Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Vundo.gen!E


  • This topic is locked This topic is locked
8 replies to this topic

#1 Odiloonas

Odiloonas

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 December 2008 - 11:20 AM

Hi,
I'm new at this forum and I'm hoping to get some help... Normally I've always been able to get rid of viruses myself but this one is a real hard one.
I tried to run that DDS tool i found here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ to get you more details about my system, but it said, it couldn't run because i have a 64-bit system.
Below you'll find my HijackThis log:

I'm really hoping for some help,
Thank you in advance
---
---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:59, on 26/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\hp\kbd\kbd.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\utorrent\utorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Antivirus] "C:\Program Files (x86)\VAV\vav.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rs32net] C:\Windows\SysWOW64\rs32net.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpujoqaxuwi] rundll32.exe "C:\Windows\Bhaqawanubililah.dll",e
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvVMgfF.dll,#1
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NVIDIA nView] C:\Users\Julien\nview.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Julien\lsass.exe
O4 - HKCU\..\Run: [rs32net] C:\Windows\SysWOW64\rs32net.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel« Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICF - Unknown owner - C:\Windows\system32\icf.exe.exe:ext.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10465 bytes

BC AdBot (Login to Remove)

 


#2 Odiloonas

Odiloonas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 December 2008 - 11:25 AM

btw,

my windows defender keeps telling me it's that trojan, but he can't fix it.
I already scanned with AVG8.0, Malwarebyte's anti malware, Avast antivirus and vundofix. All of them didn't come up with anything !

Grtz,

Julien

#3 Odiloonas

Odiloonas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 December 2008 - 11:42 AM

just ran a scan with mbam, here's the log:

Malwarebytes' Anti-Malware 1.31
Database versie: 1550
Windows 6.0.6001 Service Pack 1

26/12/2008 17:41:17
mbam-log-2008-12-26 (17-41-17).txt

Scan type: Snelle Scan
Objecten gescand: 49683
Verstreken tijd: 2 minute(s), 19 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 9
Registersleutels ge´nfecteerd: 17
Registerwaarden ge´nfecteerd: 8
Registerdata bestanden ge´nfecteerd: 2
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 49

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
C:\Windows\SysWOW64\ssqOfcAp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ddcdeCRI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\jkKETKax.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ssQjiFXQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\vtUmJCtQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\wvUkLeEU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\SysWOW64\vtUmJCtQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\SysWOW64\ssqomjij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\Bhaqawanubililah.dll (Trojan.Vundo) -> Delete on reboot.

Registersleutels ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{8fe5fa50-812a-4bb1-bb8b-9295a694c655} (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{8fe5fa50-812a-4bb1-bb8b-9295a694c655} (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{a3230541-0608-4334-a2f2-0a2012eb4d6d} (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{a3230541-0608-4334-a2f2-0a2012eb4d6d} (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fe5fa50-812a-4bb1-

bb8b-9295a694c655} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3230541-0608-4334-

a2f2-0a2012eb4d6d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a75f101-126e-46a3-97b1-91a96d161c15} (Trojan.Vundo) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eecadefdcfdeeb

(Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\glaide32 (Rootkit.Agent) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Rootkit.Agent) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Rootkit.Agent) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt

(Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{7ff88b7b-5769-37ce-8405-f394ce333df5} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{7ff88b7b-5769-37ce-8405-f394ce333df5} (Trojan.BHO) -> Quarantined and

deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpujoqaxuwi (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794

cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1a75f

101-126e-46a3-97b1-91a96d161c15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ANTIVIRUS

(Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

Registerdata bestanden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page

(Hijack.Homepage) -> Bad: (http://lookanddiscover.com/) Good: (http://www.google.com/) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop

Changes (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
C:\Windows\SysWOW64\ssqomjij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\SysWOW64\jijmoqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ssqOfcAp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\SysWOW64\pAcfOqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcdeCRI.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\IRCedcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\IRCedcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jkKETKax.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xaKTEKkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xaKTEKkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssQjiFXQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QXFijQss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QXFijQss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqOfcAp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\pAcfOqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqomjij.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\jijmoqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUmJCtQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QtCJmUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\QtCJmUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUkLeEU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\UEeLkUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\UEeLkUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtUmJCtQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\Bhaqawanubililah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\tuvVMgfF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\eecadefdcfdeeb.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\mx88593.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\tuvVMgfF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\glaide32.sys (Rootkit.Agent) -> Quarantined and deleted

