anti-spyware update problems + redirected search results problems

[mgiezen]

Dell Latitude D630 laptop
OS: Windows XP SP2
Antivirus: McAfee
Spyware: Adaware AE
Firewall: ZoneAlarm

Hi,

I'm having similar problems to many others that posted on this board recently, but slightly different nonetheless. It started 30/05/09 when the McAfee scanner-on-access found autorun.inf malware. I think I solved that problem, but when scanning the whole system, it found a NTOSKRNL-HOOK (generic rootkit.d! rootkit), which it doesn't remove, even if it says so (it keeps on coming back when scanning again). I have also tried to remove it permanently in safe mode and with system restore unabled....no succes.

The problems I am experiencing are redirected search engine results (in IE 7.0 and Google Chrome) and failed updates for Adaware AE (McAfee seems to update properly though). The redirecting problem goes away if I use Firefox (with no script and adblock plus added). Looking at earlier posts I tried to download some of the mentioned programs, which was no success however. Malwarebytes doesn't open (not when I change file extensions, neither with the renamer download), the same for Combofix, Hijack This and Superantispyware. CC cleaner did work and removed a lot of cookies. I also downloaded MGtools, which works and also gives me the Hijack This log. On the basis of the previous post on the topic I checked whether I could find any of the listed non-plug and play drivers...none found. I have downloaded DDS and have pasted the logs below...

I'd greatly appreciate all replies and help attempts
Thanks!
Marcel


----------------------------------------

DDS (Ver_09-05-14.01) - NTFSx86 
Run by Giezen at  0:22:26,61 on ma 01-06-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2038.1269 [GMT 2:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)   {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *disabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Giezen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Giezen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uva.nl/
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
uRun: [Google Update] "c:\documents and settings\giezen\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236700752682
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236700728597
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.188,85.255.112.167
TCP: {6AF58C23-899A-444C-AF34-7FDDEE3DDFFD} = 85.255.112.188,85.255.112.167
TCP: {7D3ACCC6-685D-4192-B743-D37D960F8E31} = 85.255.112.188,85.255.112.167
TCP: {90162A34-E962-4651-BCC4-539C4FD84BC2} = 85.255.112.188,85.255.112.167
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\giezen\applic~1\mozilla\firefox\profiles\y3fe47ov.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\giezen\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-31 64160]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-26 464264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2004-9-21 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-26 353672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-19 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-19 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-19 170408]
R3 PortDRv;PST Port I/O Driver;c:\windows\system32\drivers\PortDRv.sys [2002-10-25 7168]
R3 SRBoxDRv;PST Serial Response Box Driver;c:\windows\system32\drivers\SRBoxDRv.sys [2006-4-12 11776]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys --> c:\windows\system32\drivers\gtipci21.sys [?]
S3 OracleOra81ClientCache;OracleOra81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [2000-10-19 411244]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [2009-2-22 618112]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\drivers\SPCP825K.sys [2008-11-23 26624]

=============== Created Last 30 ================

2009-05-31 23:26   <DIR>   --d-h---   c:\windows\PIF
2009-05-31 22:55   <DIR>   --d-----   c:\program files\Malware
2009-05-31 22:45   144,001   a-------   C:\MGlogs.zip
2009-05-31 22:45   <DIR>   --d-----   C:\MGtools
2009-05-31 20:22   <DIR>   --d-----   c:\program files\Trend Micro
2009-05-31 19:56   1,341,837   a-------   C:\MGtools.exe
2009-05-31 18:30   64,160   a-------   c:\windows\system32\drivers\Lbd.sys
2009-05-31 18:30   <DIR>   -cd-h---   c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-31 17:27   <DIR>   --d-----   c:\program files\SpywareBlaster
2009-05-31 17:22   <DIR>   --d-----   c:\program files\CCleaner
2009-05-31 00:31   736   a-------   c:\windows\SamsungMaster.INI
2009-05-21 08:29   55,640   a-------   c:\windows\system32\drivers\avgntflt.sys
2009-05-21 07:58   18,816   a-------   c:\windows\system32\drivers\pccsmcfd.sys
2009-05-21 07:58   <DIR>   --d-----   c:\program files\PC Connectivity Solution
2009-05-18 08:06   3,247   a-------   c:\windows\system32\wbem\Outlook_01c9d77ec42b8330.mof

