Solved: How to get rid of CiD advertisements?

Gootmorik · 14-Jul-2009, 04:43 PM #1

Since a few days I have been experiencing CiD adertisement pop ups.

I have scanned and removed stuff with Norton but the ads keep on popping up.

I attach the HijackThis logfile to this message. Can anybody tell me what I should do to stop these annoying ads?

Thanks a lot!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:47, on 14/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easypowersearch.com/Searc...dSearchLang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\DOCUME~1\ERIKDE~1\MIJNDO~1\INTERN~1\IEBUTT~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\16GOOG~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [Army Online Move Tick] C:\Documents and Settings\All Users\Application Data\file cash army online\math rect.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [roamflap] C:\DOCUME~1\EDC\APPLIC~1\DVDLIC~1\moredrive.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-445553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://rabru.bakernet.com/dana-cach...erSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Settings Manager_Untrusted_BZ (ccSetMgr_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 16314 bytes

Gootmorik · 18-Jul-2009, 09:34 AM #2

they keep on popping up, please can anyone look into this?

jmw3 · 18-Jul-2009, 09:42 AM #3

Hello & Welcome to TechSupportGuy
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
In the meantime please note the following:

Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.
Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2

Double-Click on dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Gmer
Download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

Gootmorik · 20-Jul-2009, 01:18 PM #4

Thanks a lot for your assistance!! Herewith I am posting the requested log files.

I am doing this in two separate replies, since my messages were too long.

DDS (Ver_09-06-26.01) - NTFSx86
Run by EDC at 12:49:38,04 on ma 20/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.489 [GMT 2:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\EasySearch\SiteVacuumClient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\EDC\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Documents and Settings\EDC\Application Data\Juniper Networks\Cache Cleaner 6.2.0\dsCacheCleaner.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDC\Local Settings\Temporary Internet Files\Content.IE5\D2U0TZEX\dds[1].pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.euro.dell.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.easypowersearch.com/Search.html?SelectedSearchLang=NL
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: metaspinner media GmbH: {12fc9a49-cfe0-49aa-be9e-8f4eeafc9443} - c:\docume~1\erikde~1\mijndo~1\intern~1\IEBUTT~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Plus: {c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} - c:\progra~1\google~1\16GOOG~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [slide.exe] c:\program files\slide\Slide.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [roamflap] c:\docume~1\edc\applic~1\dvdlic~1\moredrive.exe
uRun: [Cache Cleaner] c:\documents and settings\edc\application data\juniper networks\cache cleaner 6.2.0\dsCacheCleaner.exe -action delete
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [wTask] c:\windows\media\LTaskup.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [V0250Mon.exe] c:\windows\V0250Mon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Belgacom] "c:\program files\belgacom\bin\sprtcmd.exe" /P Belgacom
mRun: [SiteVacuum] c:\program files\easysearch\SiteVacuumClient.exe
mRun: [Army Online Move Tick] c:\documents and settings\all users\application data\file cash army online\math rect.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [RestoreHostsFile] cscript "c:\\documents and settings\\all users\\application data\juniper networks\restore.vbs"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [rare] c:\program files\video activex access\imsmain.exe
mExplorerRun: [user32.dll] c:\program files\video activex access\iesmn.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-445553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rabru.bakernet.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: biocomputing: {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - c:\windows\system32\myqlejy.dll
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-13 130936]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-2-3 50312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-2-3 198304]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-2-3 235168]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-2-3 181920]
R2 navapsvc;Norton AntiVirus Auto-Protect-service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-2-3 177800]
R2 NNServ;NNServ;c:\program files\newdotnet\nnrun.exe [2007-11-8 5120]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-13 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-7-13 1095560]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NAVENG.Sy s [2009-7-16 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NavEx15 .Sys [2009-7-16 875728]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-2-3 338056]
S2 ccSetMgr_Untrusted_BZ;Symantec Settings Manager_Untrusted_BZ;"c:\virtual\untrusted\c_\program files\common files\symantec shared\ccsetmgr.exe" --> c:\virtual\untrusted\c_\program files\common files\symantec shared\ccSetMgr.exe [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-11-10 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-2-3 79520]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-7 29744]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-2-3 198368]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-3-15 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2008-3-15 6272]
=============== Created Last 30 ================
2009-07-20 11:54 40 a------- c:\windows\opt_2460.ini
2009-07-20 11:54 51 a------- c:\windows\brmx2001.ini
2009-07-20 11:54 0 a------- c:\windows\webica.ini
2009-07-20 11:49 <DIR> --d----- c:\docume~1\edc\applic~1\ICAClient
2009-07-20 11:48 <DIR> --d----- c:\program files\Citrix
2009-07-20 11:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2009-07-13 21:28 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-13 21:28 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-13 21:28 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-13 21:28 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-13 21:28 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-13 21:28 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-13 21:28 <DIR> --d----- c:\docume~1\edc\applic~1\PC Tools
2009-07-13 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-07-11 15:48 <DIR> a-d----- c:\program files\GooglePlusVideos
2009-07-11 15:29 <DIR> --d----- C:\Virtual
2009-07-11 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BufferZone
2009-07-11 15:27 <DIR> --d----- c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
2009-07-11 15:27 <DIR> --d----- c:\program files\securedie
2009-07-11 15:18 434,252 a------- c:\windows\system32\Msvcrtd.dll
2009-07-11 15:18 <DIR> --d----- c:\program files\Zapu
2009-07-11 14:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\file cash army online
2009-07-11 14:15 <DIR> --d----- c:\program files\Dvd License Dent
2009-07-11 14:15 <DIR> --d----- c:\docume~1\edc\applic~1\Dvd License Dent
2009-07-11 14:14 <DIR> --d----- c:\program files\EasySearch
2009-07-11 14:14 724,568 a------- c:\program files\BitTorrent Fastest Toolvlnet3.com_Installer.exe
2009-07-11 14:14 <DIR> --d----- c:\program files\BitTorrent Fastest Tool
2009-07-11 13:45 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 16:40 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 16:40 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 21:11 1,295,360 a------- c:\windows\system32\quartz.dll
2009-06-03 21:11 1,295,360 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 07:06 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-07 17:34 347,136 a------- c:\windows\system32\localspl.dll
2009-05-07 17:34 347,136 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 23:18 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 23:17 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 23:17 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 23:17 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 23:17 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 23:17 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 23:17 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 13:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-25 07:30 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-24 08:22 440,280 a------- c:\windows\system32\perfh013.dat
2009-04-24 08:22 68,840 a------- c:\windows\system32\perfc013.dat
2007-10-04 00:07 0 a------- c:\documents and settings\edc\Emails.dat
2008-09-20 17:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008092020080921\index.dat
============= FINISH: 12:51:02,48 ===============