successfully.
C:\Windows\System32\drivers\null.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Julien\AppData\Local\Temp\BNFD14.tmp (Rootkit.Agent) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\F420.tmp (Trojan.Spambot) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0001909b (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0001d9ab (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0001ec60 (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0001f749 (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0002587b (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\tmp0002a8bc (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJAtUMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\icf.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\Users\Julien\AppData\Local\Temp\TDSS364b.tmp (Trojan.Agent) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\TDSS365b.tmp (Trojan.Agent) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\TDSS4884.tmp (Trojan.Agent) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\TDSS48e1.tmp (Trojan.Agent) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\TDSSdcd6.tmp (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
C:\Users\Julien\AppData\Local\Temp\TDSSdd34.tmp (Trojan.FakeAlert) -> Quarantined and deleted

successfully.

Edited by Odiloonas, 26 December 2008 - 11:43 AM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 05 January 2009 - 05:53 AM

Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ĹShow Allĺ.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Odiloonas

Odiloonas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 05 January 2009 - 01:51 PM

Hi,

First I'dd like to say, THANKS FOR HELPING ME!!

below you'll find the logs you have requested.

ps. I don't know if this is normal, but when i opened GMER, i got an error message saying "System\CurrentControlSet\Services\gmer: entry is not valid"
and when gmer then finally opened i couln't select all of those items on the right hand side. I could only select following items: Services, Registry, Files, ADS and my local discs.

Thanks in advance,

------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Julien at 2009-01-05 14:50:47
Microsoft« Windows VistaÖ Home Premium Service Pack 1
System drive C: has 356 GB (51%) free of 703 GB
Total RAM: 4094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:48, on 5/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Julien\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Julien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E0FCE8A2-988A-422F-A6B5-74C44DF7A40C} - C:\Windows\SysWow64\cbXPjHWN.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nView] C:\Users\Julien\nview.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldnl-be.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: kfqjaw - kfqjaw32.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11330 bytes

