009-12-18 17:28 . 2009-12-18 19:09 -------- d-----w- c:\users\Public\CyberLink
2009-12-18 17:28 . 2009-12-18 17:28 -------- d-----w- c:\users\Brecht\AppData\Roaming\CyberLink
2009-12-18 15:36 . 2009-12-18 15:37 -------- d-----w- c:\programdata\SmartSound Software Inc
2009-12-18 15:36 . 2009-12-18 15:36 -------- d-----w- c:\program files\SmartSound Software
2009-12-18 15:27 . 2009-12-18 15:38 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 19:06 . 2007-08-22 18:08 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 19:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 18:47 . 2007-09-11 16:57 -------- d-----w- c:\users\Brecht\AppData\Roaming\SQLyog
2010-01-13 18:38 . 2008-05-01 08:09 -------- d-----w- c:\users\Brecht\AppData\Roaming\MySQL
2010-01-12 21:27 . 2007-12-05 14:17 -------- d-----w- c:\program files\SQLyog Enterprise
2010-01-12 19:48 . 2007-08-22 18:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-12 19:39 . 2009-06-15 15:17 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-12 19:39 . 2009-06-15 15:17 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-12 19:39 . 2009-06-15 15:17 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-12 19:39 . 2009-06-15 15:17 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-12 19:39 . 2007-09-09 11:18 -------- d-----w- c:\program files\Java
2010-01-12 16:45 . 2008-06-08 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 16:44 . 2008-07-10 13:46 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 19:26 . 2008-09-29 08:30 -------- d-----w- c:\program files\FlashFXP
2010-01-11 06:44 . 2006-11-02 16:11 669950 ----a-w- c:\windows\system32\perfh013.dat
2010-01-11 06:44 . 2006-11-02 16:11 127650 ----a-w- c:\windows\system32\perfc013.dat
2010-01-07 15:07 . 2008-07-30 10:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-06-08 07:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 17:56 . 2008-12-10 21:25 -------- d-----w- c:\users\Brecht\AppData\Roaming\TortoiseSVN
2009-12-29 16:56 . 2008-12-10 20:19 -------- d-----w- c:\program files\TortoiseSVN
2009-12-26 10:02 . 2009-08-19 15:59 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-18 19:55 . 2009-10-24 11:09 -------- d-----w- c:\program files\avi.NET
2009-12-18 17:29 . 2007-08-21 22:12 107640 ----a-w- c:\users\Brecht\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-18 15:39 . 2007-08-22 16:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 20:01 . 2008-05-15 17:59 -------- d-----w- c:\users\Brecht\AppData\Roaming\FileZilla
2009-12-14 18:10 . 2009-12-14 18:10 108341 ----a-w- c:\users\Brecht\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2009-12-13 11:15 . 2009-12-13 11:15 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-13 11:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-13 11:14 . 2009-12-13 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-13 11:14 . 2009-12-13 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-12 18:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-12 18:35 . 2007-10-16 20:34 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-12 18:35 . 2007-10-16 20:34 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-08 19:27 . 2009-12-08 19:27 -------- d-----w- c:\program files\ElcomSoft
2009-12-07 20:59 . 2009-05-08 14:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 08:37 . 2008-07-31 21:14 -------- d-----w- c:\program files\Defraggler
2009-12-07 07:56 . 2007-12-11 18:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-06 23:44 . 2007-08-22 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-06 22:36 . 2007-09-09 16:00 -------- d-----w- c:\users\Brecht\AppData\Roaming\Azureus
2009-12-06 22:09 . 2008-01-06 11:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-06 22:08 . 2008-04-05 09:45 -------- d-----w- c:\program files\Sony Ericsson
2009-12-06 22:04 . 2009-10-10 11:47 -------- d-----w- c:\users\Brecht\AppData\Roaming\Panasonic
2009-12-06 21:53 . 2009-10-25 09:10 -------- d-----w- c:\program files\PDF Reader 2
2009-12-06 21:41 . 2007-11-10 14:46 -------- d-----w- c:\program files\Lightsmark 2007
2009-12-06 21:40 . 2008-10-06 20:24 -------- d-----w- c:\programdata\Apple Computer
2009-12-06 21:36 . 2009-11-12 21:09 -------- d-----w- c:\program files\HTC
2009-12-06 21:36 . 2009-11-12 21:13 -------- d-----w- c:\users\Brecht\AppData\Roaming\Teleca
2009-12-06 21:17 . 2009-07-10 06:15 -------- d-----w- c:\program files\Free Monitor for Google
2009-12-06 21:15 . 2008-03-02 19:48 -------- d-----w- c:\program files\Bonjour
2009-12-06 21:13 . 2008-10-06 20:22 -------- d-----w- c:\program files\Common Files\Apple
2009-12-06 21:10 . 2007-08-22 16:27 -------- d-----w- c:\program files\ASUS
2009-12-02 16:59 . 2008-09-05 20:41 -------- d-----w- c:\program files\Core Services
2009-11-29 20:20 . 2009-11-29 20:20 -------- d-----w- c:\program files\Microsoft
2009-11-29 20:19 . 2007-08-22 17:49 -------- d-----w- c:\program files\Windows Live
2009-11-29 20:17 . 2009-11-29 20:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-21 06:40 . 2009-12-13 10:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-13 10:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-13 10:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-13 10:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-11-27 06:24 872960 ----a-w- c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-11-27 06:24 43008 ----a-w- c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-27 06:24 340480 ----a-w- c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-27 06:24 346624 ----a-w- c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-18 17:31 . 2008-02-16 08:23 -------- d-----w- c:\program files\Google
2009-11-15 19:37 . 2009-11-15 19:37 -------- d-----w- c:\program files\eRightSoft
2009-11-09 12:31 . 2009-12-11 21:15 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 21:15 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 21:15 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 12:13 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 21:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-25 09:10 . 2009-10-25 09:10 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2009-10-24 16:36 . 2009-10-24 16:36 79872 ----a-w- c:\users\Brecht\AppData\Roaming\Azureus\updates\inst_1\aereg.dll
2007-11-05 06:54 . 2007-11-07 21:48 3564584 ----a-w- c:\program files\procexp.exe
2006-06-28 19:04 . 2006-06-28 19:04 108 --sha-r- c:\windows\neoqaz2.dll
2006-05-03 10:06 . 2009-11-15 19:37 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-11-15 19:37 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-11-15 19:37 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-12 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Brecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ApacheMonitor.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-9-5 41041]
HoeKey.lnk - c:\program files\HoeKey\HoeKey.exe [2005-1-6 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):80,2d,cf,3a,5b,7b,ca,01