==================== Find3M  ====================

2009-03-27 16:56   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-03-18 05:44   8,749   a-------   c:\windows\mozver.dat
2009-03-18 05:44   118,784   a-------   c:\windows\GREUninstall.exe
2009-03-09 06:19   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-06 16:44   283,648   a-------   c:\windows\system32\pdh.dll
2009-03-03 02:18   826,368   a-------   c:\windows\system32\wininet.dll
2008-06-01 13:28   224,648   a-------   c:\program files\download-2008-06-01-13-28.log
2008-06-01 13:11   146,838   a-------   c:\program files\ltxmisc.tar.lzma
2008-06-01 13:11   486,472   a-------   c:\program files\makecirc.cab
2008-06-01 13:11   11,869   a-------   c:\program files\everypage.tar.lzma
2008-06-01 13:11   1,051,869   a-------   c:\program files\animate.tar.lzma
2008-06-01 13:11   21,738   a-------   c:\program files\figbib.cab
2008-06-01 13:11   1,335,509   a-------   c:\program files\pst-osci.cab
2008-06-01 13:11   13,668,230   a-------   c:\program files\tex-gyre.tar.lzma
2008-06-01 13:11   19,101   a-------   c:\program files\vrsion.cab
2008-06-01 13:10   35,200   a-------   c:\program files\splitbib.cab
2008-06-01 13:10   271,048   a-------   c:\program files\l2tabu-english.cab
2008-06-01 13:10   376,559   a-------   c:\program files\italian-doc.cab
2008-06-01 13:10   2,121,124   a-------   c:\program files\pst-func.tar.lzma
2008-06-01 13:10   21,219   a-------   c:\program files\srcltx.tar.bz2
2008-06-01 13:08   51,695   a-------   c:\program files\pandora.cab
2008-06-01 13:07   10,637   a-------   c:\program files\scale.cab
2008-06-01 13:04   506,527   a-------   c:\program files\tugboat.tar.lzma
2008-06-01 12:57   351,850   a-------   c:\program files\bgreek.tar.bz2
2008-06-01 12:56   81,257   a-------   c:\program files\tocloft.cab
2008-06-01 12:55   6,681   a-------   c:\program files\harmony.tar.bz2
2008-06-01 12:55   6,036   a-------   c:\program files\versions.cab
2008-06-01 12:55   280,534   a-------   c:\program files\miktex-dvipdfmx-base-2.7.tar.lzma
2008-06-01 12:55   21,489   a-------   c:\program files\progress.cab
2008-06-01 12:55   177,737   a-------   c:\program files\jkthesis.cab
2008-06-01 12:55   87,166   a-------   c:\program files\pst-soroban.tar.lzma
2008-06-01 12:55   14,459   a-------   c:\program files\mtbe.cab
2008-06-01 12:55   19,079   a-------   c:\program files\mflogo.cab
2008-06-01 12:53   142,614   a-------   c:\program files\urlbst.tar.bz2
2008-06-01 12:52   67,733   a-------   c:\program files\endfloat.cab
2008-06-01 12:51   12,320   a-------   c:\program files\fontch.tar.lzma
2008-06-01 12:50   36,963   a-------   c:\program files\parallel.cab
2008-06-01 12:49   44,279   a-------   c:\program files\register.tar.bz2
2008-06-01 12:48   465,380   a-------   c:\program files\mhchem.tar.bz2
2008-06-01 12:47   20,844   a-------   c:\program files\constants.tar.lzma
2008-06-01 12:46   2,000,380   a-------   c:\program files\beamer.tar.bz2
2008-06-01 12:45   35,155   a-------   c:\program files\directory.cab
2008-06-01 12:44   294,453   a-------   c:\program files\natbib.tar.lzma
2008-06-01 12:43   98,265   a-------   c:\program files\splines.tar.bz2
2008-06-01 12:42   1,127,520   a-------   c:\program files\lxfonts.tar.lzma
2008-06-01 12:42   22,474   a-------   c:\program files\ipa.cab
2008-06-01 12:42   129,030   a-------   c:\program files\a0poster.cab
2008-06-01 12:42   6,602,800   a-------   c:\program files\vntex.tar.bz2
2008-06-01 12:42   207,873   a-------   c:\program files\starfont.cab
2008-06-01 12:42   397,158   a-------   c:\program files\pst-circ.tar.lzma
2008-06-01 12:42   620,742   a-------   c:\program files\hepthesis.tar.lzma
2008-06-01 12:40   14,998   a-------   c:\program files\slidenotes.cab
2008-06-01 12:39   132,378   a-------   c:\program files\miktex-tex-bin-2.7.tar.lzma
2008-06-01 12:38   243,586   a-------   c:\program files\texdraw.cab
2008-06-01 12:38   51,083   a-------   c:\program files\simplecv.tar.bz2
2008-06-01 12:38   21,072   a-------   c:\program files\tensor.cab
2008-06-01 12:38   16,848   a-------   c:\program files\rotfloat.cab
2008-06-01 12:38   45,188,376   a-------   c:\program files\minitoc.tar.lzma
2008-06-01 12:34   183,906   a-------   c:\program files\lshort-french.cab
2008-06-01 12:34   18,136   a-------   c:\program files\foilhtml.cab
2008-06-01 12:34   44,020   a-------   c:\program files\euro.cab
2008-06-01 12:34   28,515,096   a-------   c:\program files\cjk-fonts.cab
2008-06-01 12:31   185,321   a-------   c:\program files\pst-stru.cab
2008-06-01 12:31   1,968,610   a-------   c:\program files\blindtext.tar.bz2
2008-06-01 12:31   24,630   a-------   c:\program files\abc.tar.lzma
2008-06-01 12:29   269,326   a-------   c:\program files\ebsthesis.tar.bz2
2008-06-01 12:28   87,188   a-------   c:\program files\faktor.cab
2008-06-01 12:27   91,471   a-------   c:\program files\tds.cab
2008-06-01 12:26   4,566   a-------   c:\program files\regcount.cab
2008-06-01 12:25   11,543   a-------   c:\program files\wallpaper.cab
2008-06-01 12:24   86,413   a-------   c:\program files\ted.tar.lzma
2008-06-01 12:23   2,969   a-------   c:\program files\harpoon.cab
2008-06-01 12:22   1,704,665   a-------   c:\program files\montex.cab
2008-06-01 12:22   283,085   a-------   c:\program files\lshort-ukrainian.cab
2008-06-01 12:22   298,370   a-------   c:\program files\cbcoptic.cab
2008-06-01 12:22   2,569,566   a-------   c:\program files\pst-3dplot.tar.lzma
2008-06-01 12:22   110,682   a-------   c:\program files\mathematica.cab
2008-06-01 12:22   84,028   a-------   c:\program files\l2tabu.cab
2008-06-01 12:22   2,898   a-------   c:\program files\hands.cab
2008-06-01 12:22   276,274   a-------   c:\program files\euproposal.tar.lzma
2008-06-01 12:22   9,088   a-------   c:\program files\grnumalt.cab
2008-06-01 12:22   39,205   a-------   c:\program files\tap.cab
2008-06-01 12:22   1,556,194   a-------   c:\program files\mh.tar.lzma
2008-06-01 12:22   13,025   a-------   c:\program files\onlyamsmath.cab
2008-06-01 12:22   13,158,414   a-------   c:\program files\lm.tar.lzma
2008-06-01 12:19   49,305   a-------   c:\program files\calligra.cab
2008-06-01 12:19   229,130   a-------   c:\program files\wp-conv.cab
2008-06-01 12:19   11,754   a-------   c:\program files\ut-thesis.cab
2008-06-01 12:19   22,738   a-------   c:\program files\stmaryrd.cab
2008-06-01 12:19   972,588   a-------   c:\program files\cmcyr.cab
2008-06-01 12:19   35,463   a-------   c:\program files\algorithms.cab
2008-06-01 12:19   50,258   a-------   c:\program files\mftinc.cab
2008-06-01 12:19   1,310,087   a-------   c:\program files\isodoc.tar.lzma
2008-06-01 12:19   116,548   a-------   c:\program files\exteps.tar.bz2
2008-06-01 12:19   293,714   a-------   c:\program files\blockdraw_mp.tar.bz2
2008-06-01 12:19   280,135   a-------   c:\program files\bangtex.cab
2008-06-01 12:19   96,643   a-------   c:\program files\subfigure.cab
2008-06-01 12:19   2,324,916   a-------   c:\program files\miktex-pdftex-doc-2.6.tar.bz2
2008-06-01 12:17   592,025   a-------   c:\program files\kuvio.cab
2008-06-01 12:16:59 A-------         7,353 c:\program files\texcount.tar.lzma

============= FINISH:  0:22:40,99 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21-9-2004 10:43:06
System Uptime: 6-1-2009 0:12:53 (3504 hours ago)

Motherboard: Dell Inc. |  | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 41,95 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 52,02 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell draadloze 1390 WLAN Mini-kaart
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Manufacturer: Broadcom
Name: Dell draadloze 1390 WLAN Mini-kaart #2
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer
Ad-Aware
Add-ons
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.4 - Nederlands
Adobe Shockwave Player
Advanced Network Diagramming
Advanced Network Diagramming Help
Advanced Network Diagramming Samples
ALPS Touch Pad Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoDiscovery and Layout
AutoDiscovery and Layout Help
AutoDiscovery and Layout Samples
Block Diagrams
Block Diagrams Help
Block Diagrams Samples
Bluetooth Stack for Windows by Toshiba
Borders and Backgrounds
Borders and Backgrounds Help
Broadcom Gigabit Integrated Controller
BTrieve
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Converter Samples
CAD Drawing Display
CAD Drawing Display Samples
Callouts and Connectors
Callouts and Connectors Help
CCleaner (remove only)
Cisco Systems VPN Client 5.0.03.0560
Citrix Program Neighborhood
Clip Art and Symbols
Clip Art and Symbols Help
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Custom Properties Editor
CutePDF Writer 2.5
Database Design
Database Design Help
Database Design Samples
Database Wizard
Database Wizard Samples
Dell Resource CD
Dell Wireless WLAN Card
Developing Visio Solutions
Developing Visio Solutions Help
Developing Visio Solutions VNOM Sample
Directory Services
Directory Services Help
Directory Services Samples
E-Prime 2.0
E-Prime 2.0 (2.0.1.109)
ELAN 2.5.1
EndNote X Volume License Edition
Flowcharts
Flowcharts Help
Flowcharts Samples
Forms and Charts
Forms and Charts Help
Forms and Charts Samples
Google Chrome
Graphics Filters
HASP SRM Run-time
Help for Visio 2000 (HTML Help)
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Internet Diagrams
Internet Diagrams Help
Internet Diagrams Samples
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
LDAP Driver
Maps
Maps Help
Maps Samples
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Integration
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Repository
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visio 2000 (IE)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Service Pack 3
MiKTeX 2.7
Mozilla Firefox (3.0.10)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
NDS Extensions
Nero Suite
Network Diagrams
Network Diagrams Help
Network Diagrams Samples
NTI Shadow
NVIDIA Drivers
Odyssey SDK
Office Layout
Office Layout Help
Office Layout Samples
Online Documentation
Organization Charts
Organization Charts Help
Organization Charts Samples
OZ776 SCR CardBus Windows Driver
OZ776 SCR Driver V1.1.3.9
Page Layout Wizard
PC Connectivity Solution
Pegasus Mail
Pinnacle Instant DVD Recorder
PowerDVD
Print ShapeSheet
Program Files
Program Files Enterprise
Program Files Enterprise Help
Program Files Help
Project Schedules
Project Schedules Help
Project Schedules Samples
Property Reporting Wizard
QuickTime
RealPlayer
Release Notes
Release Notes Enterprise
Sample Drawings
Samsung USB Driver
SAP Front End
Save as HTML
SecureW2 Client 3.1.2
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shape Explorer
Shape Explorer Help
SigmaTel AC97 Audio Drivers
SigmaTel Audio
Skype™ 3.8
SmartShape Wizard
Software Design
Software Design Help
Software Design Samples
Solutions
Sony USB Driver
SPCP825 USB to UART Adapter (3 pin) Driver Installer
SPSS 16.0 for Windows
SpywareBlaster 4.2
Stencil Report Wizard
Studio 11
TeXnicCenter Version 1 Beta 7.01 (Greengrass)
Trust 100K Series Webcam
UML Specification
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB925877)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB967715)
VBA
VC 9.0 Runtime
Visio
Visio Core Files
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinWordGen 1.0
Wireless-G Notebook Adapter
WorkPace 3.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

==== End Of File ===========================

[2x3i5x]

You might want to post a superantispyware log and a malwarebyte log. Evilfantasy, Broni or some other malware specialist of the forums can better assist you with all those on hand. (Malwarebyte and superantispyware are recommended antimalware software of computer hope)

Get superantispyware here: http://www.superantispyware.com/

Get malwarebyte here: http://www.malwarebytes.org/mbam.php

and for IE 7.0, have you tried resetting it? See link here: http://support.microsoft.com/kb/923737

[mgiezen]

Hi 2x3i5x,

Thanks for your reply and suggestions. a quick note on that from my side: I couldn't download the malwarebyte and superantispyware programs (already tried that). Anyway, I want to let you and the moderators/administrators of the forum know that the problems got worse since yesterday (can't access the internet at all anymore). The laptop is currently being used for work purpose as well (e.g. a VPN client), so I have decided to throw in the towel and reformat the disk (to not only keep myself secure, bit also the people I work with). I wanted to remove my topic here, but that seems impossible, so I kindly ask the moderators/administrators to close this topic. I want to thank all of you guys for taking the time and doing this work though! You are amazing and (unfortunately) very necessary...

take care,
Marcel

[2x3i5x]

good luck reformatting the drive, but did you try doing system restore on your pc to a date before the issues started happening or did it not work?

http://support.microsoft.com/kb/306084

[mgiezen]

Ha, yeah I tried that, but didn't work. Kind of resistant this spyware I have painfully learned...

thanks, Marcel

[2x3i5x]

Ha, yeah I tried that, but didn't work. Kind of resistant this spyware I have painfully learned...

thanks, Marcel

in another thought, have you tried going to safemode (particularly safemode with networking) and tried downloading stuff from that way? Maybe you can get superantispyware to download so you can install! 

Just if you can do that, and superantispyware can get you fixed, you'll save time not having to reinstall from scratch and superantispyware has fixed problems that other malware programs I've tried have not been able to (some others have detected problem but couldn't get rid of it)

[mgiezen]

Well, I tried some of that, but it didn't really got me anywhere...scans that found it in normal mode, wouldn't find it in safe mode (I didn't try superantispyware though). Thanks for your help again, but I still stick to my decision to reformat for now (I have plenty of backups of both files and programs), especially since experts seem to disagree whether malware removal programs are able to COMPLETELY remove all traces of rootkits. Again, if it was only me that was affected by this, I would probably be more willing to try and solve it in a less drastic way. I  just don't want to be that guy who infects the networks of others or allows people with bad intents to gain access to confidential information. I do know that from now on I'll start using the antivirus and anti-spyware programs recommended on this website and have combofix, hijack this etc. already installed BEFORE problems begin and you can't access the anymore...

- Marcel