======Scheduled tasks folder======

C:\Windows\tasks\uklnzbpw.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2008-09-11 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FCE8A2-988A-422F-A6B5-74C44DF7A40C}]
C:\Windows\SysWow64\cbXPjHWN.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2008-09-11 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-09-08 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2008-12-25 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"NVIDIA nView"=C:\Users\Julien\nview.exe []
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-11 171448]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kfqjaw]
kfqjaw32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2008-11-04 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fc77ee-9b8e-11dd-b3a3-001fc65e9a0a}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c02f92a-69db-11dd-ac9e-001fc65e9a0a}]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584a40b5-d8ee-11dd-92b0-001fc65e9a0a}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\log.exe
shell\Ouvrir\command - L:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{666a4713-84ec-11dd-bffc-001fc65e9a0a}]
shell\AutoRun\command - L:\
shell\explore\command - WScript.exe .\autorun.vbs
shell\open\command - WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72075ced-c134-11dd-9c1c-001fc65e9a0a}]
shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb1f-71eb-11dd-8f83-001fc65e9a0a}]
shell\Auto\command - J:\AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb4f-71eb-11dd-8f83-001fc65e9a0a}]
shell\AutoRun\command - J:\
shell\explore\command - WScript.exe .\autorun.vbs
shell\open\command - WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b24df3f-6f10-11dd-b716-001fc65e9a0a}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a27f-cdcd-11dd-98c0-001fc65e9a0a}]
shell\AutoRun\command - L:\
shell\explore\command - WScript.exe .\autorun.vbs
shell\open\command - WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62df17b-9aa8-11dd-9f5f-001fc65e9a0a}]
shell\AutoRun\command - M:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - open - regedit.exe "%1" %*
.scr - open - "C:\Windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-05 14:50:47 ----D---- C:\rsit
2009-01-02 22:07:26 ----SHD---- C:\Windows\system32\f
2009-01-02 22:07:26 ----SHD---- C:\Windows\system32\bycool1
2009-01-02 22:07:26 ----SHD---- C:\Windows\system32\bycool
2009-01-02 15:05:56 ----D---- C:\Program Files (x86)\PokerStars.NET
2008-12-28 13:36:38 ----D---- C:\Users\Julien\AppData\Roaming\TeamViewer
2008-12-28 13:36:35 ----D---- C:\Program Files (x86)\TeamViewer
2008-12-26 17:05:33 ----D---- C:\Program Files (x86)\Trend Micro
2008-12-25 04:39:37 ----D---- C:\VundoFix Backups
2008-12-25 04:15:08 ----A---- C:\Windows\system32\javaws.exe
2008-12-25 04:15:08 ----A---- C:\Windows\system32\javaw.exe
2008-12-25 04:15:08 ----A---- C:\Windows\system32\java.exe
2008-12-25 03:51:10 ----A---- C:\Windows\system32\SSSensor.dll
2008-12-25 03:50:55 ----D---- C:\Program Files (x86)\Sygate
2008-12-25 03:49:47 ----D---- C:\ProgramData\CheckPoint
2008-12-25 03:49:47 ----D---- C:\Program Files (x86)\Zone Labs
2008-12-25 03:49:35 ----D---- C:\Windows\Internet Logs
2008-12-25 03:30:17 ----A---- C:\Windows\system32\aswBoot.exe
2008-12-25 03:22:12 ----D---- C:\ProgramData\Avg8
2008-12-25 03:18:20 ----D---- C:\Program Files (x86)\CCleaner
2008-12-24 12:53:08 ----D---- C:\Windows\system32\wER
2008-12-24 12:53:07 ----D---- C:\Windows\system32\whSLD02
2008-12-24 12:53:06 ----D---- C:\Temp
2008-12-22 03:06:58 ----A---- C:\Windows\system32\mshtml.dll
2008-12-22 03:03:17 ----A---- C:\Windows\system32\tzres.dll
2008-12-21 09:42:48 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-21 09:42:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-21 09:42:43 ----A---- C:\Windows\system32\gdi32.dll
2008-12-21 09:42:39 ----A---- C:\Windows\explorer.exe
2008-12-21 09:42:38 ----A---- C:\Windows\system32\explorer.exe
2008-12-21 09:42:34 ----A---- C:\Windows\system32\mf.dll
2008-12-21 09:42:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-21 09:42:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-21 09:42:32 ----A---- C:\Windows\system32\logagent.exe
2008-12-21 09:42:24 ----A---- C:\Windows\system32\shell32.dll
2008-12-21 09:42:02 ----A---- C:\Windows\system32\urlmon.dll
2008-12-21 09:42:01 ----A---- C:\Windows\system32\ieframe.dll
2008-12-21 09:42:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-21 09:42:00 ----A---- C:\Windows\system32\mstime.dll
2008-12-21 09:41:57 ----A---- C:\Windows\system32\iertutil.dll
2008-12-21 09:41:56 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wups.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wudriver.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wuapi.dll
2008-12-21 09:34:31 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-21 09:34:31 ----A---- C:\Windows\system32\wuapp.exe
2008-12-05 03:35:20 ----D---- C:\Users\Julien\AppData\Roaming\PE Explorer
2008-12-04 20:42:23 ----A---- C:\Windows\system32\_AxShlEx.dll