Gootmorik · 20-Jul-2009, 01:20 PM #5

Herewith DDS attach and GMER attachment.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/09/2005 14:45:23
System Uptime: 20/07/2009 8:35:04 (4 hours ago)
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 12,36 GiB free.
Z: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP611: 23/04/2009 22:06:58 - Software Distribution Service 3.0
RP612: 24/04/2009 8:20:25 - Software Distribution Service 3.0
RP613: 25/04/2009 13:25:52 - Controlepunt van systeem
RP614: 12/05/2009 22:30:39 - Controlepunt van systeem
RP615: 17/05/2009 12:40:39 - Software Distribution Service 3.0
RP616: 21/05/2009 17:59:56 - Controlepunt van systeem
RP617: 24/05/2009 11:50:12 - Software Distribution Service 3.0
RP618: 31/05/2009 13:23:43 - Controlepunt van systeem
RP619: 1/06/2009 14:59:30 - Controlepunt van systeem
RP620: 6/06/2009 14:17:32 - Controlepunt van systeem
RP621: 8/06/2009 20:32:54 - Controlepunt van systeem
RP622: 13/06/2009 22:13:18 - Controlepunt van systeem
RP623: 14/06/2009 3:00:19 - Software Distribution Service 3.0
RP624: 18/06/2009 9:36:17 - Controlepunt van systeem
RP625: 20/06/2009 13:01:19 - Controlepunt van systeem
RP626: 21/06/2009 19:22:46 - Controlepunt van systeem
RP627: 23/06/2009 10:00:40 - Controlepunt van systeem
RP628: 26/06/2009 9:03:37 - Controlepunt van systeem
RP629: 27/06/2009 13:50:06 - Controlepunt van systeem
RP630: 30/06/2009 21:14:05 - Controlepunt van systeem
RP631: 4/07/2009 14:43:19 - Controlepunt van systeem
RP632: 11/07/2009 2:17:23 - Controlepunt van systeem
RP633: 11/07/2009 13:41:47 - Windows XP WgaNotify is geïnstalleerd.
RP634: 11/07/2009 13:44:15 - Installed Java(TM) 6 Update 13
RP635: 11/07/2009 15:19:15 - Geïnstalleerd: Microsoft Visual C++ 2005 Redistributable
RP636: 11/07/2009 18:07:57 - Removed BufferZone
RP637: 11/07/2009 18:09:58 - Removed BufferZone
RP638: 12/07/2009 18:26:33 - Controlepunt van systeem
RP639: 13/07/2009 19:44:29 - Controlepunt van systeem
RP640: 18/07/2009 13:01:14 - Software Distribution Service 3.0
RP641: 19/07/2009 14:34:42 - Controlepunt van systeem
RP642: 20/07/2009 11:48:44 - Installed MetaFrame Presentation Server Client
==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced Video FX Engine
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Belgacom Genius
Belgacom I-Talk
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB973346)
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs 2
Brother MFL-Pro Suite
CC_ccProxyExt
ccCommon
ccPxyCore
CiD Help
Conexant D110 MDC V.9x Modem
Creative-systeeminformatie
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
Creative Live! Cam Notebook Pro Handboek (Nederlands)
Creative Photo Calendar
Creative Photo Manager
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
Digital Line Detect
DV3300 PC CAMERA
eMule
Essentiële update voor Windows Media Player 11 (KB959772)
Google Desktop
Google Earth
Google Video Player
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Host Checker
Juniper Networks Network Connect 5.2.0
Last.fm 1.5.4.24567
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
mCore
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Editie 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSRedist
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
New.net Domains 8.0 build 846
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Off-linediensten van Home'Bank
Off-linediensten van Home'Bank 4.03
PaperPort
PhotoFiltre
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
Registers Rechtskundig Weekblad
Sewer Run
SightSpeed (remove only)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
SPBBC
Spyware Doctor 6.0
Sybase Adaptive Server Anywhere 6.0
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
Update voor Windows Internet Explorer 8 (KB969497)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vlnet3.com - SiteVacuum
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
==== End Of File ===========================

jmw3 · 20-Jul-2009, 02:20 PM #6

Hi
P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

eMule | BitTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/...rotection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

CiD Help
New.net Domains 8.0 build 846
vlnet3.com - SiteVacuum

If some programs listed are not present, please do not panic

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
New HijackThis log
Update on how the computer is running

Gootmorik · 24-Jul-2009, 02:01 PM #7

Thanks for the help. It appears that by removing the programs you indicated, the pop ups have stopped!

I am having problems in getting the ComboFix program to work and it is indeed getting jammed by my Norton which is always making my computer to crash. I am reluctant however to throw of Norton since I am not sure if I will get it back on.

For the eMule and BitTorrent, I agree that this is probably the source of my problems. I would like to get rid of BitTorrent, but if I look in the programs list, cannot find a trace of it. DO you know which program I need to remove or where it is hiding?

My computer seems to be running normally, so million thanks for your help!!

In each case, herewith the HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:18, on 24/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easypowersearch.com/Searc...dSearchLang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\DOCUME~1\ERIKDE~1\MIJNDO~1\INTERN~1\IEBUTT~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\16GOOG~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1421029556-4186958627-3753119921-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-445553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://rabru.bakernet.com/dana-cach...erSetupSP1.cab
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Settings Manager_Untrusted_BZ (ccSetMgr_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15091 bytes

jmw3 · 24-Jul-2009, 06:04 PM #8

Hi

Quote:

It appears that by removing the programs you indicated, the pop ups have stopped!

The CiD Help program would have been the main culprit here.

Quote:

I am having problems in getting the ComboFix program to work and it is indeed getting jammed by my Norton which is always making my computer to crash. I am reluctant however to throw of Norton since I am not sure if I will get it back on.

Are you disabling Norton when trying to run ComboFix? Leave it for now. We'll clean up another way.

Quote:

I would like to get rid of BitTorrent, but if I look in the programs list, cannot find a trace of it. DO you know which program I need to remove or where it is hiding?

I saw some entries referring to it in one of the logs. If it's no longer installed we'll clean up the left overs.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Norton AntiVirus 2005
Norton Internet Security 2005 (Symantec Corporation)

If some programs listed are not present, please do not panic

Fix HiJackThis Entries

Open HiJackThis
Click on Do a system scan only
Place a checkmark next to these lines(if still present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easypowersearch.com/Searc...dSearchLang=NL
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\DOCUME~1\ERIKDE~1\MIJNDO~1\INTERN~1\IEBUTT~1.DLL (file missing)
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\16GOOG~1.DLL
O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-445553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll (file missing)

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

OTM
Download OTM by OldTimer Here & save it to your desktop.

Double click on OTM.exe to run it
Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

Code:

:Files
c:\program files\BitTorrent Fastest Tool
c:\program files\EasySearch
c:\program files\GooglePlusVideos
C:\DOCUME~1\ERIKDE~1\MIJNDO~1\INTERN~1\IEBUTT~1.DLL
C:\WINDOWS\Media
C:\Program Files\Video ActiveX Access
C:\WINDOWS\system32\myqlejy.dll
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"2318C2B1-4965-11D4-9B18-009027A5CD4F"=-
[-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"ef99bd32-c1fb-11d2-892f-0090271d4f88"=-
[-HKEY_CLASSES_ROOT\CLSID\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"<NO NAME>"=-
:Commands
[Purity]
[EmptyTemp]
[Reboot]

Click on MoveIt!
When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.

Save any unsaved work. TFC Cleaner will close all open application windows
Double-click TFC.exe to run the program, your desktop will temporarily disappear
If prompted, click Yes to reboot

Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here & save to your desktop.

Double-click mbam-setup.exe & follow the prompts to install the program
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish
If an update is found, it will download and install the latest version
Once the program has loaded, select Perform full scan, then click Scan
When the scan is complete, click OK, then Show Results to view the results
Be sure that everything is checked, and click Remove Selected
When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
Note:
The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.

To post in next reply:
OTM log
Malwarebytes log
New DDS logs

Gootmorik · 26-Jul-2009, 06:43 PM #9

All processes killed
========== FILES ==========
File/Folder c:\program files\BitTorrent Fastest Tool not found.
c:\program files\EasySearch moved successfully.
c:\program files\GooglePlusVideos\FFExt\chrome\content moved successfully.
c:\program files\GooglePlusVideos\FFExt\chrome moved successfully.
c:\program files\GooglePlusVideos\FFExt moved successfully.
c:\program files\GooglePlusVideos moved successfully.
File/Folder C:\DOCUME~1\ERIKDE~1\MIJNDO~1\INTERN~1\IEBUTT~1.DLL not found.
C:\WINDOWS\Media moved successfully.
File/Folder C:\Program Files\Video ActiveX Access not found.
File/Folder C:\WINDOWS\system32\myqlejy.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\<NO NAME> not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 202834 bytes

User: Administrator.PERSOONSETCO
->Temp folder emptied: 715834 bytes
->Temporary Internet Files folder emptied: 34586 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: EDC
->Temp folder emptied: 428802296 bytes
->Temporary Internet Files folder emptied: 548420788 bytes
->Java cache emptied: 24449669 bytes
->FireFox cache emptied: 10652621 bytes

User: Erik De Caluwe
->Temp folder emptied: 5617836 bytes
->Temporary Internet Files folder emptied: 1910250 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4775791 bytes
->FireFox cache emptied: 1733042 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\E4153266612C460FAB94C9DB6802459A.TMP folder deleted successfully.
%systemroot% .tmp files removed: 496050 bytes
%systemroot%\System32 .tmp files removed: 2845 bytes
Windows Temp folder emptied: 7731393 bytes
RecycleBin emptied: 9534735 bytes

Total Files Cleaned = 996,81 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07262009_230735
Files moved on Reboot...
Registry entries deleted on Reboot...

Next one:

Malwarebytes' Anti-Malware 1.39
Database versie: 2505
Windows 5.1.2600 Service Pack 3
26/07/2009 22:58:51
mbam-log-2009-07-26 (22-58-45).txt
Scan type: Volledige Scan (C:\|Z:\|)
Objecten gescand: 224455
Verstreken tijd: 1 hour(s), 14 minute(s), 7 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 3
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d579 2aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd 2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
c:\documents and settings\EDC\local settings\Temp\tijdelijke map 1 voor download de armageddon reiziger securely with new secured browser.zip\SecuredeIE_CL_SE_SV_1903.EXE (AdwareSecuredIE) -> No action taken.
c:\documents and settings\EDC\local settings\temporary internet files\Content.IE5\XYYB49XU\INScript[1].dll (Adware.Agent) -> No action taken.
c:\system volume information\_restore{cb32ffed-ffb0-4f82-9d41-e1a8368d0a19}\RP635\A0097908.dll (Trojan.BitRoll) -> No action taken.
c:\WINDOWS\lnk_dados_2.dll (Malware.Trace) -> No action taken.

DDS Log File:

DDS (Ver_09-06-26.01) - NTFSx86
Run by EDC at 23:40:48,78 on zo 26/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.613 [GMT 2:00]

============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDC\Local Settings\Temporary Internet Files\Content.IE5\7MNR2T3N\dds[1].pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.euro.dell.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [slide.exe] c:\program files\slide\Slide.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [V0250Mon.exe] c:\windows\V0250Mon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Belgacom] "c:\program files\belgacom\bin\sprtcmd.exe" /P Belgacom
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rabru.bakernet.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\belgacom\bin\sprtsvc.exe [2008-5-29 202016]
S2 ccSetMgr_Untrusted_BZ;Symantec Settings Manager_Untrusted_BZ;"c:\virtual\untrusted\c_\program files\common files\symantec shared\ccsetmgr.exe" --> c:\virtual\untrusted\c_\program files\common files\symantec shared\ccSetMgr.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-7 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-26 38160]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-3-15 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2008-3-15 6272]
=============== Created Last 30 ================
2009-07-26 23:06 <DIR> --d----- c:\program files\OTM
2009-07-26 19:18 <DIR> --d----- c:\docume~1\edc\applic~1\Malwarebytes
2009-07-26 19:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 19:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-26 19:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 19:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 19:13 <DIR> --d----- c:\program files\Temp File Cleaner
2009-07-26 19:03 <DIR> --d----- C:\_OTM
2009-07-22 23:55 399,872 a------- c:\windows\system32\CF16906.exe
2009-07-22 23:49 399,872 a------- c:\windows\system32\CF14905.exe
2009-07-22 23:41 399,872 a------- c:\windows\system32\CF12341.exe
2009-07-22 23:30 399,872 a------- c:\windows\system32\CF11603.exe
2009-07-20 11:54 40 a------- c:\windows\opt_2460.ini
2009-07-20 11:54 51 a------- c:\windows\brmx2001.ini
2009-07-20 11:54 0 a------- c:\windows\webica.ini
2009-07-20 11:49 <DIR> --d----- c:\docume~1\edc\applic~1\ICAClient
2009-07-20 11:48 <DIR> --d----- c:\program files\Citrix
2009-07-20 11:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2009-07-11 15:29 <DIR> --d----- C:\Virtual
2009-07-11 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BufferZone
2009-07-11 15:18 434,252 a------- c:\windows\system32\Msvcrtd.dll
2009-07-11 15:18 <DIR> --d----- c:\program files\Zapu
2009-07-11 14:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\file cash army online
2009-07-11 13:45 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 16:40 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 16:40 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 21:11 1,295,360 a------- c:\windows\system32\quartz.dll
2009-06-03 21:11 1,295,360 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 07:06 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-07 17:34 347,136 a------- c:\windows\system32\localspl.dll
2009-05-07 17:34 347,136 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 23:18 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 23:17 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 23:17 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 23:17 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 23:17 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 23:17 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 23:17 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 13:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2007-10-04 00:07 0 a------- c:\documents and settings\edc\Emails.dat
2008-09-20 17:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008092020080921\index.dat
============= FINISH: 23:41:31,15 ===============

Attach txt in the next reply

Gootmorik · 26-Jul-2009, 06:45 PM **#10**

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/09/2005 14:45:23
System Uptime: 26/07/2009 23:12:22 (0 hours ago)
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 14,699 GiB free.
Z: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP614: 12/05/2009 22:30:39 - Controlepunt van systeem
RP615: 17/05/2009 12:40:39 - Software Distribution Service 3.0
RP616: 21/05/2009 17:59:56 - Controlepunt van systeem
RP617: 24/05/2009 11:50:12 - Software Distribution Service 3.0
RP618: 31/05/2009 13:23:43 - Controlepunt van systeem
RP619: 1/06/2009 14:59:30 - Controlepunt van systeem
RP620: 6/06/2009 14:17:32 - Controlepunt van systeem
RP621: 8/06/2009 20:32:54 - Controlepunt van systeem
RP622: 13/06/2009 22:13:18 - Controlepunt van systeem
RP623: 14/06/2009 3:00:19 - Software Distribution Service 3.0
RP624: 18/06/2009 9:36:17 - Controlepunt van systeem
RP625: 20/06/2009 13:01:19 - Controlepunt van systeem
RP626: 21/06/2009 19:22:46 - Controlepunt van systeem
RP627: 23/06/2009 10:00:40 - Controlepunt van systeem
RP628: 26/06/2009 9:03:37 - Controlepunt van systeem
RP629: 27/06/2009 13:50:06 - Controlepunt van systeem
RP630: 30/06/2009 21:14:05 - Controlepunt van systeem
RP631: 4/07/2009 14:43:19 - Controlepunt van systeem
RP632: 11/07/2009 2:17:23 - Controlepunt van systeem
RP633: 11/07/2009 13:41:47 - Windows XP WgaNotify is geïnstalleerd.
RP634: 11/07/2009 13:44:15 - Installed Java(TM) 6 Update 13
RP635: 11/07/2009 15:19:15 - Geïnstalleerd: Microsoft Visual C++ 2005 Redistributable
RP636: 11/07/2009 18:07:57 - Removed BufferZone
RP637: 11/07/2009 18:09:58 - Removed BufferZone
RP638: 12/07/2009 18:26:33 - Controlepunt van systeem
RP639: 13/07/2009 19:44:29 - Controlepunt van systeem
RP640: 18/07/2009 13:01:14 - Software Distribution Service 3.0
RP641: 19/07/2009 14:34:42 - Controlepunt van systeem
RP642: 20/07/2009 11:48:44 - Installed MetaFrame Presentation Server Client
RP643: 21/07/2009 17:57:23 - Controlepunt van systeem
RP644: 26/07/2009 18:53:51 - Removed Norton Security Center
==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced Video FX Engine
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Belgacom Genius
Belgacom I-Talk
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB973346)
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs 2
Brother MFL-Pro Suite
Conexant D110 MDC V.9x Modem
Creative-systeeminformatie
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
Creative Live! Cam Notebook Pro Handboek (Nederlands)
Creative Photo Calendar
Creative Photo Manager
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
Digital Line Detect
DV3300 PC CAMERA
eMule
Essentiële update voor Windows Media Player 11 (KB959772)
Google Desktop
Google Earth
Google Video Player
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Host Checker
Juniper Networks Network Connect 5.2.0
Last.fm 1.5.4.24567
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Editie 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Off-linediensten van Home'Bank
Off-linediensten van Home'Bank 4.03
PaperPort
PhotoFiltre
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
Registers Rechtskundig Weekblad
Sewer Run
SightSpeed (remove only)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
Sybase Adaptive Server Anywhere 6.0
Update voor Windows Internet Explorer 8 (KB969497)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
==== End Of File ===========================

jmw3 · 27-Jul-2009, 12:05 AM **#11**

Hi
Any reason why you didn't let Malwarnytes remove what it found as instructed? All entries are followed by -> No action taken. - which means they are still on your system.
Malwarebytes' Anti-Malware

Open Malwarebytes Anti-Malware, click the Update tab then Check for Updates
If an update is found, it will download and install the latest version & data base version
Once the program has updated click the Scanner tab, select Perform full scan then click Scan
When the scan is complete, click OK, then Show Results to view the results
Be sure that everything is checked, and click Remove Selected
When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
Note:
The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.

To post in next reply:
Malwarebytes' log
New DDS log

Gootmorik · 27-Jul-2009, 04:09 PM **#12**

Hi,

Indeed, suddenly my computer stopped. I thought it had deleted the infected files, but apparently it had not. In any case I did it again and herewith the new log file:

Malwarebytes' Anti-Malware 1.39
Database versie: 2505
Windows 5.1.2600 Service Pack 3
27/07/2009 20:08:56
mbam-log-2009-07-27 (20-08-55).txt
Scan type: Volledige Scan (C:\|Z:\|)
Objecten gescand: 205830
Verstreken tijd: 1 hour(s), 4 minute(s), 38 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 3
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d579 2aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd 2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
c:\system volume information\_restore{cb32ffed-ffb0-4f82-9d41-e1a8368d0a19}\RP635\A0097908.dll (Trojan.BitRoll) -> Quarantined and deleted successfully.
c:\WINDOWS\lnk_dados_2.dll (Malware.Trace) -> Quarantined and deleted successfully.

DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by EDC at 21:06:26,50 on ma 27/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.522 [GMT 2:00]

============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\EDC\Local Settings\Temporary Internet Files\Content.IE5\7MNR2T3N\dds[1].pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.euro.dell.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [slide.exe] c:\program files\slide\Slide.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [V0250Mon.exe] c:\windows\V0250Mon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Belgacom] "c:\program files\belgacom\bin\sprtcmd.exe" /P Belgacom
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rabru.bakernet.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\belgacom\bin\sprtsvc.exe [2008-5-29 202016]
S2 ccSetMgr_Untrusted_BZ;Symantec Settings Manager_Untrusted_BZ;"c:\virtual\untrusted\c_\program files\common files\symantec shared\ccsetmgr.exe" --> c:\virtual\untrusted\c_\program files\common files\symantec shared\ccSetMgr.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-7 29744]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-3-15 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2008-3-15 6272]
=============== Created Last 30 ================
2009-07-26 23:06 <DIR> --d----- c:\program files\OTM
2009-07-26 19:18 <DIR> --d----- c:\docume~1\edc\applic~1\Malwarebytes
2009-07-26 19:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 19:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-26 19:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 19:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 19:13 <DIR> --d----- c:\program files\Temp File Cleaner
2009-07-26 19:03 <DIR> --d----- C:\_OTM
2009-07-22 23:55 399,872 a------- c:\windows\system32\CF16906.exe
2009-07-22 23:49 399,872 a------- c:\windows\system32\CF14905.exe
2009-07-22 23:41 399,872 a------- c:\windows\system32\CF12341.exe
2009-07-22 23:30 399,872 a------- c:\windows\system32\CF11603.exe
2009-07-20 11:54 40 a------- c:\windows\opt_2460.ini
2009-07-20 11:54 51 a------- c:\windows\brmx2001.ini
2009-07-20 11:54 0 a------- c:\windows\webica.ini
2009-07-20 11:49 <DIR> --d----- c:\docume~1\edc\applic~1\ICAClient
2009-07-20 11:48 <DIR> --d----- c:\program files\Citrix
2009-07-20 11:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2009-07-11 15:29 <DIR> --d----- C:\Virtual
2009-07-11 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BufferZone
2009-07-11 15:18 434,252 a------- c:\windows\system32\Msvcrtd.dll
2009-07-11 15:18 <DIR> --d----- c:\program files\Zapu
2009-07-11 14:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\file cash army online
2009-07-11 13:45 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 16:40 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 16:40 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 21:11 1,295,360 a------- c:\windows\system32\quartz.dll
2009-06-03 21:11 1,295,360 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 07:06 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-07 17:34 347,136 a------- c:\windows\system32\localspl.dll
2009-05-07 17:34 347,136 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 23:18 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 23:17 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 23:17 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 23:17 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 23:17 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 23:17 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 23:17 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 13:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2007-10-04 00:07 0 a------- c:\documents and settings\edc\Emails.dat
2008-09-20 17:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008092020080921\index.dat
============= FINISH: 21:07:03,96 ===============

DDS Attach in the next one

Gootmorik · 27-Jul-2009, 04:10 PM **#13**

DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/09/2005 14:45:23
System Uptime: 27/07/2009 20:10:13 (1 hours ago)
Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 14,663 GiB free.
Z: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP614: 12/05/2009 22:30:39 - Controlepunt van systeem
RP615: 17/05/2009 12:40:39 - Software Distribution Service 3.0
RP616: 21/05/2009 17:59:56 - Controlepunt van systeem
RP617: 24/05/2009 11:50:12 - Software Distribution Service 3.0
RP618: 31/05/2009 13:23:43 - Controlepunt van systeem
RP619: 1/06/2009 14:59:30 - Controlepunt van systeem
RP620: 6/06/2009 14:17:32 - Controlepunt van systeem
RP621: 8/06/2009 20:32:54 - Controlepunt van systeem
RP622: 13/06/2009 22:13:18 - Controlepunt van systeem
RP623: 14/06/2009 3:00:19 - Software Distribution Service 3.0
RP624: 18/06/2009 9:36:17 - Controlepunt van systeem
RP625: 20/06/2009 13:01:19 - Controlepunt van systeem
RP626: 21/06/2009 19:22:46 - Controlepunt van systeem
RP627: 23/06/2009 10:00:40 - Controlepunt van systeem
RP628: 26/06/2009 9:03:37 - Controlepunt van systeem
RP629: 27/06/2009 13:50:06 - Controlepunt van systeem
RP630: 30/06/2009 21:14:05 - Controlepunt van systeem
RP631: 4/07/2009 14:43:19 - Controlepunt van systeem
RP632: 11/07/2009 2:17:23 - Controlepunt van systeem
RP633: 11/07/2009 13:41:47 - Windows XP WgaNotify is geïnstalleerd.
RP634: 11/07/2009 13:44:15 - Installed Java(TM) 6 Update 13
RP635: 11/07/2009 15:19:15 - Geïnstalleerd: Microsoft Visual C++ 2005 Redistributable
RP636: 11/07/2009 18:07:57 - Removed BufferZone
RP637: 11/07/2009 18:09:58 - Removed BufferZone
RP638: 12/07/2009 18:26:33 - Controlepunt van systeem
RP639: 13/07/2009 19:44:29 - Controlepunt van systeem
RP640: 18/07/2009 13:01:14 - Software Distribution Service 3.0
RP641: 19/07/2009 14:34:42 - Controlepunt van systeem
RP642: 20/07/2009 11:48:44 - Installed MetaFrame Presentation Server Client
RP643: 21/07/2009 17:57:23 - Controlepunt van systeem
RP644: 26/07/2009 18:53:51 - Removed Norton Security Center
RP645: 27/07/2009 19:27:15 - Controlepunt van systeem
==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced Video FX Engine
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Belgacom Genius
Belgacom I-Talk
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB973346)
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs 2
Brother MFL-Pro Suite
Conexant D110 MDC V.9x Modem
Creative-systeeminformatie
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
Creative Live! Cam Notebook Pro Handboek (Nederlands)
Creative Photo Calendar
Creative Photo Manager
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
Digital Line Detect
DV3300 PC CAMERA
eMule
Essentiële update voor Windows Media Player 11 (KB959772)
Google Desktop
Google Earth
Google Video Player
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Host Checker
Juniper Networks Network Connect 5.2.0
Last.fm 1.5.4.24567
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Editie 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Off-linediensten van Home'Bank
Off-linediensten van Home'Bank 4.03
PaperPort
PhotoFiltre
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
Registers Rechtskundig Weekblad
Sewer Run
SightSpeed (remove only)
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
Sybase Adaptive Server Anywhere 6.0
Update voor Windows Internet Explorer 8 (KB969497)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
==== End Of File ===========================

THANKS FOR ALL THE HELP, REALLY APPRECIATE THIS!!!

jmw3 · 28-Jul-2009, 02:42 AM **#14**

Hi

Quote:

THANKS FOR ALL THE HELP, REALLY APPRECIATE THIS!!!

No problem

Warning: Please note that this fix is specific for this poster & should not be used by anyone else.

Backup Your Registry with ERUNT

Download ERUNT from here & follow the installation prompts
Uncheck Create NTREGOPT desktop icon at the Additional Tasks screen. Click No when prompted to create an ERUNT entry in the startup folder.
Double click the Erunt icon on your desktop to open the program then click OK at the prompt
Use the default settings unless there is more than one user account. (If more the one user account tick Other open user registries in Backup Options)
Click OK

The following instruction should only be carried out if you need to restore the registry backup:
Navigate to the folder where the backup is saved
Double click on ERDNT.exe then OK
When the program opens click OK

Fix.reg

Open Notepad by clicking Start>Run, type in Notepad then click OK
Copy the contents of the Code Box below to Notepad
Note: In Notepad, there must be NO blank lines before the word 'REGEDIT4' and there MUST be one blank line at the end of all the lines. To do this, place the cursor at the end of the last line of text and press Return/Enter on the keyboard.
Name the file as fix.reg
Change the Save as Type to All Files
Save the file to your Desktop

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7"=-

[-HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"2318C2B1-4965-11D4-9B18-009027A5CD4F"=-

[-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"EF99BD32-C1FB-11D2-892F-0090271D4F88"=-

[-HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"<NO NAME>"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]

[-HKEY_CLASSES_ROOT\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]

Double click on the fix.reg file & when it prompts to Merge click Yes.

Lop S&D
Download Lop S&D by Eric_71 Here and save it to your desktop.
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated. Post the contents of the log in your next reply

(A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

To post in next reply:
Lop S&D log
New HijackThis log

Gootmorik · 28-Jul-2009, 03:56 PM **#15**

Lop S&D log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : EDC ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:52 Go (Free:14 Go)
Z:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( di 28/07/2009|20:44 )

--------------------\\ Beschrijving van mappen in APPLIC~1
[13/09/2004|15:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[13/09/2004|14:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/05/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[02/09/2005|10:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[02/09/2005|10:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[24/05/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
[10|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar
[13/09/2004|15:12] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Jasc Software Inc
[14/09/2005|12:26] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Microsoft
[02/09/2005|10:24] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Sun
[14/09/2005|12:28] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Symantec
[14/09/2005|12:24] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\bytes
[9|map(pen)] C:\DOCUME~1\ADMINI~1.PER\APPLIC~1\bytes beschikbaar
[02/03/2008|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/08/2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/08/2007|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/07/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2009|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[15/03/2008|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[21/07/2009|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
[01/01/2009|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/09/2005|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/09/2005|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[20/07/2009|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Juniper Networks
[20/10/2007|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Last.fm
[13/07/2009|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/07/2009|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[12/07/2009|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/10/2005|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[17/07/2006|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[26/07/2007|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[09/07/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
[09/07/2007|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[26/07/2009|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[21/07/2009|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/09/2005|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/11/2005|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[26|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar
[13/09/2004|15:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[13/09/2004|14:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/09/2005|10:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[02/09/2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[8|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar
[14/06/2008|13:41] C:\DOCUME~1\EDC\APPLIC~1\Adobe
[29/01/2007|12:50] C:\DOCUME~1\EDC\APPLIC~1\AdobeUM
[22/08/2007|14:23] C:\DOCUME~1\EDC\APPLIC~1\Apple Computer
[26/07/2007|13:40] C:\DOCUME~1\EDC\APPLIC~1\Brother
[19/03/2008|21:42] C:\DOCUME~1\EDC\APPLIC~1\Creative
[25/05/2006|18:11] C:\DOCUME~1\EDC\APPLIC~1\CyberLink
[12/06/2006|17:31] C:\DOCUME~1\EDC\APPLIC~1\Google
[20/07/2009|11:52] C:\DOCUME~1\EDC\APPLIC~1\Help
[20/07/2009|11:55] C:\DOCUME~1\EDC\APPLIC~1\ICAClient
[13/09/2004|15:12] C:\DOCUME~1\EDC\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\EDC\APPLIC~1\Intel
[01/03/2007|16:22] C:\DOCUME~1\EDC\APPLIC~1\iWin
[02/09/2005|10:34] C:\DOCUME~1\EDC\APPLIC~1\Jasc Software Inc
[20/07/2009|11:41] C:\DOCUME~1\EDC\APPLIC~1\Juniper Networks
[06/06/2006|12:01] C:\DOCUME~1\EDC\APPLIC~1\Lavasoft
[05/06/2006|12:08] C:\DOCUME~1\EDC\APPLIC~1\Leadertech
[24/05/2006|12:00] C:\DOCUME~1\EDC\APPLIC~1\Macromedia
[26/07/2009|19:18] C:\DOCUME~1\EDC\APPLIC~1\Malwarebytes
[29/05/2006|12:20] C:\DOCUME~1\EDC\APPLIC~1\Microsoft
[01/06/2007|17:48] C:\DOCUME~1\EDC\APPLIC~1\Mozilla
[27/02/2008|22:11] C:\DOCUME~1\EDC\APPLIC~1\Real
[05/09/2007|18:54] C:\DOCUME~1\EDC\APPLIC~1\ScanSoft
[14/06/2007|19:02] C:\DOCUME~1\EDC\APPLIC~1\Slide
[05/06/2006|12:08] C:\DOCUME~1\EDC\APPLIC~1\Sonic
[02/09/2005|10:24] C:\DOCUME~1\EDC\APPLIC~1\Sun
[12/12/2006|12:34] C:\DOCUME~1\EDC\APPLIC~1\Symantec
[01/06/2007|17:51] C:\DOCUME~1\EDC\APPLIC~1\Talkback
[24/05/2006|11:34] C:\DOCUME~1\EDC\APPLIC~1\Toshiba
[10/07/2008|02:54] C:\DOCUME~1\EDC\APPLIC~1\U3
[0|bestand(en)] C:\DOCUME~1\EDC\APPLIC~1\bytes
[31|map(pen)] C:\DOCUME~1\EDC\APPLIC~1\bytes beschikbaar
[12/09/2005|21:38] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Adobe
[12/09/2005|21:38] C:\DOCUME~1\ERIKDE~1\APPLIC~1\AdobeUM
[10/09/2005|18:54] C:\DOCUME~1\ERIKDE~1\APPLIC~1\CyberLink
[13/09/2004|15:12] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Identities
[02/09/2005|10:26] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Intel
[02/09/2005|10:34] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Jasc Software Inc
[10/09/2005|21:53] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Leadertech
[14/09/2005|11:45] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Microsoft
[10/09/2005|21:53] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Sonic
[02/09/2005|10:24] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Sun
[08/09/2005|14:46] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Symantec
[10/09/2005|18:25] C:\DOCUME~1\ERIKDE~1\APPLIC~1\Toshiba
[0|bestand(en)] C:\DOCUME~1\ERIKDE~1\APPLIC~1\bytes
[14|map(pen)] C:\DOCUME~1\ERIKDE~1\APPLIC~1\bytes beschikbaar
[26/07/2009|19:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Juniper Networks
[22/07/2009|23:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[18/01/2008|22:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar
[13/09/2004|14:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[10/09/2005|18:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks
[12/07/2009 17:50][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[01/06/2009 15:24][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/07/2009 20:40][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[27/07/2009 20:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Beschrijving van mappen in C:\Program Files
[13/07/2008|17:14] C:\Program Files\Adobe
[02/09/2005|10:27] C:\Program Files\Apoint
[12/05/2008|22:58] C:\Program Files\Apple Software Update
[02/09/2005|10:25] C:\Program Files\ATI Technologies
[23/10/2008|22:51] C:\Program Files\Belgacom
[02/09/2005|10:28] C:\Program Files\Broadcom
[26/07/2007|13:34] C:\Program Files\Brother
[20/07/2009|11:48] C:\Program Files\Citrix
[26/07/2009|19:12] C:\Program Files\Common Files
[13/09/2004|15:04] C:\Program Files\ComPlus Applications
[02/09/2005|10:11] C:\Program Files\CONEXANT
[15/03/2008|19:24] C:\Program Files\Creative
[02/09/2005|10:30] C:\Program Files\CyberLink
[02/09/2005|10:33] C:\Program Files\Dell
[02/09/2005|10:34] C:\Program Files\Dell Inc
[02/09/2005|10:27] C:\Program Files\Digital Line Detect
[05/08/2006|15:07] C:\Program Files\directx
[05/08/2006|15:06] C:\Program Files\DV3300 PC Camera
[11/07/2009|15:26] C:\Program Files\eMule
[28/07/2009|20:41] C:\Program Files\ERUNT
[02/04/2006|13:13] C:\Program Files\ForceVision
[08/01/2009|00:56] C:\Program Files\Google
[26/07/2009|19:00] C:\Program Files\HijackThis
[19/02/2007|15:56] C:\Program Files\ING
[15/03/2008|19:27] C:\Program Files\InstallShield Installation Information
[02/09/2005|10:26] C:\Program Files\Intel
[02/09/2005|10:26] C:\Program Files\Intel, Inc
[14/06/2009|03:35] C:\Program Files\Internet Explorer
[22/12/2007|22:11] C:\Program Files\internet programmas
[18/04/2006|19:20] C:\Program Files\Intersentia
[25/01/2006|13:18] C:\Program Files\Jasc Software Inc
[11/07/2009|13:44] C:\Program Files\Java
[01/03/2007|20:11] C:\Program Files\Jewel Quest 2
[27/07/2007|13:26] C:\Program Files\Juniper Networks
[25/04/2009|12:34] C:\Program Files\Last.fm
[13/07/2009|21:44] C:\Program Files\Lavasoft
[28/07/2009|20:43] C:\Program Files\Lop S&D
[26/07/2009|22:58] C:\Program Files\Malwarebytes' Anti-Malware
[20/09/2008|17:52] C:\Program Files\Messenger
[13/09/2004|15:07] C:\Program Files\microsoft frontpage
[20/09/2005|11:15] C:\Program Files\Microsoft Office
[02/09/2005|10:32] C:\Program Files\Microsoft Visual Studio
[14/09/2005|12:23] C:\Program Files\Microsoft Windows Small Business Server
[02/09/2005|10:39] C:\Program Files\Microsoft Works
[02/09/2005|10:32] C:\Program Files\Microsoft.NET
[02/09/2005|10:26] C:\Program Files\Modem Helper
[20/09/2008|17:39] C:\Program Files\Movie Maker
[02/03/2008|21:54] C:\Program Files\Mozilla Firefox
[13/09/2004|15:03] C:\Program Files\MSN Gaming Zone
[15/11/2006|20:02] C:\Program Files\MSXML 4.0
[20/09/2008|17:35] C:\Program Files\NetMeeting
[02/09/2005|10:27] C:\Program Files\NetWaiting
[19/09/2005|20:07] C:\Program Files\OfficeUpdate11
[13/09/2004|15:05] C:\Program Files\Online Services
[03/11/2006|16:11] C:\Program Files\Oracle applications
[26/07/2009|23:06] C:\Program Files\OTM
[20/09/2008|17:35] C:\Program Files\Outlook Express
[25/10/2008|17:47] C:\Program Files\Photo Resizer
[02/06/2006|14:24] C:\Program Files\PhotoFiltre
[20/09/2005|11:14] C:\Program Files\PowerPoint Viewer
[27/08/2007|14:35] C:\Program Files\QuickTime
[15/09/2005|15:18] C:\Program Files\Real
[26/07/2007|13:31] C:\Program Files\ScanSoft
[17/10/2006|14:20] C:\Program Files\Sewer Run
[15/03/2008|19:25] C:\Program Files\SightSpeed
[02/09/2005|10:11] C:\Program Files\Sigmatel
[03/11/2006|15:54] C:\Program Files\Sitemap generator
[14/06/2007|19:02] C:\Program Files\Slide
[21/09/2005|12:04] C:\Program Files\Sonic
[24/12/2007|18:58] C:\Program Files\Soulseek
[20/09/2005|13:56] C:\Program Files\Sybase
[26/07/2009|19:14] C:\Program Files\Temp File Cleaner
[02/09/2005|10:29] C:\Program Files\Toshiba
[13/09/2004|15:12] C:\Program Files\Uninstall Information
[06/12/2006|14:14] C:\Program Files\Windows Media Connect 2
[20/09/2008|17:35] C:\Program Files\Windows Media Player
[20/09/2008|17:35] C:\Program Files\Windows NT
[13/09/2004|15:05] C:\Program Files\WindowsUpdate
[13/09/2004|15:07] C:\Program Files\xerox
[29/11/2005|22:47] C:\Program Files\XP Codec Pack
[02/11/2006|13:29] C:\Program Files\Yahoo!
[12/07/2009|03:56] C:\Program Files\Zapu
[0|bestand(en)] C:\Program Files\bytes
[84|map(pen)] C:\Program Files\bytes beschikbaar
--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files
[02/03/2008|16:39] C:\Program Files\Common Files\Adobe
[22/08/2007|14:15] C:\Program Files\Common Files\Apple
[02/09/2005|10:32] C:\Program Files\Common Files\DESIGNER
[03/03/2006|21:36] C:\Program Files\Common Files\ErrorSafe
[26/07/2007|13:33] C:\Program Files\Common Files\InstallShield
[02/09/2005|10:24] C:\Program Files\Common Files\Java
[11/07/2009|15:19] C:\Program Files\Common Files\Microsoft Shared
[13/09/2004|15:05] C:\Program Files\Common Files\MSSoap
[13/09/2004|14:59] C:\Program Files\Common Files\ODBC
[23/04/2008|09:17] C:\Program Files\Common Files\Real
[26/07/2007|13:31] C:\Program Files\Common Files\ScanSoft Shared
[13/09/2004|15:05] C:\Program Files\Common Files\Services
[21/12/2005|16:43] C:\Program Files\Common Files\Sonic Shared
[13/09/2004|14:59] C:\Program Files\Common Files\SpeechEngines
[09/07/2007|11:42] C:\Program Files\Common Files\SupportSoft
[26/07/2009|19:14] C:\Program Files\Common Files\Symantec Shared
[20/09/2008|17:34] C:\Program Files\Common Files\System
[30/08/2007|18:01] C:\Program Files\Common Files\Wise Installation Wizard
[23/04/2008|09:17] C:\Program Files\Common Files\xing shared
[0|bestand(en)] C:\Program Files\Common Files\bytes
[21|map(pen)] C:\Program Files\Common Files\bytes beschikbaar
--------------------\\ Process
( 69 Processes )
iexplore.exe ~ [PID:1796]
iexplore.exe ~ [PID:3112]
iexplore.exe ~ [PID:892]
--------------------\\ Zoeken met S_Lop
Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen
C:\DOCUME~1\ALLUSE~1\APPLIC~1\file cash army online
C:\DOCUME~1\EDC\Cookies\edc@d2.advertserve[1].txt
C:\DOCUME~1\EDC\Cookies\edc@www.adserver5[1].txt
C:\DOCUME~1\EDC\Cookies\edc@adultfriendfinder[2].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising.marketnetwork[1].txt
C:\DOCUME~1\EDC\Cookies\edc@advertising[2].txt
C:\DOCUME~1\EDC\Cookies\edc@adopt.euroclick[1].txt
C:\DOCUME~1\EDC\Cookies\edc@partypoker[1].txt
C:\DOCUME~1\EDC\Cookies\edc@888[2].txt

--------------------\\ Zoeken doorheen het Register
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !
--------------------\\ Nazicht van het Hosts bestand
Hosts bestand IN ORDE

--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 20:45:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Zoeken naar andere infecties
--------------------\\ ROGUES ..
C:\PROGRA~1\COMMON~1\ErrorSafe

[F:20][D:5]-> C:\DOCUME~1\EDC\LOCALS~1\Temp
[F:2348][D:0]-> C:\DOCUME~1\EDC\Cookies
[F:401][D:4]-> C:\DOCUME~1\EDC\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - di 28/07/2009|20:51 - Option : [1]
--------------------\\ Scan voltooid om 20:51:35

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:03, on 28/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://rabru.bakernet.com/dana-cach...erSetupSP1.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Settings Manager_Untrusted_BZ (ccSetMgr_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10982 bytes

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!