Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Traces of AntiMalware?


  • This topic is locked This topic is locked
17 replies to this topic

#1 wenapee

wenapee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 August 2010 - 11:51 AM

Hi bleepingcomputer

Description: I had issues with installing essential microsoft updates, in order to fix it I was advised to uninstall the antivirus program, windows xp sp3, and reinstall windows xp SP2 (upgrade from instalation cd) and after that reinstall xp sp3. This made it possible that I was capable of installing all windows xp security updates.

After that I wanted to reinstall AVG, but it said I had to remove AntiMalware first. I believe it are traces from a previous infection that windows thinks that it is my AntiVirus program.


Uploaded with ImageShack.us

Both ESET online scan and MBAM did not find anything. At the moment I have no virus scan installed, I will wait untill this issue gets fixed. ty in advance. I will retry the gmer scan.

(EDIT: managed to run gmer in safe mode, first time when i ran gmer it finished but system froze on attempting to safe log, 2e and 3th time system froze during scan, 4th ran gmer in safe mode, logs added in attachment)
(EDIT2: Because other users use this pc as well (including filesharing programs) and because the respond time is approximately 1 week, I have decided to install AVG and comodo firewall)

DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Monirr at 3:21:22,39 on vr 06-08-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1501 [GMT 2:00]

AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\DOCUME~1\Monirr\LOCALS~1\Temp\clclean.0001
C:\Program Files\Athan\Athan.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system\Cm106eye.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Monirr\Bureaublad\Infection\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sahihalbukhari.com/sps/sbk/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://dcode.support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189574036640
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188766528078
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\monirr\applic~1\mozilla\firefox\profiles\umzkqq4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\monirr\application data\mozilla\firefox\profiles\umzkqq4o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\monirr\application data\mozilla\firefox\profiles\umzkqq4o.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\monirr\application data\mozilla\firefox\profiles\umzkqq4o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-25 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 Iprip;RIP-listener;c:\windows\system32\svchost.exe -k netsvcs [2004-9-2 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-18 99328]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2010-8-6 1506304]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.sys [2007-1-19 2944]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [2006-3-22 73984]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 vtayn;vtayn;\??\c:\docume~1\monirr\locals~1\temp\vtayn.sys --> c:\docume~1\monirr\locals~1\temp\vtayn.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-2 14336]
S3 XDva009;XDva009;\??\c:\windows\system32\xdva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva010;XDva010;\??\c:\windows\system32\xdva010.sys --> c:\windows\system32\XDva010.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]

=============== Created Last 30 ================

2010-08-06 01:18:10 20 ----a-w- c:\documents and settings\monirr\defogger_reenable
2010-08-06 01:13:29 7733248 ----a-w- c:\windows\system\CM106.cpl
2010-08-06 01:13:29 491520 ----a-w- c:\windows\system\cmau106.dll
2010-08-06 01:13:29 278528 ----a-w- c:\windows\system32\CM106rm.exe
2010-08-06 01:13:29 221184 ----a-w- c:\windows\system\cm106eye.exe
2010-08-06 01:13:29 1301 ----a-w- c:\windows\system\Cm106.ini
2010-08-06 01:13:29 125 ----a-w- c:\windows\Cm106.ini.cfl
2010-08-06 01:12:59 1249 ----a-w- c:\windows\Cm106.ini.cfg
2010-08-06 01:12:58 766 ----a-w- c:\windows\trust_icon.ico
2010-08-06 01:12:58 278528 ----a-w- c:\windows\Cmi106Uninstall.exe
2010-08-06 01:12:57 1206 ----a-w- c:\windows\cm106.ini
2010-08-06 01:11:42 315392 ----a-w- c:\windows\system\fltr106.dll
2010-08-06 01:11:42 1506304 ----a-w- c:\windows\system32\drivers\CM106.sys
2010-08-06 01:11:42 0 d-----w- c:\program files\Trust 5.1 Surround Headset
2010-08-06 01:11:00 0 d-----w- C:\download
2010-08-06 01:02:02 0 d--h--r- c:\documents and settings\monirr\Onlangs geopend
2010-08-05 20:38:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 20:38:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-05 20:38:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 20:38:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 18:54:49 0 d-----w- c:\windows\system32\winrm
2010-08-05 18:54:41 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-05 18:17:16 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-08-05 17:59:25 0 d-----w- c:\windows\system32\URTTemp
2010-08-05 17:22:30 0 d-----w- c:\windows\ServicePackFiles
2010-08-05 16:49:09 0 dc-h--w- c:\windows\ie8
2010-08-05 16:47:54 61440 ------w- c:\windows\system32\kmsvc.dll
2010-08-05 16:33:34 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-05 16:33:30 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-05 16:33:30 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-05 16:33:27 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-05 16:33:04 126464 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-08-05 16:33:00 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-05 16:32:41 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-08-05 16:32:21 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-05 16:32:02 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-08-05 16:24:58 0 d-----w- c:\windows\system32\3com_dmi
2010-08-05 16:24:58 0 d-----w- c:\windows\dell
2010-08-05 16:17:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-05 16:17:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-05 16:17:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-05 16:16:57 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-05 15:26:14 0 d-----w- C:\8bed1362ac392363b1546e03
2010-08-05 15:07:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2010-08-05 15:07:12 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2010-08-05 15:07:12 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2010-08-05 15:07:12 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2010-08-05 15:07:10 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2010-08-05 15:07:04 221184 -c--a-w- c:\windows\system32\dllcache\wmpns.dll
2010-08-05 15:05:58 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-08-05 15:03:49 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-08-05 15:03:43 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-08-05 15:03:43 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-08-05 15:03:43 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-08-05 15:03:43 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-08-05 15:03:43 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-08-05 15:03:33 0 d-----w- c:\program files\Online Services
2010-08-05 15:00:55 13312 -c--a-w- c:\windows\system32\dllcache\htrn_jis.dll
2010-08-05 15:00:42 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-08-05 15:00:42 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-08-05 14:37:09 4128 ----a-w- C:\INFCACHE.1
2010-08-05 14:33:59 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-08-05 14:32:54 1027006 ----a-w- c:\windows\setupapi.log.1.old
2010-08-05 14:00:17 206961 ----a-w- c:\windows\setupapi.old
2010-07-29 10:14:14 0 d-----r- c:\program files\MUGEN_JAM
2010-07-28 13:16:17 349 ----a-w- c:\documents and settings\monirr\null
2010-07-28 13:11:34 0 d--h--w- c:\program files\WindowsUpdate
2010-07-26 04:11:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-25 07:54:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-25 07:40:36 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-19 11:36:44 0 d-----w- C:\fd8a68ed42948fc476ab4866147b
2010-07-19 06:02:09 0 d-----w- C:\8a7c5214cd25967d327b35
2010-07-19 04:01:02 0 d-----w- c:\docume~1\alluse~1\applic~1\VirtuallTek
2010-07-13 00:53:36 0 d-----w- c:\docume~1\monirr\applic~1\PrimoPDF
2010-07-13 00:52:04 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-07-13 00:52:03 0 d-----w- c:\program files\Nitro PDF
2010-07-12 15:55:20 73728 ----a-w- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2010-08-06 00:14:22 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-05 21:08:34 633864 ----a-w- c:\windows\system32\perfh013.dat
2010-08-05 21:08:34 143208 ----a-w- c:\windows\system32\perfc013.dat
2010-08-05 16:29:08 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-05 15:01:40 38492 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-15 02:16:24 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-08 16:10:50 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10:50 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-28 20:31:31 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-21 12:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2008-06-04 22:45:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008060520080606\index.dat

============= FINISH: 3:22:28,06 ===============

Attached Files


Edited by wenapee, 07 August 2010 - 06:56 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 14 August 2010 - 07:55 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 14 August 2010 - 09:57 PM

Hi m0le, thx for helping out many people, I will wait for your instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 15 August 2010 - 04:07 AM

Please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Now let's see an OTL log
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#5 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 15 August 2010 - 04:58 PM

The logs:

MBRCheck, version 1.2.3
Đ 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA328000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E49000 iastor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E29000 fltmgr.sys
0xB9E17000 sr.sys
0xBA0F8000 Lbd.sys
0xB9E01000 DRVMCDB.SYS
0xBA330000 PxHelp20.sys
0xB9DEA000 KSecDD.sys
0xB9D5D000 Ntfs.sys
0xB9D49000 inspect.sys
0xB9D1C000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA340000 sfhlp02.sys
0xB9D0A000 sfdrv01.sys
0xB9CF0000 Mup.sys
0xB9C53000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA308000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B80000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xAE8BD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xAE895000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xAE85C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xAE838000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xAE813000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0xAE7F0000 \SystemRoot\system32\DRIVERS\ks.sys
0xB43F7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA628000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB43E7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA7CB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xAFAB2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAE7D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xAED40000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xAE7C8000 \SystemRoot\system32\DRIVERS\psched.sys
0xAED30000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB2084000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB2074000 \SystemRoot\system32\DRIVERS\raspti.sys
0xAED20000 \SystemRoot\System32\Drivers\pcouffin.sys
0xAE798000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xAED10000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB206C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB2064000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAE73A000 \SystemRoot\system32\DRIVERS\update.sys
0xAF681000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAED00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA1EDC000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xA1EB8000 \SystemRoot\system32\drivers\portcls.sys
0xAECD0000 \SystemRoot\system32\drivers\drmk.sys
0xAECC0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA1D88000 \SystemRoot\system32\drivers\sthda.sys
0xA1C34000 \SystemRoot\system32\drivers\monfilt.sys
0xBA59C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA1BFE000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5F8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5FA000 \SystemRoot\System32\Drivers\Beep.SYS
0xB2054000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB204C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB113B000 \SystemRoot\System32\drivers\vga.sys
0xBA5FC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB1133000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB112B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB90C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1BCB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1B72000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1123000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA1B4C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1B14000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA1ADA000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAE961000 \SystemRoot\system32\drivers\ip6fw.sys
0xAE951000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1AB2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1A90000 \SystemRoot\System32\drivers\afd.sys
0xAE941000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE921000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA1A6E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xB111B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA1A43000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA19D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE911000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1113000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA199F000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB9C4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA388000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAF0BF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA17E1000 \SystemRoot\system32\drivers\CM106.sys
0xB9CAC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB7647000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA1708000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAFABA000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7D3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10C000 \SystemRoot\System32\atikvmag.dll
0xBF1A9000 \SystemRoot\System32\atiok3x2.dll
0xBF20E000 \SystemRoot\System32\ati3duag.dll
0xBF5BF000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA1D8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA75A000 \SystemRoot\System32\DLA\DLADResN.SYS
0x9E422000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB90AC000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5DC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB207C000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9E3E2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9E3CC000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x9E364000 \SystemRoot\system32\DRIVERS\hnm_wrls_pkt.sys
0x9E360000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0x9E35C000 \SystemRoot\system32\DRIVERS\packet.sys
0x9E358000 \SystemRoot\system32\DRIVERS\wsp_pkt.sys
0x9E11F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9E0BA000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4447000 \SystemRoot\system32\drivers\sysaudio.sys
0x9DFA5000 \SystemRoot\system32\drivers\ctusfsyn.sys
0x9DF75000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0x9DF4F000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0x9D35C000 \SystemRoot\System32\Drivers\HTTP.sys
0x9C7F3000 \SystemRoot\system32\DRIVERS\ithsgt.sys
0x9CE0A000 \SystemRoot\system32\DRIVERS\lilsgt.sys
0xBA61C000 \SystemRoot\system32\drivers\MSPQM.sys
0x9C53B000 \SystemRoot\system32\DRIVERS\srv.sys
0x9C4FC000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0x9C4E4000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0x9C48A000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0x998DD000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
844 C:\WINDOWS\system32\smss.exe
908 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\ati2evxx.exe
1208 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1384 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1412 C:\WINDOWS\system32\svchost.exe
1696 svchost.exe
1824 C:\WINDOWS\system32\ati2evxx.exe
1832 C:\Program Files\AVG\AVG9\avgchsvx.exe
1840 C:\Program Files\AVG\AVG9\avgrsx.exe
1896 svchost.exe
1916 C:\Program Files\AVG\AVG9\avgcsrvx.exe
376 C:\WINDOWS\system32\spoolsv.exe
724 svchost.exe
800 msdtc.exe
1796 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
1924 C:\WINDOWS\explorer.exe
1952 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2064 C:\WINDOWS\system32\cisvc.exe
2076 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
2136 C:\WINDOWS\system32\CTSVCCDA.EXE
2176 C:\WINDOWS\ehome\ehrecvr.exe
2204 C:\WINDOWS\ehome\ehSched.exe
2284 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2412 C:\Program Files\AVG\AVG9\avgnsx.exe
2416 C:\WINDOWS\system32\inetsrv\inetinfo.exe
2496 C:\Program Files\Java\jre6\bin\jqs.exe
2740 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2944 C:\WINDOWS\system32\tcpsvcs.exe
3060 C:\WINDOWS\system32\snmp.exe
3080 svchost.exe
3128 C:\WINDOWS\system32\svchost.exe
3164 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3504 C:\WINDOWS\system32\searchindexer.exe
3676 mcrdsvc.exe
3760 C:\WINDOWS\system32\mqsvc.exe
3848 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4064 <unknown>
536 C:\WINDOWS\ehome\ehtray.exe
1068 C:\WINDOWS\system32\mqtgsvc.exe
1052 C:\WINDOWS\ehome\ehmsas.exe
2988 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3508 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
2980 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3796 C:\WINDOWS\system32\dllhost.exe
3040 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3624 C:\WINDOWS\system32\rundll32.exe
3108 C:\WINDOWS\system32\ico.exe
3336 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4060 C:\DOCUME~1\Monirr\LOCALS~1\Temp\clclean.0001
4276 alg.exe
4804 C:\WINDOWS\stsystra.exe
4828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4852 C:\WINDOWS\system32\rundll32.exe
4860 C:\PROGRA~1\AVG\AVG9\avgtray.exe
4876 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4940 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
4964 C:\WINDOWS\system32\ctfmon.exe
5204 C:\WINDOWS\system\cm106eye.exe
5420 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5604 wmiprvse.exe
4420 <unknown>
4444 <unknown>
4824 <unknown>
4304 C:\Documents and Settings\Monirr\Bureaublad\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: ˆ'

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6


Done!



OTL logfile created on: 15-8-2010 23:41:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Monirr\Bureaublad
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 460,95 Gb Total Space | 6,56 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANHAJI
Current User Name: Monirr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monirr\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Monirr\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\system\cm106eye.exe ()
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Monirr\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) IntelŪ -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) SMTP (Simple Mail Transfer Protocol) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva010) -- C:\WINDOWS\System32\XDva010.sys File not found
DRV - (XDva009) -- C:\WINDOWS\System32\XDva009.sys File not found
DRV - (vtayn) -- C:\DOCUME~1\Monirr\LOCALS~1\Temp\vtayn.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USBMULCD) -- C:\WINDOWS\system32\drivers\CM106.sys (C-Media Electronics Inc)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (usbaudio) Stuurprogramma voor USB-audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows Ū Server 2003 DDK provider)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (fiddrv) -- C:\WINDOWS\system32\drivers\fiddrv.sys ()
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (e1express) IntelŪ -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (rockusb) -- C:\WINDOWS\system32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sahihalbukhari.com/sps/sbk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC AD 48 F3 D9 21 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100723W
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ubvu.vu.nl/ubvu.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010-08-05 20:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-07-12 17:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-08-07 13:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-07 14:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-12 17:38:44 | 000,000,000 | ---D | M]

[2008-08-28 01:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Extensions
[2008-08-28 01:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-08-14 08:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions
[2010-04-29 19:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-01 21:52:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-29 11:34:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-09-26 06:14:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlusŪ)) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-11-21 05:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\firefox@tvunetworks.com
[2010-08-14 08:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-03-31 01:09:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-25 08:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-05-29 11:49:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2010-07-12 17:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-06 02:27:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-25 08:26:18 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010-07-25 08:26:18 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2006-09-03 13:12:48 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-09-25 18:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010-07-25 08:26:28 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007-03-22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010-06-17 02:28:32 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010-07-25 08:26:30 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010-07-25 08:26:30 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010-07-25 08:26:30 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010-07-25 08:26:30 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010-07-25 08:26:30 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010-07-25 08:26:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010-07-25 08:26:30 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010-08-15 21:03:17 | 000,416,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Aanmeldhulp voor Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Koppelingen) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cm106Sound] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (Reg Error: Value error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/Dcode/A...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1189574036640 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1188766528078 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Preloader van browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Cache-daemon voor onderdeelcategorieën - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Monirr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monirr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-02 04:29:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-15 23:31:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monirr\Bureaublad\OTL.exe
[2010-08-15 21:00:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monirr\Onlangs geopend
[2010-08-15 20:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\2010
[2010-08-11 19:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-08-09 20:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Kyo-NE
[2010-08-09 19:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\REI2
[2010-08-09 14:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\QLearning
[2010-08-07 23:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010-08-07 19:28:54 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010-08-07 14:31:41 | 000,000,000 | R--D | C] -- C:\Program Files\MUGEN_JAM
[2010-08-07 14:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-08-07 14:25:40 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010-08-07 14:25:40 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010-08-07 14:12:14 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010-08-07 14:12:14 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010-08-07 14:12:14 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010-08-07 14:12:13 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010-08-07 14:12:13 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010-08-07 14:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010-08-07 14:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010-08-07 14:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010-08-07 13:35:02 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010-08-07 13:35:00 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-08-07 13:34:56 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010-08-07 13:34:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-08-07 13:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010-08-07 13:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-08-06 03:13:29 | 007,733,248 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System\CM106.cpl
[2010-08-06 03:13:29 | 000,278,528 | ---- | C] (C-Media) -- C:\WINDOWS\System32\CM106rm.exe
[2010-08-06 03:12:58 | 000,278,528 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\Cmi106Uninstall.exe
[2010-08-06 03:11:42 | 001,506,304 | ---- | C] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\CM106.sys
[2010-08-06 03:11:42 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\fltr106.dll
[2010-08-06 03:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trust 5.1 Surround Headset
[2010-08-06 03:11:00 | 000,000,000 | ---D | C] -- C:\download
[2010-08-06 02:27:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-08-06 02:27:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-08-06 02:27:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-08-06 01:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\Infection
[2010-08-05 22:38:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-08-05 22:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-08-05 22:38:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-08-05 22:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-08-05 20:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010-08-05 20:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010-08-05 20:54:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010-08-05 20:50:43 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010-08-05 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\Tv-opnamen
[2010-08-05 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-08-05 19:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010-08-05 19:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-08-05 19:22:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010-08-05 19:18:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010-08-05 18:49:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-08-05 18:48:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010-08-05 18:48:20 | 000,025,471 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010-08-05 18:48:20 | 000,022,271 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010-08-05 18:48:20 | 000,011,935 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010-08-05 18:48:20 | 000,011,871 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010-08-05 18:48:20 | 000,011,807 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010-08-05 18:48:20 | 000,011,325 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010-08-05 18:48:20 | 000,011,295 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010-08-05 18:48:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010-08-05 18:48:14 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010-08-05 18:48:14 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010-08-05 18:48:14 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010-08-05 18:48:14 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010-08-05 18:48:14 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010-08-05 18:48:14 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010-08-05 18:48:14 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010-08-05 18:48:14 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010-08-05 18:48:14 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010-08-05 18:48:14 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010-08-05 18:48:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010-08-05 18:48:14 | 000,003,901 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010-08-05 18:48:12 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010-08-05 18:48:12 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010-08-05 18:48:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010-08-05 18:48:12 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010-08-05 18:48:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010-08-05 18:48:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010-08-05 18:48:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010-08-05 18:48:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010-08-05 18:48:11 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010-08-05 18:48:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010-08-05 18:48:08 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010-08-05 18:48:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010-08-05 18:48:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010-08-05 18:48:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010-08-05 18:48:07 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010-08-05 18:48:06 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010-08-05 18:48:06 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010-08-05 18:48:06 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010-08-05 18:48:06 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010-08-05 18:48:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010-08-05 18:48:06 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010-08-05 18:48:06 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010-08-05 18:48:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010-08-05 18:48:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010-08-05 18:48:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010-08-05 18:48:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010-08-05 18:48:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010-08-05 18:48:00 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010-08-05 18:47:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010-08-05 18:47:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010-08-05 18:47:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010-08-05 18:47:51 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010-08-05 18:47:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010-08-05 18:47:48 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010-08-05 18:47:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010-08-05 18:47:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010-08-05 18:47:48 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010-08-05 18:47:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010-08-05 18:47:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010-08-05 18:47:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010-08-05 18:47:47 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010-08-05 18:47:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010-08-05 18:47:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010-08-05 18:47:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010-08-05 18:47:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010-08-05 18:47:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010-08-05 18:47:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010-08-05 18:47:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010-08-05 18:47:43 | 000,015,423 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010-08-05 18:47:42 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010-08-05 18:47:42 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010-08-05 18:47:42 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010-08-05 18:47:42 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010-08-05 18:47:42 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010-08-05 18:47:42 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010-08-05 18:47:42 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010-08-05 18:47:42 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010-08-05 18:47:42 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010-08-05 18:47:42 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010-08-05 18:47:42 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010-08-05 18:47:42 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010-08-05 18:47:42 | 000,025,471 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010-08-05 18:47:42 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010-08-05 18:47:42 | 000,021,183 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010-08-05 18:47:42 | 000,017,279 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010-08-05 18:47:42 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010-08-05 18:47:42 | 000,014,143 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010-08-05 18:47:42 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010-08-05 18:47:42 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010-08-05 18:47:42 | 000,011,359 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010-08-05 18:47:42 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010-08-05 18:47:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010-08-05 18:47:41 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010-08-05 18:47:41 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010-08-05 18:47:41 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010-08-05 18:47:41 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010-08-05 18:47:41 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010-08-05 18:47:41 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010-08-05 18:47:41 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010-08-05 18:47:41 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010-08-05 18:47:41 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010-08-05 18:47:41 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010-08-05 18:47:41 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010-08-05 18:47:40 | 000,004,255 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010-08-05 18:47:40 | 000,003,967 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010-08-05 18:47:40 | 000,003,775 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010-08-05 18:47:40 | 000,003,711 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010-08-05 18:47:40 | 000,003,647 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010-08-05 18:47:40 | 000,003,615 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010-08-05 18:47:40 | 000,003,135 | ---- | C] (IntelŪ Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010-08-05 18:33:34 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010-08-05 18:33:30 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010-08-05 18:33:30 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010-08-05 18:33:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-08-05 18:33:04 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010-08-05 18:33:00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-08-05 18:32:41 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010-08-05 18:32:02 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010-08-05 18:31:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-08-05 18:31:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010-08-05 18:31:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010-08-05 18:31:37 | 002,194,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010-08-05 18:31:36 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010-08-05 18:31:35 | 002,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010-08-05 18:31:28 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010-08-05 18:31:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010-08-05 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010-08-05 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010-08-05 18:17:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010-08-05 17:26:14 | 000,000,000 | ---D | C] -- C:\8bed1362ac392363b1546e03
[2010-08-05 17:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Downloads
[2010-08-05 17:07:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2010-08-05 17:07:12 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2010-08-05 17:07:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2010-08-05 17:07:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2010-08-05 17:07:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2010-08-05 17:07:04 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010-08-05 17:06:58 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010-08-05 17:06:58 | 000,031,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010-08-05 17:06:57 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010-08-05 17:06:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010-08-05 17:06:52 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010-08-05 17:06:51 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010-08-05 17:06:51 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010-08-05 17:06:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010-08-05 17:06:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010-08-05 17:06:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010-08-05 17:06:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010-08-05 17:06:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010-08-05 17:06:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010-08-05 17:06:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010-08-05 17:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010-08-05 17:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010-08-05 17:06:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010-08-05 17:06:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010-08-05 17:06:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010-08-05 17:06:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010-08-05 17:06:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010-08-05 17:06:41 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010-08-05 17:06:41 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010-08-05 17:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010-08-05 17:06:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010-08-05 17:06:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010-08-05 17:06:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010-08-05 17:06:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010-08-05 17:06:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010-08-05 17:06:30 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010-08-05 17:06:16 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010-08-05 17:06:16 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010-08-05 17:06:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010-08-05 17:05:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010-08-05 17:05:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010-08-05 17:05:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010-08-05 17:05:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010-08-05 17:05:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010-08-05 17:05:56 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010-08-05 17:05:56 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010-08-05 17:05:56 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010-08-05 17:05:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010-08-05 17:05:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010-08-05 17:05:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010-08-05 17:05:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010-08-05 17:05:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010-08-05 17:05:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010-08-05 17:05:45 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010-08-05 17:05:36 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010-08-05 17:05:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010-08-05 17:05:34 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010-08-05 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010-08-05 17:00:55 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010-08-05 16:34:02 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2010-08-05 16:34:02 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010-08-05 16:34:02 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010-08-05 16:34:02 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010-08-05 16:34:02 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010-08-05 16:34:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010-08-05 16:34:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010-08-05 16:34:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010-08-05 16:34:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010-08-05 16:34:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2010-08-05 16:34:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010-08-05 16:34:00 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2010-08-05 16:34:00 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010-08-05 16:34:00 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010-08-05 16:34:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010-08-05 16:33:59 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010-08-05 16:33:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010-08-05 16:33:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010-08-05 16:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010-08-05 16:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010-08-04 21:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\reinstall
[2010-08-02 11:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Æ-ÅÝö+SND
[2010-08-01 19:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\rr
[2010-07-28 15:11:34 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010-07-28 15:10:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-07-25 09:54:56 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010-07-25 09:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010-07-23 22:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Anti-Malware
[2010-07-20 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\mugen
[2010-07-19 13:36:44 | 000,000,000 | ---D | C] -- C:\fd8a68ed42948fc476ab4866147b
[2010-07-19 08:02:09 | 000,000,000 | ---D | C] -- C:\8a7c5214cd25967d327b35
[2010-07-19 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\GCA
[2010-07-19 06:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-08-15 23:43:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C76BF1C3-A81C-457B-A5A9-05F60B618A63}.job
[2010-08-15 23:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monirr\Bureaublad\OTL.exe
[2010-08-15 23:31:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\MBRCheck.exe
[2010-08-15 23:27:44 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-08-15 23:27:29 | 000,633,864 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-08-15 23:27:29 | 000,532,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-15 23:27:29 | 000,143,208 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-08-15 23:27:29 | 000,109,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-15 23:27:28 | 001,441,108 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-15 23:26:47 | 000,013,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-15 23:25:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-15 23:25:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-15 23:25:48 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-15 23:25:01 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Monirr\NTUSER.DAT
[2010-08-15 23:23:55 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\Monirr\ntuser.ini
[2010-08-15 22:33:53 | 030,579,806 | ---- | M] () -- C:\Documents and Settings\Monirr\Mijn documenten\Shuh v0.68.zip
[2010-08-15 22:03:39 | 000,002,878 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-08-15 21:03:17 | 000,416,674 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-15 20:17:40 | 000,167,695 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\tro550.JPG
[2010-08-15 17:55:41 | 063,466,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-08-15 02:23:01 | 000,001,583 | ---- | M] () -- C:\WINDOWS\System\Cm106.ini
[2010-08-14 20:38:39 | 000,220,266 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\tro.JPG
[2010-08-13 18:30:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Scannen op virussen via McAfee.com - Mijn computer (HAFIDA-Monir).job
[2010-08-11 19:18:49 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-11 19:16:24 | 000,001,154 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-08-09 21:30:08 | 048,381,496 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\jn29fdf5.exe
[2010-08-07 14:02:17 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\COMODO Firewall.lnk
[2010-08-07 13:35:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010-08-07 13:35:03 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2010-08-07 13:35:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-08-07 13:34:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010-08-07 13:34:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-08-07 13:34:54 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010-08-07 03:16:31 | 000,415,934 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100815-210316.backup
[2010-08-06 18:24:59 | 000,028,354 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware2.JPG
[2010-08-06 04:26:10 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Monirr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-06 03:18:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Monirr\defogger_reenable
[2010-08-06 03:13:29 | 000,000,125 | ---- | M] () -- C:\WINDOWS\Cm106.ini.cfl
[2010-08-06 02:14:49 | 002,096,656 | -H-- | M] () -- C:\Documents and Settings\Monirr\Local Settings\Application Data\IconCache.db
[2010-08-06 02:14:22 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-08-05 23:08:25 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2010-08-05 22:50:21 | 000,137,454 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware.JPG
[2010-08-05 22:48:19 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-08-05 20:50:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-08-05 20:50:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-08-05 19:35:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-08-05 19:20:49 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010-08-05 17:09:50 | 000,059,890 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-08-05 17:04:34 | 000,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-05 17:03:49 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-08-05 17:03:49 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-08-05 17:01:40 | 000,038,492 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-08-05 17:00:03 | 000,000,318 | -HS- | M] () -- C:\boot.ini
[2010-08-05 16:37:09 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010-08-05 16:34:09 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-08-05 16:34:09 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System\oeminfo.ini
[2010-08-05 16:34:04 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-08-05 16:06:50 | 000,206,961 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-07-29 19:00:38 | 009,201,311 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\forteManager_V3.18.zip
[2010-07-29 17:54:41 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Monirr\null
[2010-07-28 14:54:39 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\LET OP.doc
[2010-07-27 08:30:32 | 008,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010-07-27 05:02:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\CCleaner.lnk
[2010-07-21 22:58:42 | 000,414,747 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100807-031631.backup
[2010-07-19 04:19:05 | 000,087,287 | ---- | M] () -- C:\Documents and Settings\Monirr\Mijn documenten\motvn.png
[2010-07-19 03:18:32 | 000,121,268 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\sabri trojan2.JPG
[2010-07-17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-07-17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-07-17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-07-17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-15 23:31:21 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\MBRCheck.exe
[2010-08-15 22:33:51 | 030,579,806 | ---- | C] () -- C:\Documents and Settings\Monirr\Mijn documenten\Shuh v0.68.zip
[2010-08-15 20:17:40 | 000,167,695 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\tro550.JPG
[2010-08-14 20:38:39 | 000,220,266 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\tro.JPG
[2010-08-09 21:30:05 | 048,381,496 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\jn29fdf5.exe
[2010-08-07 14:28:21 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2010-08-07 14:25:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-08-07 14:25:40 | 000,205,156 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-08-07 14:25:40 | 000,063,416 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-08-07 14:25:40 | 000,021,682 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010-08-07 14:25:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-08-07 14:12:14 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-08-07 14:12:14 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-08-07 14:12:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-08-07 14:12:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-07 14:12:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-08-07 14:02:17 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\COMODO Firewall.lnk
[2010-08-07 13:35:03 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2010-08-07 13:34:54 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010-08-07 13:34:48 | 063,466,956 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-08-06 18:24:59 | 000,028,354 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware2.JPG
[2010-08-06 03:18:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Monirr\defogger_reenable
[2010-08-06 03:13:29 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System\cmau106.dll
[2010-08-06 03:13:29 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System\cm106eye.exe
[2010-08-06 03:13:29 | 000,001,583 | ---- | C] () -- C:\WINDOWS\System\Cm106.ini
[2010-08-06 03:13:29 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010-08-06 03:12:59 | 000,001,249 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010-08-06 03:12:58 | 000,000,766 | ---- | C] () -- C:\WINDOWS\trust_icon.ico
[2010-08-06 03:12:57 | 000,001,206 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2010-08-05 23:08:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2010-08-05 22:50:21 | 000,137,454 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware.JPG
[2010-08-05 22:44:10 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-08-05 18:48:07 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010-08-05 18:47:52 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010-08-05 18:47:45 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010-08-05 18:47:42 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010-08-05 17:05:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010-08-05 17:05:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010-08-05 17:05:43 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010-08-05 17:05:43 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010-08-05 17:05:43 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010-08-05 17:05:43 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010-08-05 17:05:42 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010-08-05 17:03:49 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-08-05 16:37:09 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010-08-05 16:34:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System\oeminfo.ini
[2010-08-05 16:34:02 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010-08-05 16:34:00 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010-08-05 16:33:58 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010-08-05 16:33:58 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010-08-05 16:33:39 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-08-05 16:33:39 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010-08-05 16:33:39 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-08-05 16:33:39 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010-08-05 16:33:39 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-08-05 16:33:39 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-08-05 16:33:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-08-05 16:33:39 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010-08-05 16:33:38 | 000,808,234 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-08-05 16:33:38 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010-08-05 16:00:17 | 000,206,961 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010-07-29 19:00:24 | 009,201,311 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\forteManager_V3.18.zip
[2010-07-28 15:16:17 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\Monirr\null
[2010-07-28 14:54:39 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\LET OP.doc
[2010-07-26 06:11:28 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-07-19 04:38:12 | 000,087,287 | ---- | C] () -- C:\Documents and Settings\Monirr\Mijn documenten\motvn.png
[2010-07-19 03:18:32 | 000,121,268 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\sabri trojan2.JPG
[2010-07-13 02:52:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010-05-28 22:31:24 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010-05-03 05:19:54 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-04-07 00:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010-03-03 02:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010-02-09 23:21:55 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009-12-19 17:31:07 | 000,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009-11-14 20:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-08-27 21:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009-08-27 21:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009-08-27 21:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009-08-25 20:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009-08-25 19:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009-08-25 18:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009-08-10 23:45:08 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-08-10 23:45:08 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009-08-10 23:45:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-08-10 23:45:08 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-07-31 03:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009-06-02 19:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009-06-02 19:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009-06-02 19:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009-06-02 19:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009-06-02 19:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009-06-02 19:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009-06-02 19:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009-06-02 19:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009-01-11 00:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009-01-11 00:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009-01-11 00:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009-01-11 00:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009-01-11 00:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009-01-11 00:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009-01-11 00:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009-01-11 00:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009-01-11 00:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009-01-11 00:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-01-16 00:19:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Star Divx Converter.INI
[2008-01-15 22:41:18 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2007-11-21 18:31:39 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007-10-13 11:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007-06-21 06:14:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007-04-05 07:26:07 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9.INI
[2007-04-05 07:23:44 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2007-03-30 12:50:08 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2007-03-18 15:54:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007-03-18 15:53:17 | 000,024,294 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007-03-18 15:53:16 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007-03-18 15:52:46 | 000,012,303 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007-03-18 15:52:45 | 000,060,360 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007-03-18 15:52:45 | 000,014,997 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007-03-18 15:52:44 | 000,017,921 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007-02-13 00:43:36 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007-02-13 00:43:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007-02-09 05:21:39 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007-02-09 05:21:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007-01-26 00:03:44 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2007-01-26 00:03:44 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2007-01-19 11:55:27 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\fiddrv.sys
[2007-01-14 07:58:02 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2007-01-14 07:57:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2006-12-20 20:02:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-12-19 01:38:59 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\D912550581.sys
[2006-12-18 19:43:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006-12-18 15:09:47 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-12-14 07:49:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-12-14 07:43:33 | 000,002,878 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-12-14 07:43:29 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006-12-14 07:41:38 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006-12-14 07:41:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006-12-14 07:41:13 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006-12-14 07:21:22 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006-12-14 07:20:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006-12-14 07:20:38 | 000,000,331 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-10-13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005-11-10 10:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-08-31 14:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004-08-10 06:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003-04-07 14:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-06 20:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-05 01:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 01:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-05-16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2010-08-07 13:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-02-09 23:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009-01-07 04:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010-08-15 22:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-19 06:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
[2010-01-05 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-08-05 21:59:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010-02-22 11:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\AnvSoft
[2010-02-17 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Auslogics
[2009-04-21 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\FLVPlayer4Free
[2009-10-15 14:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\IObit
[2010-06-08 03:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Jasc
[2010-07-16 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\PrimoPDF
[2008-08-13 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Windows Desktop Search
[2008-08-13 14:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Windows Search
[2010-08-13 18:30:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Scannen op virussen via McAfee.com - Mijn computer (HAFIDA-Monir).job
[2010-08-15 23:43:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C76BF1C3-A81C-457B-A5A9-05F60B618A63}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >





OTL Extras logfile created on: 15-8-2010 23:41:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Monirr\Bureaublad
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 460,95 Gb Total Space | 6,56 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANHAJI
Current User Name: Monirr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro 9] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{071BE447-3695-F9B8-7EDC-53F5EFE3AE00}" = CCC Help Finnish
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = IntelŪ PRO Network Connections
"{0A705373-32DC-1B7B-3400-9892DC2ACF60}" = CCC Help Czech
"{0AAA7713-51D4-F755-2951-3AE7463F51CC}" = ccc-core-static
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18BA2F73-9F8E-4938-860E-F7BC31531608}" = Windows Communication Foundation Language Pack - NLD
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D83D418-BB45-9208-8214-8D9E7DFE4F66}" = CCC Help Korean
"{1E25EB43-190C-BEFC-B3F9-DB5B05F51B7B}" = CCC Help Greek
"{1E395546-48A0-82CB-CE38-5AF4ECDAABD3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2CDF3DBD-05CA-FC13-02DB-FD3EB172A61C}" = ATI AVIVO Codecs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{305698E3-92B9-B581-171D-8C6E8B9CB856}" = CCC Help German
"{32D6FFEA-2D1B-67B5-1AF8-0AA38A9A8727}" = CCC Help Norwegian
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{39CFD18A-DEC5-BF9F-14E1-BE981C8CD5D5}" = CCC Help Swedish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CEF700B-BCCD-FF29-808A-771DF96E01D0}" = Catalyst Control Center Graphics Light
"{410DB4DE-354D-F472-F66D-FCFF345A8960}" = Catalyst Control Center Graphics Previews Common
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4477E155-BDBD-B518-0475-1146291C7F0E}" = CCC Help French
"{469B59C4-DA0D-F60C-18AA-B7564CF37042}" = CCC Help Italian
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED025FF-6CB5-2C46-7ACF-16AB87D08BDC}" = CCC Help Hungarian
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54185281-1F34-4A1C-10B6-0F8BB8649451}" = CCC Help Japanese
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B4CE043-7A73-687F-3D27-DFA62CCECD85}" = Catalyst Control Center HydraVision Full
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
"{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
"{671EE891-FFEF-1BB9-F4D0-CEE0C5152683}" = CCC Help Dutch
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADB18E5-6374-FCD1-F6FF-3F7F44969399}" = CCC Help Russian
"{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English
"{7191C910-3F72-B2CA-0FA5-F0E78F5F8FD2}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{753AD4CC-09EA-DCF7-D63A-557AB9CE5ABC}" = Catalyst Control Center Graphics Full New
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{7DD28F2C-70D6-0073-C9BB-E42DCA541DC3}" = CCC Help English
"{7E100CD7-2BB0-9C94-F043-0AB7B6DC846B}" = ccc-core-preinstall
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF7104-D3B1-EE9F-7101-7839B495A6D4}" = CCC Help Chinese Standard
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŪ Matrix Storage Manager
"{91110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{9310A779-026D-6B4E-2EDE-8724FB13B16E}" = CCC Help Spanish
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility
"{9928AB18-30E3-3CF4-99E3-9157741CED64}" = Catalyst Control Center Localization All
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A06BD059-8EDE-41F3-B91A-73C2C6811187}" = Windows Workflow Foundation NL Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25E065C-F616-44C1-A6CE-783F22C37E42}" = Divide It!
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34634B7-A7BE-3AB0-9742-1383CC493C3A}" = CCC Help Turkish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABABA771-A1A5-7D25-4543-F7A14D3A9CB2}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = globaldk
"{B4028FD0-C235-F4E4-F6E3-A45042CDD9EB}" = CCC Help Thai
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B0653E-0EC4-1949-57DC-27C92EB559EA}" = CCC Help Danish
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCBA2B08-D769-EA39-4415-33EDB0B14EF3}" = CCC Help Polish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFA94371-CA37-D4AD-F28E-17A32CA6D10A}" = CCC Help Chinese Traditional
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4F01470-30A1-1EB7-6808-0A89ED4F70E2}" = ccc-utility
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
"{DA85F579-3C60-A492-6B3F-9F4C85529C9E}" = ATI Catalyst Install Manager
"{DC42B262-0B91-6B8E-244B-0530827B0C58}" = CCC Help Portuguese
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5407E8B-DABF-4EBE-807E-809DA7D50CBC}" = 2Moons
"{E61BF21F-F90A-7E22-1F21-942FC7FA3E18}" = Catalyst Control Center Core Implementation
"{EF434C52-D882-43DB-8777-EC7B10D8943C}" = America's Army
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FA0BC743-0C8D-40C1-A074-BD4825A75A77}" = TubeHunter Ultra
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Athan" = Athan Basic 3.8
"AVG9Uninstall" = AVG Free 9.0
"AVIConverter" = AVIConverter 3.0
"burnatonce_is1" = burnatonce
"CCleaner" = CCleaner
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Creative Audio Pack" = Creative Audiopakket
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"Fraps" = Fraps
"Free Video Converter_is1" = Free Video Converter V 1.0
"Generic USB 106 Sound" = Trust 5.1 Surround Headset
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"Juz30_is1" = Juz30 2.2 Beta
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
"Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Microsoft .NET Framework 3.5 Language Pack SP1 - enu
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Reciter_2.0" = Reciter 2.0
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Sound Blaster Audigy ADVANCED MB Product Registration" = Productregistratie Sound Blaster Audigy ADVANCED MB
"SpywareBlaster_is1" = SpywareBlaster 4.3
"TVUPlayer" = TVUPlayer 2.4.5.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
"VirtuallTek Fighter Factory_is1" = Fighter Factory 1.0.12.2005 (Update Pack 3)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freenet 0.7 installer" = Freenet 0.7 installer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14-8-2010 6:13:50 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3024
Description =

Error - 14-8-2010 6:15:59 | Computer Name = SANHAJI | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 15-8-2010 5:29:32 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 5:29:32 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 5:29:32 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 5:29:32 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 13:45:15 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 13:45:16 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 13:45:16 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

Error - 15-8-2010 13:45:16 | Computer Name = SANHAJI | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 8-8-2010 20:05:17 | Computer Name = SANHAJI | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.34 voor de netwerkkaart met netwerkadres
0019D11CB805 is geweigerd door de DHCP-server 192.168.1.254. De DHCP-server heeft
een DHCPNACK-bericht gezonden.

Error - 9-8-2010 12:54:49 | Computer Name = SANHAJI | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.35 voor de netwerkkaart met netwerkadres
0019D11CB805 is geweigerd door de DHCP-server 192.168.1.254. De DHCP-server heeft
een DHCPNACK-bericht gezonden.

Error - 9-8-2010 15:35:28 | Computer Name = SANHAJI | Source = Service Control Manager | ID = 7023
Description = De WMI-prestatieadapter-service is gestopt met de volgende foutcode:
%%2147500037.

Error - 11-8-2010 12:49:35 | Computer Name = SANHAJI | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.34 voor de netwerkkaart met netwerkadres
0019D11CB805 is geweigerd door de DHCP-server 192.168.1.254. De DHCP-server heeft
een DHCPNACK-bericht gezonden.

Error - 12-8-2010 21:10:56 | Computer Name = SANHAJI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context mislukt voor C:\WINDOWS\system32\dpl100.dll.
Foutmelding
voor referentie: De bewerking is voltooid. .

Error - 13-8-2010 21:51:20 | Computer Name = SANHAJI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context mislukt voor C:\WINDOWS\system32\dpl100.dll.
Foutmelding
voor referentie: De bewerking is voltooid. .

Error - 14-8-2010 15:29:16 | Computer Name = SANHAJI | Source = Service Control Manager | ID = 7023
Description = De WMI-prestatieadapter-service is gestopt met de volgende foutcode:
%%2147500037.


< End of report >


(Edit, do 1 of these scans change any system settings? because I was not hidding the hidden files and maps, but after the scans the files and maps got hidden again (alhough I remember reading it was advised to do so although i dont know why)

Edited by wenapee, 15 August 2010 - 05:47 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 15 August 2010 - 05:45 PM

Just a little clean up but more importantly no signs of malware found here. smile.gif


Run OTL again

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva010) -- C:\WINDOWS\System32\XDva010.sys File not found
DRV - (XDva009) -- C:\WINDOWS\System32\XDva009.sys File not found
DRV - (vtayn) -- C:\DOCUME~1\Monirr\LOCALS~1\Temp\vtayn.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please also run MBAM at this point

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#7 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 15 August 2010 - 06:10 PM

Do 1 of the previous scans change any system settings? because I was not hidding the hidden files and maps, but somewhere after the scans the files and maps got hidden again (alhough I remember reading it was advised to do so although i dont know why)

OTL log:

========== OTL ==========
Service xhunter1 stopped successfully!
Service xhunter1 deleted successfully!
File C:\WINDOWS\xhunter1.sys File not found not found.
Service XDva010 stopped successfully!
Service XDva010 deleted successfully!
File C:\WINDOWS\System32\XDva010.sys File not found not found.
Service XDva009 stopped successfully!
Service XDva009 deleted successfully!
File C:\WINDOWS\System32\XDva009.sys File not found not found.
Service vtayn stopped successfully!
Service vtayn deleted successfully!
File C:\DOCUME~1\Monirr\LOCALS~1\Temp\vtayn.sys File not found not found.
Service vtany stopped successfully!
Service vtany deleted successfully!
File C:\WINDOWS\vtany.sys File not found not found.
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File C:\WINDOWS\System32\Drivers\usbaapl.sys File not found not found.
Service DSproct stopped successfully!
Service DSproct deleted successfully!
File C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.9.1 log created on 08162010_010546

Will run MBAM scan now, full scan will take 5-8 hours so will add MBAM logs when done.

#8 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 16 August 2010 - 01:03 PM

MBAM logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4434

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16-8-2010 7:40:00
mbam-log-2010-08-16 (07-40-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 347011
Time elapsed: 6 hour(s), 24 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 16 August 2010 - 06:30 PM

QUOTE
Do 1 of the previous scans change any system settings?


Nothing I've asked you to run would do that.

It is advised to keep them hidden but we do advise that they are shown when cleaning your PC.

The MBAM's clear too. Any symptoms at the moment?


Please run ESET
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#10 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 16 August 2010 - 07:42 PM

I did not had any real visual symptoms of an malware infections like that of other users have on this forum. The only thing that I have (after fixing the unability to install some windows security updates) wich I described in my first post, wich is that Windows things that my antivirus program is a program called "AntiMalware". I only recognized it after I wanted to reinstall AVG, wich told me to uninstall "AntiMalware", wich I dont know that i had installed, and does not have an uninstaller.

(It could be traces of an previous infection, because ones there was a program wich an other user on this pc accidently installed, wich looks similar as "AntiMalware Doctor", it even unstalled MBAM, this happend few months ago, and the main infection seem to have been removed).

As mentioned in my first post, I installed AVG, windows security center is telling me that AVG is installed, and no longer "AntiMalware". Should I uninstall AVG, to see wheter or not windows still thinks that "AntiMalware" is "protecting" my pc?

I will perform the ESET online scan now, but I dont expect it to find anything, as I already performed the scan as mentioned in my first post.

Edited by wenapee, 16 August 2010 - 07:44 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 16 August 2010 - 07:47 PM

After ESET please run Superantispyware which is very good for spotting this infection's many registry entries.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#12 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 17 August 2010 - 02:04 AM

ESET scan did not find anything

SUPERAntiSpyware only found tracking cookies from an other user on this pc:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2009 at 05:58 PM

Application Version : 4.32.1000

Core Rules Database Version : 4419
Trace Rules Database Version: 2246

Scan type : Complete Scan
Total Scan Time : 00:54:31

Memory items scanned : 729
Memory threats detected : 0
Registry items scanned : 7637
Registry threats detected : 0
File items scanned : 43897
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\SXXXX\Cookies\sabri@www.mediafire[2].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@ads.ad4game[2].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@www.dbz-media[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@xiti[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@ad.zanox[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@www.xxxx[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@rts.pgmediaserve[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@server.cpmstar[1].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@mediafire[2].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@xxxx[2].txt
C:\Documents and Settings\SXXXX\Cookies\sabri@content.yieldmanager[2].txt

(I edited out the user name and 2 cookies)

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 AM

Posted 17 August 2010 - 06:27 PM

So that shows that we have cleaned the PC as far as possible.

Please run OTL and post a new log
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#14 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 17 August 2010 - 07:02 PM

OTL log with the settinga u descibed in the first OTL scan:

OTL logfile created on: 18-8-2010 1:55:42 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Monirr\Bureaublad
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 460,95 Gb Total Space | 1,89 Gb Free Space | 0,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 983,70 Mb Total Space | 405,86 Mb Free Space | 41,26% Space Free | Partition Type: FAT

Computer Name: SANHAJI
Current User Name: Monirr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monirr\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Documents and Settings\Monirr\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\system\cm106eye.exe ()
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\WINDOWS\system32\pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Monirr\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pmxscrll.dll (Primax Electronics Ltd.)
MOD - C:\WINDOWS\system32\pmxcomm.dll (Primax Electronics Ltd.)
MOD - C:\WINDOWS\system32\pmxhooks.dll (Primax Electronics Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) SMTP (Simple Mail Transfer Protocol) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USBMULCD) -- C:\WINDOWS\system32\drivers\CM106.sys (C-Media Electronics Inc)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (usbaudio) Stuurprogramma voor USB-audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (fiddrv) -- C:\WINDOWS\system32\drivers\fiddrv.sys ()
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems)
DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (rockusb) -- C:\WINDOWS\system32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sahihalbukhari.com/sps/sbk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC AD 48 F3 D9 21 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100723W
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ubvu.vu.nl/ubvu.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010-08-05 20:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-07-12 17:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-08-07 13:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-07 14:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-12 17:38:44 | 000,000,000 | ---D | M]

[2008-08-28 01:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Extensions
[2008-08-28 01:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-08-17 10:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions
[2010-04-29 19:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-01 21:52:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-29 11:34:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-09-26 06:14:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-11-21 05:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Mozilla\Firefox\Profiles\umzkqq4o.default\extensions\firefox@tvunetworks.com
[2010-08-17 10:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-03-31 01:09:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-25 08:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-05-29 11:49:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2010-07-12 17:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-06 02:27:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-25 08:26:18 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010-07-25 08:26:18 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2006-09-03 13:12:48 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-09-25 18:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010-07-25 08:26:28 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007-03-22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010-06-17 02:28:32 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010-07-25 08:26:30 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010-07-25 08:26:30 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010-07-25 08:26:30 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010-07-25 08:26:30 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010-07-25 08:26:30 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010-07-25 08:26:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010-07-25 08:26:30 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010-08-15 21:03:17 | 000,416,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Aanmeldhulp voor Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Koppelingen) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cm106Sound] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (Reg Error: Value error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/Dcode/A...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1189574036640 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1188766528078 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Preloader van browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Cache-daemon voor onderdeelcategorieën - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Monirr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Monirr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-02 04:29:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-18 01:46:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Monirr\Onlangs geopend
[2010-08-16 21:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\GEEN GELUID
[2010-08-15 23:31:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monirr\Bureaublad\OTL.exe
[2010-08-11 19:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-08-09 20:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Kyo-NE
[2010-08-09 19:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\REI2
[2010-08-09 14:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\QLearning
[2010-08-07 23:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010-08-07 19:28:54 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010-08-07 14:31:41 | 000,000,000 | R--D | C] -- C:\Program Files\MUGEN_JAM
[2010-08-07 14:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-08-07 14:25:40 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010-08-07 14:25:40 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010-08-07 14:12:14 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010-08-07 14:12:14 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010-08-07 14:12:14 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010-08-07 14:12:13 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010-08-07 14:12:13 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010-08-07 14:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010-08-07 14:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010-08-07 14:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010-08-07 13:35:02 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010-08-07 13:35:00 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-08-07 13:34:56 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010-08-07 13:34:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-08-07 13:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010-08-07 13:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-08-06 03:13:29 | 007,733,248 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System\CM106.cpl
[2010-08-06 03:13:29 | 000,278,528 | ---- | C] (C-Media) -- C:\WINDOWS\System32\CM106rm.exe
[2010-08-06 03:12:58 | 000,278,528 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\Cmi106Uninstall.exe
[2010-08-06 03:11:42 | 001,506,304 | ---- | C] (C-Media Electronics Inc) -- C:\WINDOWS\System32\drivers\CM106.sys
[2010-08-06 03:11:42 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\fltr106.dll
[2010-08-06 03:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trust 5.1 Surround Headset
[2010-08-06 03:11:00 | 000,000,000 | ---D | C] -- C:\download
[2010-08-06 02:27:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-08-06 02:27:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-08-06 02:27:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-08-06 01:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\Infection
[2010-08-05 22:38:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-08-05 22:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-08-05 22:38:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-08-05 22:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-08-05 20:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010-08-05 20:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010-08-05 20:54:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010-08-05 20:50:43 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010-08-05 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\Tv-opnamen
[2010-08-05 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-08-05 19:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010-08-05 19:35:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-08-05 19:22:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010-08-05 19:18:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010-08-05 18:49:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-08-05 18:48:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010-08-05 18:48:20 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010-08-05 18:48:20 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010-08-05 18:48:20 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010-08-05 18:48:20 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010-08-05 18:48:20 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010-08-05 18:48:20 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010-08-05 18:48:20 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010-08-05 18:48:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010-08-05 18:48:14 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010-08-05 18:48:14 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010-08-05 18:48:14 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010-08-05 18:48:14 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010-08-05 18:48:14 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010-08-05 18:48:14 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010-08-05 18:48:14 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010-08-05 18:48:14 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010-08-05 18:48:14 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010-08-05 18:48:14 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010-08-05 18:48:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010-08-05 18:48:14 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010-08-05 18:48:12 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010-08-05 18:48:12 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010-08-05 18:48:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010-08-05 18:48:12 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010-08-05 18:48:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010-08-05 18:48:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010-08-05 18:48:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010-08-05 18:48:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010-08-05 18:48:11 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010-08-05 18:48:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010-08-05 18:48:08 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010-08-05 18:48:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010-08-05 18:48:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010-08-05 18:48:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010-08-05 18:48:07 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010-08-05 18:48:06 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010-08-05 18:48:06 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010-08-05 18:48:06 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010-08-05 18:48:06 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010-08-05 18:48:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010-08-05 18:48:06 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010-08-05 18:48:06 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010-08-05 18:48:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010-08-05 18:48:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010-08-05 18:48:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010-08-05 18:48:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010-08-05 18:48:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010-08-05 18:48:00 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010-08-05 18:47:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010-08-05 18:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010-08-05 18:47:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010-08-05 18:47:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010-08-05 18:47:51 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010-08-05 18:47:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010-08-05 18:47:48 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010-08-05 18:47:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010-08-05 18:47:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010-08-05 18:47:48 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010-08-05 18:47:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010-08-05 18:47:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010-08-05 18:47:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010-08-05 18:47:47 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010-08-05 18:47:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010-08-05 18:47:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010-08-05 18:47:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010-08-05 18:47:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010-08-05 18:47:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010-08-05 18:47:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010-08-05 18:47:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010-08-05 18:47:43 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010-08-05 18:47:42 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010-08-05 18:47:42 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010-08-05 18:47:42 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010-08-05 18:47:42 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010-08-05 18:47:42 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010-08-05 18:47:42 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010-08-05 18:47:42 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010-08-05 18:47:42 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010-08-05 18:47:42 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010-08-05 18:47:42 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010-08-05 18:47:42 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010-08-05 18:47:42 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010-08-05 18:47:42 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010-08-05 18:47:42 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010-08-05 18:47:42 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010-08-05 18:47:42 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010-08-05 18:47:42 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010-08-05 18:47:42 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010-08-05 18:47:42 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010-08-05 18:47:42 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010-08-05 18:47:42 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010-08-05 18:47:42 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010-08-05 18:47:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010-08-05 18:47:41 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010-08-05 18:47:41 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010-08-05 18:47:41 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010-08-05 18:47:41 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010-08-05 18:47:41 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010-08-05 18:47:41 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010-08-05 18:47:41 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010-08-05 18:47:41 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010-08-05 18:47:41 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010-08-05 18:47:41 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010-08-05 18:47:41 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010-08-05 18:47:40 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010-08-05 18:47:40 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010-08-05 18:47:40 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010-08-05 18:47:40 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010-08-05 18:47:40 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010-08-05 18:47:40 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010-08-05 18:47:40 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010-08-05 18:33:34 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010-08-05 18:33:30 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010-08-05 18:33:30 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010-08-05 18:33:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-08-05 18:33:04 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010-08-05 18:33:00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-08-05 18:32:41 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010-08-05 18:32:02 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010-08-05 18:31:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-08-05 18:31:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010-08-05 18:31:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010-08-05 18:31:37 | 002,194,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010-08-05 18:31:36 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010-08-05 18:31:35 | 002,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010-08-05 18:31:28 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010-08-05 18:31:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010-08-05 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010-08-05 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010-08-05 18:17:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010-08-05 17:26:14 | 000,000,000 | ---D | C] -- C:\8bed1362ac392363b1546e03
[2010-08-05 17:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Downloads
[2010-08-05 17:07:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2010-08-05 17:07:12 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2010-08-05 17:07:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2010-08-05 17:07:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2010-08-05 17:07:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2010-08-05 17:07:04 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010-08-05 17:06:58 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010-08-05 17:06:58 | 000,031,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010-08-05 17:06:57 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010-08-05 17:06:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010-08-05 17:06:52 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010-08-05 17:06:51 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010-08-05 17:06:51 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010-08-05 17:06:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010-08-05 17:06:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010-08-05 17:06:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010-08-05 17:06:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010-08-05 17:06:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010-08-05 17:06:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010-08-05 17:06:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010-08-05 17:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010-08-05 17:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010-08-05 17:06:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010-08-05 17:06:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010-08-05 17:06:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010-08-05 17:06:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010-08-05 17:06:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010-08-05 17:06:41 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010-08-05 17:06:41 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010-08-05 17:06:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010-08-05 17:06:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010-08-05 17:06:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010-08-05 17:06:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010-08-05 17:06:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010-08-05 17:06:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010-08-05 17:06:30 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010-08-05 17:06:16 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010-08-05 17:06:16 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010-08-05 17:06:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010-08-05 17:05:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010-08-05 17:05:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010-08-05 17:05:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010-08-05 17:05:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010-08-05 17:05:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010-08-05 17:05:56 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010-08-05 17:05:56 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010-08-05 17:05:56 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010-08-05 17:05:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010-08-05 17:05:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010-08-05 17:05:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010-08-05 17:05:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010-08-05 17:05:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010-08-05 17:05:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010-08-05 17:05:45 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010-08-05 17:05:36 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010-08-05 17:05:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010-08-05 17:05:34 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010-08-05 17:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010-08-05 17:00:55 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010-08-05 16:34:02 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2010-08-05 16:34:02 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010-08-05 16:34:02 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010-08-05 16:34:02 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010-08-05 16:34:02 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010-08-05 16:34:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010-08-05 16:34:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010-08-05 16:34:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010-08-05 16:34:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010-08-05 16:34:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2010-08-05 16:34:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010-08-05 16:34:00 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2010-08-05 16:34:00 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010-08-05 16:34:00 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010-08-05 16:34:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010-08-05 16:33:59 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010-08-05 16:33:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010-08-05 16:33:44 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010-08-05 16:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010-08-05 16:33:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010-08-04 21:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\reinstall
[2010-08-02 11:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Æ-ÅÝö+SND
[2010-08-01 19:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\rr
[2010-07-28 15:11:34 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010-07-28 15:10:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-07-25 09:54:56 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010-07-25 09:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010-07-23 22:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Mijn documenten\Anti-Malware
[2010-07-20 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\mugen
[2010-07-19 13:36:44 | 000,000,000 | ---D | C] -- C:\fd8a68ed42948fc476ab4866147b
[2010-07-19 08:02:09 | 000,000,000 | ---D | C] -- C:\8a7c5214cd25967d327b35
[2010-07-19 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monirr\Bureaublad\GCA
[2010-07-19 06:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-08-18 01:58:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C76BF1C3-A81C-457B-A5A9-05F60B618A63}.job
[2010-08-18 01:45:54 | 000,013,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-17 18:00:11 | 063,535,211 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-08-17 17:55:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-17 17:55:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-17 17:55:50 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-17 13:43:17 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Monirr\NTUSER.DAT
[2010-08-17 13:42:50 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\Monirr\ntuser.ini
[2010-08-17 03:00:48 | 001,441,108 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-17 03:00:48 | 000,633,864 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-08-17 03:00:48 | 000,532,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-17 03:00:48 | 000,143,208 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-08-17 03:00:48 | 000,109,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-17 02:53:28 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-08-16 21:28:02 | 000,001,583 | ---- | M] () -- C:\WINDOWS\System\Cm106.ini
[2010-08-16 20:53:24 | 029,664,445 | ---- | M] () -- C:\Documents and Settings\Monirr\Mijn documenten\ƒPƒ“ƒVƒƒE_ƒXƒvƒ‰ƒCƒg‰đšƒf[ƒ^.zip
[2010-08-16 20:48:48 | 000,065,302 | ---- | M] () -- C:\Documents and Settings\Monirr\Mijn documenten\KENSHIRO_31.zip
[2010-08-15 23:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monirr\Bureaublad\OTL.exe
[2010-08-15 23:31:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\MBRCheck.exe
[2010-08-15 22:03:39 | 000,002,878 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-08-15 21:03:17 | 000,416,674 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-15 20:17:40 | 000,167,695 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\tro550.JPG
[2010-08-14 20:38:39 | 000,220,266 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\tro.JPG
[2010-08-13 18:30:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Scannen op virussen via McAfee.com - Mijn computer (HAFIDA-Monir).job
[2010-08-11 19:18:49 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-11 19:16:24 | 000,001,154 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-08-09 21:30:08 | 048,381,496 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\jn29fdf5.exe
[2010-08-07 14:02:17 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\COMODO Firewall.lnk
[2010-08-07 13:35:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010-08-07 13:35:03 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2010-08-07 13:35:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-08-07 13:34:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010-08-07 13:34:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-08-07 13:34:54 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010-08-07 03:16:31 | 000,415,934 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100815-210316.backup
[2010-08-06 18:24:59 | 000,028,354 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware2.JPG
[2010-08-06 04:26:10 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Monirr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-06 03:18:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Monirr\defogger_reenable
[2010-08-06 03:13:29 | 000,000,125 | ---- | M] () -- C:\WINDOWS\Cm106.ini.cfl
[2010-08-06 02:14:49 | 002,096,656 | -H-- | M] () -- C:\Documents and Settings\Monirr\Local Settings\Application Data\IconCache.db
[2010-08-06 02:14:22 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-08-05 23:08:25 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2010-08-05 22:50:21 | 000,137,454 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware.JPG
[2010-08-05 22:48:19 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-08-05 20:50:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-08-05 20:50:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-08-05 19:35:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-08-05 19:20:49 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010-08-05 17:09:50 | 000,059,890 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-08-05 17:04:34 | 000,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-05 17:03:49 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-08-05 17:03:49 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-08-05 17:01:40 | 000,038,492 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-08-05 17:00:03 | 000,000,318 | -HS- | M] () -- C:\boot.ini
[2010-08-05 16:37:09 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010-08-05 16:34:09 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010-08-05 16:34:09 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System\oeminfo.ini
[2010-08-05 16:34:04 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-08-05 16:06:50 | 000,206,961 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-07-29 19:00:38 | 009,201,311 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\forteManager_V3.18.zip
[2010-07-29 17:54:41 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Monirr\null
[2010-07-28 14:54:39 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\LET OP.doc
[2010-07-27 08:30:32 | 008,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010-07-27 05:02:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\CCleaner.lnk
[2010-07-21 22:58:42 | 000,414,747 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100807-031631.backup
[2010-07-19 04:19:05 | 000,087,287 | ---- | M] () -- C:\Documents and Settings\Monirr\Mijn documenten\motvn.png
[2010-07-19 03:18:32 | 000,121,268 | ---- | M] () -- C:\Documents and Settings\Monirr\Bureaublad\sabri trojan2.JPG
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-16 20:53:23 | 029,664,445 | ---- | C] () -- C:\Documents and Settings\Monirr\Mijn documenten\ƒPƒ“ƒVƒƒE_ƒXƒvƒ‰ƒCƒg‰đšƒf[ƒ^.zip
[2010-08-16 20:48:48 | 000,065,302 | ---- | C] () -- C:\Documents and Settings\Monirr\Mijn documenten\KENSHIRO_31.zip
[2010-08-15 23:31:21 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\MBRCheck.exe
[2010-08-15 20:17:40 | 000,167,695 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\tro550.JPG
[2010-08-14 20:38:39 | 000,220,266 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\tro.JPG
[2010-08-09 21:30:05 | 048,381,496 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\jn29fdf5.exe
[2010-08-07 14:28:21 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2010-08-07 14:25:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-08-07 14:25:40 | 000,205,156 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-08-07 14:25:40 | 000,063,416 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-08-07 14:25:40 | 000,021,682 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010-08-07 14:25:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-08-07 14:12:14 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-08-07 14:12:14 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-08-07 14:12:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-08-07 14:12:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-07 14:12:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-08-07 14:02:17 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\COMODO Firewall.lnk
[2010-08-07 13:35:03 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2010-08-07 13:34:54 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010-08-07 13:34:48 | 063,535,211 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-08-06 18:24:59 | 000,028,354 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware2.JPG
[2010-08-06 03:18:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Monirr\defogger_reenable
[2010-08-06 03:13:29 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System\cmau106.dll
[2010-08-06 03:13:29 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System\cm106eye.exe
[2010-08-06 03:13:29 | 000,001,583 | ---- | C] () -- C:\WINDOWS\System\Cm106.ini
[2010-08-06 03:13:29 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010-08-06 03:12:59 | 000,001,249 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010-08-06 03:12:58 | 000,000,766 | ---- | C] () -- C:\WINDOWS\trust_icon.ico
[2010-08-06 03:12:57 | 000,001,206 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2010-08-05 23:08:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2010-08-05 22:50:21 | 000,137,454 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\AntiMalware.JPG
[2010-08-05 22:44:10 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Monirr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-08-05 18:48:07 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010-08-05 18:47:52 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010-08-05 18:47:45 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010-08-05 18:47:42 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010-08-05 17:05:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010-08-05 17:05:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010-08-05 17:05:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010-08-05 17:05:43 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010-08-05 17:05:43 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010-08-05 17:05:43 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010-08-05 17:05:43 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010-08-05 17:05:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010-08-05 17:05:42 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010-08-05 17:05:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010-08-05 17:03:49 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-08-05 17:03:43 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-08-05 16:37:09 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010-08-05 16:34:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System\oeminfo.ini
[2010-08-05 16:34:02 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010-08-05 16:34:00 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010-08-05 16:33:58 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010-08-05 16:33:58 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010-08-05 16:33:39 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-08-05 16:33:39 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010-08-05 16:33:39 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-08-05 16:33:39 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010-08-05 16:33:39 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-08-05 16:33:39 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-08-05 16:33:39 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-08-05 16:33:39 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010-08-05 16:33:38 | 000,808,234 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-08-05 16:33:38 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010-08-05 16:00:17 | 000,206,961 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010-07-29 19:00:24 | 009,201,311 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\forteManager_V3.18.zip
[2010-07-28 15:16:17 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\Monirr\null
[2010-07-28 14:54:39 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\LET OP.doc
[2010-07-26 06:11:28 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-07-19 04:38:12 | 000,087,287 | ---- | C] () -- C:\Documents and Settings\Monirr\Mijn documenten\motvn.png
[2010-07-19 03:18:32 | 000,121,268 | ---- | C] () -- C:\Documents and Settings\Monirr\Bureaublad\sabri trojan2.JPG
[2010-07-13 02:52:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010-05-28 22:31:24 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010-05-03 05:19:54 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-04-07 00:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010-03-03 02:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010-02-09 23:21:55 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009-12-19 17:31:07 | 000,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009-11-14 20:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-08-27 21:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009-08-27 21:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009-08-27 21:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009-08-25 20:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009-08-25 19:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009-08-25 18:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009-08-10 23:45:08 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-08-10 23:45:08 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009-08-10 23:45:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-08-10 23:45:08 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-07-31 03:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009-06-02 19:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009-06-02 19:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009-06-02 19:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009-06-02 19:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009-06-02 19:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009-06-02 19:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009-06-02 19:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009-06-02 19:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009-01-11 00:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009-01-11 00:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009-01-11 00:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009-01-11 00:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009-01-11 00:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009-01-11 00:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009-01-11 00:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009-01-11 00:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009-01-11 00:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009-01-11 00:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-01-16 00:19:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Star Divx Converter.INI
[2008-01-15 22:41:18 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2007-11-21 18:31:39 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007-10-13 11:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007-06-21 06:14:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007-04-05 07:26:07 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9.INI
[2007-04-05 07:23:44 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2007-03-30 12:50:08 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2007-03-18 15:54:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007-03-18 15:53:17 | 000,024,294 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007-03-18 15:53:16 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007-03-18 15:52:46 | 000,012,303 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007-03-18 15:52:45 | 000,060,360 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007-03-18 15:52:45 | 000,014,997 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007-03-18 15:52:44 | 000,017,921 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007-02-13 00:43:36 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007-02-13 00:43:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007-02-09 05:21:39 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007-02-09 05:21:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007-01-26 00:03:44 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2007-01-26 00:03:44 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2007-01-19 11:55:27 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\fiddrv.sys
[2007-01-14 07:58:02 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2007-01-14 07:57:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2006-12-20 20:02:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-12-19 01:38:59 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\D912550581.sys
[2006-12-18 19:43:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006-12-18 15:09:47 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-12-14 07:49:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-12-14 07:43:33 | 000,002,878 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-12-14 07:43:29 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006-12-14 07:41:38 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006-12-14 07:41:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006-12-14 07:41:13 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006-12-14 07:21:22 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006-12-14 07:20:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006-12-14 07:20:38 | 000,000,331 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-10-13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005-11-10 10:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-08-31 14:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004-08-10 06:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003-04-07 14:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-06 20:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-05 01:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 01:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-05-16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2010-08-07 13:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-02-09 23:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009-01-07 04:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010-08-15 22:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-19 06:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtuallTek
[2010-01-05 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-08-05 21:59:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010-02-22 11:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\AnvSoft
[2010-02-17 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Auslogics
[2009-04-21 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\FLVPlayer4Free
[2009-10-15 14:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\IObit
[2010-06-08 03:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Jasc
[2010-07-16 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\PrimoPDF
[2008-08-13 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Windows Desktop Search
[2008-08-13 14:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monirr\Application Data\Windows Search
[2010-08-13 18:30:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Scannen op virussen via McAfee.com - Mijn computer (HAFIDA-Monir).job
[2010-08-18 01:58:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C76BF1C3-A81C-457B-A5A9-05F60B618A63}.job

========== Purity Check ==========


< End of report >


#15 wenapee

wenapee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 17 August 2010 - 07:07 PM

Note, that the maps and files got hidden again, could the OTL scan have done this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users