2008-12-04 19:01:55 ----D---- C:\Program Files (x86)\Alcohol Soft
2008-12-04 16:08:10 ----D---- C:\Windows\system32\xlive
2008-12-04 16:08:09 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2008-12-04 15:39:27 ----D---- C:\Program Files (x86)\Rockstar Games
2008-12-04 02:05:24 ----RHD---- C:\Users\Julien\AppData\Roaming\SecuROM
2008-12-04 02:05:02 ----D---- C:\Users\Julien\AppData\Roaming\Template
2008-12-03 14:59:35 ----A---- C:\Windows\system32\CmdLineExt_x64.dll
2008-12-01 01:50:05 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2008-12-01 01:35:14 ----D---- C:\Program Files (x86)\Lavalys
2008-12-01 01:10:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-01 01:10:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-01 01:10:29 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-01 01:10:03 ----A---- C:\Windows\system32\connect.dll
2008-12-01 01:09:52 ----A---- C:\Windows\system32\msxml3.dll
2008-12-01 01:09:51 ----A---- C:\Windows\system32\win32spl.dll
2008-12-01 01:09:39 ----A---- C:\Windows\system32\netapi32.dll
2008-12-01 01:09:37 ----A---- C:\Windows\system32\msxml6.dll
2008-12-01 01:09:36 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-01 01:09:33 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-23 21:10:29 ----D---- C:\Users\Julien\AppData\Roaming\Leadertech
2008-11-11 22:21:05 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-11 22:21:05 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-11 22:21:03 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-11 22:21:01 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-11 22:21:01 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-11 22:21:00 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-11 22:21:00 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-11 22:20:58 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-11 22:20:58 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-11 22:20:57 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-11 22:20:57 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-11 22:20:56 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-11 22:20:56 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-11 22:20:55 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-11 22:20:54 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-11 22:20:54 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-11 22:20:53 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-11 22:20:53 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-11 22:20:52 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-11 22:20:52 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-11 22:20:49 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-11 22:20:49 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-11 22:20:48 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-11 22:20:48 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-11 22:20:47 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-11 22:20:46 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-11 22:20:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-11 22:20:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-11 22:20:45 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-11 22:20:43 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-11 22:20:39 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-11 22:20:38 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-11 22:20:38 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-11 22:20:37 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-11 22:20:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-11 22:20:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-11 22:20:34 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-11 22:20:33 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-11 22:20:32 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-11 22:18:36 ----A---- C:\Windows\system32\pbsvc.exe
2008-11-04 21:38:29 ----A---- C:\Windows\system32\win_utilman.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezUPBHook.dll
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezUninst.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezShellStart.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezSetup.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezMAPIHelper.exe
2008-11-03 04:54:09 ----D---- C:\Users\Julien\AppData\Roaming\Alien Skin
2008-11-03 04:53:59 ----A---- C:\DiagnosticData.txt
2008-11-03 04:46:26 ----A---- C:\Windows\system32\ASTSRV.EXE
2008-11-03 04:46:25 ----D---- C:\Program Files (x86)\Alien Skin
2008-10-28 17:41:22 ----A---- C:\Windows\system32\xlive.dll
2008-10-28 17:41:20 ----A---- C:\Windows\system32\xlivefnt.dll
2008-10-28 17:40:48 ----A---- C:\Windows\system32\xlive.dll.cat
2008-10-22 00:24:17 ----A---- C:\Windows\system32\EncDec.dll
2008-10-22 00:24:16 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-13 15:33:08 ----A---- C:\Windows\system32\hlvdd.dll
2008-10-13 15:22:21 ----A---- C:\Windows\system32\atl71.dll