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [18/09/2007 21:06 38448]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [15/06/2009 16:17 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [15/06/2009 16:17 29520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/05/2009 15:16 108289]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [5/09/2007 8:59 24635]
R2 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [19/02/2007 14:16 225280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/03/2008 21:53 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13/08/2007 3:51 5120]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [12/11/2009 12:18 27632]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [7/10/2007 10:12 685816]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usb.sys [31/05/2008 12:10 35712]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [15/11/2007 21:56 79360]
S3 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [19/02/2007 14:16 331776]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/04/2008 2:40 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [5/04/2008 10:49 13352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [28/06/2009 16:23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [28/06/2009 16:23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [28/06/2009 16:23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [28/06/2009 16:23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [28/06/2009 16:23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [28/06/2009 16:23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [28/06/2009 16:23 115752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22/02/2007 17:39 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236250710-4071071235-3460814677-1000Core.job
- c:\users\Brecht\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-27 16:28]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236250710-4071071235-3460814677-1000UA.job
- c:\users\Brecht\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-27 16:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hln.be/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: {15B5245A-54A8-4E76-9F60-CDB1DEC0FDA2} = 192.168.1.1
FF - ProfilePath - c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - component: c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\zovz708k.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Brecht\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.0.0\ZendStudio.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 20:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

[0] 0x00380000

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8639F618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a3a3d24
\Driver\ACPI -> acpi.sys @ 0x83c9ad68
\Driver\atapi -> ataport.SYS @ 0x83db5a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-236250710-4071071235-3460814677-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:20,1b,82,e9,da,eb,3d,3b,07,18,0f,e9,1c,41,b3,f9,b6,4a,16,6b,21,65,2c,
a2,3e,b8,5e,26,25,aa,ec,54,a5,80,e3,52,12,ff,dd,08,8a,0d,cd,73,a0,24,65,3f,\
"??"=hex:91,66,0b,df,8b,c2,5a,0c,f4,f6,b0,71,cd,8e,bc,12

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-13 20:30:14
ComboFix-quarantined-files.txt 2010-01-13 19:30
ComboFix2.txt 2010-01-12 21:07

Pre-Run: 152.295.755.776 bytes beschikbaar
Post-Run: 152.276.631.552 bytes beschikbaar

- - End Of File - - 734421CBB22AA45A5FC934D6ED72AB7A

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble14th January 2010, 12:13 am

more_horiz

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    DR/Delphi.gen trouble Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
DR/Delphi.gen trouble DXwU4
DR/Delphi.gen trouble VvYDg

descriptionDR/Delphi.gen trouble EmptyRe: DR/Delphi.gen trouble

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum