problem with Click.GiftLoad

ken545 · May 26, 2011

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL



:Services

:Reg
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GHTJJGIN]





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

stapper · May 26, 2011

Here is the log file. Thanks in advance

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 128693 bytes
->Flash cache emptied: 2130 bytes

User: Patrick
->Temp folder emptied: 71404 bytes
->Temporary Internet Files folder emptied: 4183961 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32054514 bytes
->Flash cache emptied: 2058966 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2845 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 16576415 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56,00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05262011_075540

Files\Folders moved on Reboot...
C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\RDBWTYPZ\showthread[3].htm moved successfully.
C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\RDBWTYPZ\showthread[5].htm moved successfully.
C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

ken545 · May 26, 2011

How are things running now ?

stapper · May 26, 2011

verry good no problems speed is ok.

I suppose this is the happy end.

Thank you for all your time.

Now i have to convinced my wife that she has to be more carefull en use her own login and update her tools to keep it clean.

Again alot off thanks for your excellent guiding trough the cleaning process

Patrick

ken545 · May 26, 2011

Your welcome Patrick, do me one last favor, run scan with OTL and let me take one final look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

stapper · May 26, 2011

Hi,
I did already today a windows update and installed spywareblaster.
there were 2 updates that i diden't do Sql server express and Genuine advantage.

Here is the OTL.log
OTL logfile created on: 26/05/2011 17:35:39 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Patrick\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1023,39 Mb Total Physical Memory | 507,96 Mb Available Physical Memory | 49,64% Memory free
2,40 Gb Paging File | 2,11 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1535 2096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,78 Gb Total Space | 24,34 Gb Free Space | 43,64% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_DELL | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Patrick\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe (International Business Machines Corporation)
PRC - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Patrick\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DB2NTSECSERVER_DB2COPY1) DB2 Security Server (DB2COPY1) -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe (International Business Machines Corporation)
SRV - (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (BAsfIpM) -- C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)

========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (w29n51) Stuurprogramma voor Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 13:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 21:17:16 | 000,000,000 | ---D | M]

[2009/04/09 22:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2011/02/21 20:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gsdxxua1.default\extensions
[2010/10/11 21:00:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gsdxxua1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2005/03/13 07:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/25 18:05:05 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/11/25 18:05:05 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/11/25 18:05:05 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/11/25 18:05:05 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010/11/25 18:05:05 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011/05/26 07:55:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-464677283-1223472582-1953054680-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/13 15:06:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 12:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\SpywareBlaster
[2011/05/26 12:09:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/26 07:57:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/26 07:55:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 07:54:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureaublad\OTL.exe
[2011/05/26 07:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Bureaublad\Nieuwe map
[2011/05/26 00:01:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/25 22:57:46 | 000,000,000 | ---D | C] -- C:\mY_stuff
[2011/05/25 17:41:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/25 10:24:49 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Patrick\Bureaublad\ATF-Cleaner.exe
[2011/05/24 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/22 10:05:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/22 10:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011/05/22 10:04:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/22 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/22 10:02:51 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureaublad\mbam-setup.exe
[2011/05/21 11:44:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/21 11:40:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/21 11:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/21 11:40:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/21 11:40:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/21 11:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/21 11:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/20 18:15:05 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/20 18:14:49 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/20 18:14:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/20 18:09:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/20 18:08:33 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/19 08:02:57 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureaublad\TDSSKiller.exe
[2011/05/14 11:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mijn documenten\14-05-2011
[2011/05/14 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/14 11:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011/05/14 11:39:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureaublad\erunt-setup.exe
[2011/05/10 22:50:23 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Patrick\Bureaublad\aswMBR.exe
[2011/05/01 14:29:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/01 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\CCleaner
[2011/05/01 14:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1999/05/24 01:17:58 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 04:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 04:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 04:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 04:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 04:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/26 17:32:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 12:49:43 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\SpywareBlaster.lnk
[2011/05/26 12:30:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/26 12:29:34 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 12:29:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 12:29:00 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 12:26:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/26 12:13:48 | 000,559,088 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011/05/26 12:13:48 | 000,490,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 12:13:48 | 000,110,604 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011/05/26 12:13:48 | 000,090,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/26 07:55:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/26 07:54:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureaublad\OTL.exe
[2011/05/26 07:37:20 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\erunt.zip
[2011/05/25 10:24:50 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Patrick\Bureaublad\ATF-Cleaner.exe
[2011/05/23 18:49:13 | 004,353,829 | R--- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\ComboFix.exe
[2011/05/23 18:42:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 10:05:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/05/22 10:02:51 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureaublad\mbam-setup.exe
[2011/05/21 11:44:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/21 11:39:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\MBR.dat
[2011/05/19 08:02:37 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\tdsskiller.zip
[2011/05/18 08:48:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\Defogger.exe
[2011/05/17 20:39:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Patrick\Bureaublad\aswMBR.exe
[2011/05/17 20:38:38 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\Regfix.reg
[2011/05/14 23:45:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 11:50:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\ERUNT.lnk
[2011/05/14 11:40:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\dds.scr
[2011/05/14 11:39:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureaublad\erunt-setup.exe
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureaublad\TDSSKiller.exe
[2011/05/10 22:14:04 | 000,434,142 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110514-120905.backup
[2011/05/01 21:48:42 | 000,433,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110510-221404.backup
[2011/05/01 21:33:10 | 000,000,326 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/01 14:17:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/05/26 12:49:43 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\SpywareBlaster.lnk
[2011/05/26 07:37:16 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\erunt.zip
[2011/05/23 18:47:40 | 004,353,829 | R--- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\ComboFix.exe
[2011/05/22 10:05:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/05/21 11:44:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/21 11:44:27 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2011/05/21 11:40:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/21 11:40:17 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/21 11:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/21 11:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/21 11:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/19 08:02:33 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\tdsskiller.zip
[2011/05/18 08:48:28 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\Defogger.exe
[2011/05/17 20:40:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\MBR.dat
[2011/05/17 20:38:38 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\Regfix.reg
[2011/05/14 11:50:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\ERUNT.lnk
[2011/05/14 11:40:24 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\dds.scr
[2011/05/01 14:17:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2010/08/22 21:09:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/21 17:27:29 | 000,000,326 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/05 00:03:00 | 000,046,856 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/29 21:59:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/21 21:24:46 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/11/12 19:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/08/26 20:16:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\imagedit.ini
[2007/01/15 20:59:25 | 000,000,018 | ---- | C] () -- C:\WINDOWS\paswoord.INI
[2006/11/04 19:24:55 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/04 16:16:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/28 20:44:56 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 00:05:04 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/17 14:53:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2005/11/08 20:56:26 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/09/11 10:31:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/21 17:30:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/07/13 19:57:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WebOffer.exe
[2005/07/13 19:57:10 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\WebOffer.dll
[2005/06/20 22:48:45 | 000,000,763 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/20 22:48:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/06/20 22:48:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/06/20 22:09:43 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2005/06/20 19:46:19 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2005/06/16 18:26:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/16 18:23:59 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/16 18:21:30 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/06/16 18:21:30 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005/06/16 18:07:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/16 18:07:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/06/16 18:06:56 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/13 15:11:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/13 15:04:15 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 15:03:33 | 000,003,717 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/13 14:59:34 | 000,004,774 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/13 14:58:52 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/13 14:52:55 | 000,559,088 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2004/09/13 14:52:55 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2004/09/13 14:52:55 | 000,110,604 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2004/09/13 14:52:55 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2004/09/13 14:52:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/13 14:52:40 | 000,490,570 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/13 14:52:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/13 14:52:40 | 000,090,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/13 14:52:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/13 14:52:39 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/13 14:52:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/13 14:52:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/13 14:52:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/13 14:52:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/13 14:52:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/13 14:52:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2002/06/28 16:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/04/10 20:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2006/02/10 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/05/26 17:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/22 20:19:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/21 17:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greetje\Application Data\Imomx
[2009/08/16 10:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\ChessBase
[2005/12/27 21:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\HK-Software
[2008/05/27 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\IBM
[2006/05/12 15:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\RSC_Antwerpen
[2008/07/08 21:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Toad Data Modeler Freeware
[2005/06/23 08:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Van Dyke Technologies
[2010/06/21 19:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Widyo
[2011/05/26 12:30:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

stapper · May 26, 2011

Here is the extra's log

ÿþOTL Extras logfile created on: 26/05/2011 17:35:39 - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Patrick\Bureaublad

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1023,39 Mb Total Physical Memory | 507,96 Mb Available Physical Memory | 49,64% Memory free

2,40 Gb Paging File | 2,11 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 1535 2096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55,78 Gb Total Space | 24,34 Gb Free Space | 43,64% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_DELL | User Name: Patrick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.ini [@ = inifile] -- C:\Program Files\Boxer Text Editor\b.exe (Boxer Software)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software)

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

inifile [open] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"CCleaner" = CCleaner

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"SpywareBlaster_is1" = SpywareBlaster 4.4

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 18/05/2011 2:47:33 | Computer Name = LAPTOP_DELL | Source = crypt32 | ID = 131080

Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

opvragen van de automatische update van het basislijstvolgordenummer van derden

is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode

verlopen is.

Error - 19/05/2011 1:58:45 | Computer Name = LAPTOP_DELL | Source = crypt32 | ID = 131080

Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

opvragen van de automatische update van het basislijstvolgordenummer van derden

is mislukt met de fout: The connection with the server was terminated abnormally

Error - 19/05/2011 1:58:52 | Computer Name = LAPTOP_DELL | Source = crypt32 | ID = 131080

Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

opvragen van de automatische update van het basislijstvolgordenummer van derden

is mislukt met de fout: Deze netwerkverbinding bestaat niet.

Error - 19/05/2011 3:07:25 | Computer Name = LAPTOP_DELL | Source = Microsoft Fax | ID = 32045

Description = Fax Service kan niet worden geïnitialiseerd omdat de TAPI-apparaten

niet kunnen worden geïnitialiseerd. Controleer of de faxmodem is geïnstalleerd en

op de juiste wijze is geconfigureerd. Win32-foutcode: -2147483576. Deze foutcode

geeft de oorzaak van de fout aan.

Error - 19/05/2011 3:07:25 | Computer Name = LAPTOP_DELL | Source = VSS | ID = 8193

Description = Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen

van routine IEventSystem::Store. hr = 0x800706be.

Error - 19/05/2011 11:24:56 | Computer Name = LAPTOP_DELL | Source = Winlogon | ID = 1015

Description = Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt.

Statuscode: 00000000. De computer dient nu opnieuw te worden opgestart.

Error - 19/05/2011 11:37:55 | Computer Name = LAPTOP_DELL | Source = Winlogon | ID = 1015

Description = Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt.

Statuscode: 00000000. De computer dient nu opnieuw te worden opgestart.

Error - 24/05/2011 15:51:47 | Computer Name = LAPTOP_DELL | Source = crypt32 | ID = 131083

Description = Het uitpakken van een basislijst uit de cab voor automatische updates

is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als

gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende

bestand.

Error - 24/05/2011 15:51:47 | Computer Name = LAPTOP_DELL | Source = crypt32 | ID = 131083

Description = Het uitpakken van een basislijst uit de cab voor automatische updates

is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als

gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende

bestand.

Error - 26/05/2011 6:20:30 | Computer Name = LAPTOP_DELL | Source = MsiInstaller | ID = 10005

Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 2259.

The installer has encountered an unexpected error. The error code is 2259. Database:

Table(s) Update failed

[ System Events ]

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De DB2 Management Service (DB2COPY1)-service is onverwacht beëindigd.

Dit is nu 1 keer gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De DB2 Security Server (DB2COPY1)-service is onverwacht beëindigd.

Dit is nu 1 keer gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De NICCONFIGSVC-service is onverwacht beëindigd. Dit is nu 1 keer

gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De Firebird Guardian - DefaultInstance-service is onverwacht beëindigd.

Dit is nu 1 keer gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De RegSrvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De Firebird Server - DefaultInstance-service is onverwacht beëindigd.

Dit is nu 1 keer gebeurd.

Error - 26/05/2011 1:55:41 | Computer Name = LAPTOP_DELL | Source = Service Control Manager | ID = 7034

Description = De iPod-service-service is onverwacht beëindigd. Dit is nu 1 keer

gebeurd.

Error - 26/05/2011 5:48:32 | Computer Name = LAPTOP_DELL | Source = Dhcp | ID = 1001

Description = Deze computer heeft geen adres toegewezen gekregen van het netwerk

(door de DHCP-server) voor de netwerkkaart met netwerkadres 0013CE11886B. De volgende

fout is opgetreden: %%1223. De computer zal doorgaan om zelf een adres van de server

met netwerkadressen (DHCP-server) proberen te krijgen.

Error - 26/05/2011 6:15:06 | Computer Name = LAPTOP_DELL | Source = Windows Update Agent | ID = 20

Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,

foutcode 0x80070643: KB905474: Meldingen van Windows Genuine Advantage.

Error - 26/05/2011 6:23:03 | Computer Name = LAPTOP_DELL | Source = Windows Update Agent | ID = 20

Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,

foutcode 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).

< End of report >

ken545 · May 26, 2011

You still have infected copies of your Hosts file on your system

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
[2011/05/10 22:14:04 | 000,434,142 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110514-120905.backup
[2011/05/01 21:48:42 | 000,433,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110510-221404.backup


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

stapper · May 26, 2011

Here is the first one.

ÿþAll processes killed

========== PROCESSES ==========

========== OTL ==========

C:\WINDOWS\system32\drivers\etc\hosts.20110514-120905.backup moved successfully.

C:\WINDOWS\system32\drivers\etc\hosts.20110510-221404.backup moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /release /c >

Windows IP-configuratie

Er kan geen enkele bewerking op LAN-verbinding worden uitgevoerd als het medium ervan niet

is aangesloten.

Ethernet-adapter Draadloze netwerkverbinding:

Verbindingsspec. DNS-achtervoegsel:

IP-adres. . . . . . . . . . . . . : 0.0.0.0

Subnetmasker. . . . . . . . . . . : 0.0.0.0

Standaardgateway. . . . . . . . . :

Ethernet-adapter LAN-verbinding:

Status van medium . . . . . . . . : medium ontkoppeld

C:\Documents and Settings\Patrick\Bureaublad\cmd.bat deleted successfully.

C:\Documents and Settings\Patrick\Bureaublad\cmd.txt deleted successfully.

< ipconfig /renew /c >

Windows IP-configuratie

Er kan geen enkele bewerking op LAN-verbinding worden uitgevoerd als het medium ervan niet

is aangesloten.

Ethernet-adapter Draadloze netwerkverbinding:

Verbindingsspec. DNS-achtervoegsel: telenet.be

IP-adres. . . . . . . . . . . . . : 192.168.0.100

Subnetmasker. . . . . . . . . . . : 255.255.255.0

Standaardgateway. . . . . . . . . : 192.168.0.1

Ethernet-adapter LAN-verbinding:

Status van medium . . . . . . . . : medium ontkoppeld

C:\Documents and Settings\Patrick\Bureaublad\cmd.bat deleted successfully.

C:\Documents and Settings\Patrick\Bureaublad\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

C:\Documents and Settings\Patrick\Bureaublad\cmd.bat deleted successfully.

C:\Documents and Settings\Patrick\Bureaublad\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Greetje

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Patrick

->Temp folder emptied: 29783226 bytes

->Temporary Internet Files folder emptied: 9415758 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9986 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05262011_232559

Files\Folders moved on Reboot...

C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\WX42SNUQ\showthread[3].htm moved successfully.

C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

stapper · May 26, 2011

and here is the second

OTL logfile created on: 26/05/2011 23:32:03 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Patrick\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1023,39 Mb Total Physical Memory | 503,74 Mb Available Physical Memory | 49,22% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): C:\pagefile.sys 1535 2096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,78 Gb Total Space | 24,35 Gb Free Space | 43,66% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_DELL | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Patrick\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe (International Business Machines Corporation)
PRC - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Patrick\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (DB2NTSECSERVER_DB2COPY1) DB2 Security Server (DB2COPY1) -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe (International Business Machines Corporation)
SRV - (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (BAsfIpM) -- C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)

========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (w29n51) Stuurprogramma voor Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 13:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 21:17:16 | 000,000,000 | ---D | M]

[2009/04/09 22:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2011/02/21 20:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gsdxxua1.default\extensions
[2010/10/11 21:00:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gsdxxua1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2005/03/13 07:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/25 18:05:05 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/11/25 18:05:05 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/11/25 18:05:05 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/11/25 18:05:05 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010/11/25 18:05:05 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011/05/26 23:26:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/13 15:06:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 12:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\SpywareBlaster
[2011/05/26 12:09:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/26 07:57:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/26 07:55:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/26 07:54:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureaublad\OTL.exe
[2011/05/26 07:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Bureaublad\Nieuwe map
[2011/05/26 00:01:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/25 22:57:46 | 000,000,000 | ---D | C] -- C:\mY_stuff
[2011/05/25 17:41:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/25 10:24:49 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Patrick\Bureaublad\ATF-Cleaner.exe
[2011/05/24 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/22 10:05:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/22 10:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011/05/22 10:04:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/22 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/22 10:02:51 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureaublad\mbam-setup.exe
[2011/05/21 11:44:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/21 11:40:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/21 11:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/21 11:40:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/21 11:40:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/21 11:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/21 11:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/20 18:15:05 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/20 18:14:49 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/20 18:14:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/20 18:09:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/20 18:08:33 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/19 08:02:57 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureaublad\TDSSKiller.exe
[2011/05/14 11:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Mijn documenten\14-05-2011
[2011/05/14 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/14 11:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011/05/14 11:39:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureaublad\erunt-setup.exe
[2011/05/10 22:50:23 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Patrick\Bureaublad\aswMBR.exe
[2011/05/01 14:29:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/01 14:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\CCleaner
[2011/05/01 14:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1999/05/24 01:17:58 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 04:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 04:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 04:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 04:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 04:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/05/26 23:32:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 23:31:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 23:28:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/26 23:27:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 23:26:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/26 12:49:43 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\SpywareBlaster.lnk
[2011/05/26 12:29:00 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 12:26:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/26 12:13:48 | 000,559,088 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011/05/26 12:13:48 | 000,490,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 12:13:48 | 000,110,604 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011/05/26 12:13:48 | 000,090,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/26 07:54:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Bureaublad\OTL.exe
[2011/05/26 07:37:20 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\erunt.zip
[2011/05/25 10:24:50 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Patrick\Bureaublad\ATF-Cleaner.exe
[2011/05/23 18:49:13 | 004,353,829 | R--- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\ComboFix.exe
[2011/05/23 18:42:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 10:05:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/05/22 10:02:51 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Bureaublad\mbam-setup.exe
[2011/05/21 11:44:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/21 11:39:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\MBR.dat
[2011/05/19 08:02:37 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\tdsskiller.zip
[2011/05/18 08:48:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\Defogger.exe
[2011/05/17 20:39:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Patrick\Bureaublad\aswMBR.exe
[2011/05/17 20:38:38 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\Regfix.reg
[2011/05/14 23:45:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 11:50:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\ERUNT.lnk
[2011/05/14 11:40:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Patrick\Bureaublad\dds.scr
[2011/05/14 11:39:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Patrick\Bureaublad\erunt-setup.exe
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Patrick\Bureaublad\TDSSKiller.exe
[2011/05/01 21:33:10 | 000,000,326 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/01 14:17:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/05/26 12:49:43 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\SpywareBlaster.lnk
[2011/05/26 07:37:16 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\erunt.zip
[2011/05/23 18:47:40 | 004,353,829 | R--- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\ComboFix.exe
[2011/05/22 10:05:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/05/21 11:44:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/21 11:44:27 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2011/05/21 11:40:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/21 11:40:17 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/21 11:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/21 11:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/21 11:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/19 08:02:33 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\tdsskiller.zip
[2011/05/18 08:48:28 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\Defogger.exe
[2011/05/17 20:40:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\MBR.dat
[2011/05/17 20:38:38 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\Regfix.reg
[2011/05/14 11:50:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\ERUNT.lnk
[2011/05/14 11:40:24 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Patrick\Bureaublad\dds.scr
[2011/05/01 14:17:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2010/08/22 21:09:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/21 17:27:29 | 000,000,326 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/05 00:03:00 | 000,046,856 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/29 21:59:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/21 21:24:46 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/11/12 19:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/08/26 20:16:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\imagedit.ini
[2007/01/15 20:59:25 | 000,000,018 | ---- | C] () -- C:\WINDOWS\paswoord.INI
[2006/11/04 19:24:55 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/04 16:16:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/28 20:44:56 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/21 00:05:04 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/17 14:53:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2005/11/08 20:56:26 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/09/11 10:31:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/21 17:30:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/07/13 19:57:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WebOffer.exe
[2005/07/13 19:57:10 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\WebOffer.dll
[2005/06/20 22:48:45 | 000,000,763 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/20 22:48:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/06/20 22:48:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/06/20 22:09:43 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2005/06/20 19:46:19 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2005/06/16 18:26:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/16 18:23:59 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/16 18:21:30 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/06/16 18:21:30 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005/06/16 18:07:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/16 18:07:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/06/16 18:06:56 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/13 15:11:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/13 15:04:15 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 15:03:33 | 000,003,717 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/13 14:59:34 | 000,004,774 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/13 14:58:52 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/13 14:52:55 | 000,559,088 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2004/09/13 14:52:55 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2004/09/13 14:52:55 | 000,110,604 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2004/09/13 14:52:55 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2004/09/13 14:52:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/13 14:52:40 | 000,490,570 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/13 14:52:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/13 14:52:40 | 000,090,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/13 14:52:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/13 14:52:39 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/13 14:52:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/13 14:52:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/13 14:52:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/13 14:52:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/13 14:52:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/13 14:52:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2002/06/28 16:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

ken545 · May 26, 2011

Is your system running any better, any problems ?

stapper · May 27, 2011

Hi,

No problems. start-up speed and execcution speed is ok. Almost instanly internetconnection.
I think the laptop is an good condition now (i hope it stays that way).

Again thank you verry much for the excellent guiding trough the proces.
Do i have to install execpt a virus scan and spyware blaster and spybot (incl. Tea timer) ?.

Best regards

Patrick

ken545 · May 27, 2011

Hi,

You can keep Malwarebytes, its the free version, if you upgrade to the Pro version it includes a protection moduale that will block access to known bad sites, the cost is minimal but this is your call

ATF Cleaner is also free, I use it on my own systems about once a week to clean out the clutter.

Lets update your Java to make your system more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 25, if not proceed with the instructions.

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 25 <--The wording is confusing but this is what you need

Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

stapper · May 28, 2011

I could not uninstall Java 2 Runtime environmet,SE v1.4.2_03 from controll panel/software.
Instead i use JavaRa from sourceforge.
Its removed now, but there is stll an entry in controll panel/software
It seems that there is by alot of programs no poosibilty to remove them from the system via controll panel/software no remove button. weird

after a while i get an error "An unhandled win32 exception occured in jusched.exe [1412]. its something new, its started after the installation of the new java.

regards

Patrick

ken545 · May 28, 2011

First reboot your computer . Thats the Java update function, you can do it manually

http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

If it continues to give you problems go to Task Manager by pressing Ctrl. Alt. Del on your keyboard and click on the Process tab and end process on jusched.exe

stapper · May 30, 2011

Hi,

Its gonne now.

It seems that there ialot alot of programs in controll panel/software where is no no remove or change button button.
Only the programs installed before the cleaning have no button the others are ok.

strange

Regards

Patrick

ken545 · May 30, 2011

Patrick,

We just do malware removal on this forum, I would like you to post here for help with the problems your having with Add Remove Programs

http://forums.whatthetech.com/index.php?showforum=119

Post back and let me know if they helped you fix it

problem with Click.GiftLoad

ken545

Emeritus-Security Expert

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

ken545

Emeritus-Security Expert

stapper

New member

ken545

Emeritus-Security Expert