======List of files/folders modified in the last 3 months======

2009-01-05 14:50:48 ----D---- C:\Windows\Prefetch
2009-01-05 14:50:14 ----D---- C:\Windows\Temp
2009-01-05 14:34:23 ----D---- C:\Windows\System32
2009-01-05 14:34:23 ----D---- C:\Windows\inf
2009-01-05 08:55:07 ----AD---- C:\Windows
2009-01-05 01:57:38 ----D---- C:\Windows\system32\drivers
2009-01-05 01:57:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-01-05 01:11:36 ----SHD---- C:\System Volume Information
2009-01-04 08:53:31 ----A---- C:\vraylog.txt
2009-01-03 05:27:59 ----D---- C:\Users\Julien\AppData\Roaming\uTorrent
2009-01-02 22:07:26 ----D---- C:\Windows\SysWOW64
2009-01-02 15:05:56 ----RD---- C:\Program Files (x86)
2008-12-31 10:36:46 ----HD---- C:\hp
2008-12-31 01:11:47 ----SD---- C:\Windows\Downloaded Program Files
2008-12-26 18:40:19 ----D---- C:\Users\Julien\AppData\Roaming\Adobe
2008-12-26 18:25:40 ----SHD---- C:\Windows\Installer
2008-12-26 18:23:54 ----D---- C:\Program Files (x86)\Adobe
2008-12-26 18:23:24 ----D---- C:\Windows\winsxs
2008-12-26 18:22:26 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-12-25 13:07:08 ----A---- C:\VundoFix.txt
2008-12-25 04:14:44 ----D---- C:\Program Files (x86)\Java
2008-12-25 04:13:28 ----D---- C:\Program Files (x86)\Common Files
2008-12-25 03:49:47 ----HD---- C:\ProgramData
2008-12-25 03:30:15 ----RD---- C:\Program Files
2008-12-25 03:26:52 ----D---- C:\Users\Julien\AppData\Roaming\LimeWire
2008-12-25 03:19:42 ----D---- C:\Windows\Debug
2008-12-24 12:53:36 ----D---- C:\Windows\Tasks
2008-12-22 03:32:16 ----D---- C:\Windows\rescache
2008-12-22 03:15:54 ----D---- C:\Windows\AppPatch
2008-12-22 03:15:54 ----D---- C:\Program Files (x86)\Windows Mail
2008-12-22 03:15:53 ----D---- C:\Windows\system32\nl-NL
2008-12-22 03:08:49 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 15:43:16 ----SHD---- C:\$Recycle.Bin
2008-12-11 15:42:43 ----RD---- C:\Users
2008-12-10 19:16:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-04 16:08:47 ----RSD---- C:\Windows\assembly
2008-12-04 02:05:01 ----SD---- C:\Users\Julien\AppData\Roaming\Microsoft
2008-12-03 05:31:30 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-24 20:24:52 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-23 20:59:08 ----D---- C:\Program Files (x86)\EA GAMES
2008-11-11 22:20:21 ----D---- C:\Windows\Logs
2008-11-11 21:50:51 ----D---- C:\Program Files (x86)\Activision
2008-11-05 01:36:38 ----D---- C:\Windows\ehome
2008-11-04 21:38:37 ----D---- C:\Program Files (x86)\EasyBits For Kids
2008-10-23 17:59:24 ----D---- C:\Program Files (x86)\Rail Simulator
2008-10-23 17:23:31 ----D---- C:\ProgramData\Media Center Programs
2008-10-22 00:52:24 ----D---- C:\Windows\Microsoft.NET
2008-10-22 00:44:41 ----D---- C:\Windows\system32\migration
2008-10-16 00:17:18 ----SD---- C:\ProgramData\Microsoft
2008-10-13 17:22:03 ----D---- C:\Users\Julien\AppData\Roaming\Winamp
2008-10-09 00:01:44 ----D---- C:\Users\Julien\AppData\Roaming\DAEMON Tools
2008-10-09 00:01:42 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 a7ssy67r;a7ssy67r; C:\Windows\system32\drivers\a7ssy67r.sys []
S3 ap8nau28;ap8nau28; C:\Windows\system32\drivers\ap8nau28.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Julien\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-14 79360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour-service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-24 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-23 185640]
R3 iPod Service;iPod-service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-14 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------






info.txt logfile of random's system information tool 1.05 2009-01-05 14:50:49

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Digby's Donuts\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Treasure Island\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0413-1000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
3DMark Vantage-->C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Age of Mythology - The Titans Expansion-->"C:\Program Files (x86)\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files (x86)\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Alien Skin Blow Up 2-->C:\PROGRA~2\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~2\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
AOL Toolbar 5.0-->"C:\Program Files (x86)\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD Architecture 2008-->C:\Program Files (x86)\AutoCAD Architecture 2008\Setup\Setup.exe /P {5783F2D7-6004-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battlefield 2: Deluxe Edition-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x13 -removeonly
Call of Duty® - World at War™-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Compatibiliteitspakket voor het 2007 Microsoft Office system-->MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Diagnostisch hulpprogramma voor hardware-->C:\Program Files (x86)\PC-Doctor 5 for Windows\uninst.exe
EVEREST Ultimate Edition v4.60-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ffdshow [rev 2033] [2008-07-05]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameSpy Arcade-->C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files (x86)\google\googletoolbar1.dll"
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
GSC (remove only)-->"C:\Program Files (x86)\GSC\gsc-uninst.exe"
Hauppauge MCE XP/Vista Software Encoder (2.0.25180)-->C:\PROGRA~2\WinTV\UNSftMCE.EXE C:\PROGRA~2\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E1476612-02D6-42A3-BDC1-E292B4115738}\setup.exe" -l0x9 -removeonly
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Dutch)-->MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{5158F1F5-FA1B-4D49-B546-55A5004B89BD}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{13086F8B-2AA9-4488-BC9C-BB6B912A5524}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
Need for SpeedÖ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerStars.net-->"C:\Program Files (x86)\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
TeamViewer 4-->C:\Program Files (x86)\TeamViewer\Version4\uninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Verbeterde multimedia toetsenbordoplossing-->C:\HP\KBD\Install.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live aanmeldhulp-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

System event log

Computer Name: JULIENLAPERE
Event Code: 7036
Message: De iPod-service-service heeft nu de status wordt uitgevoerd.
Record Number: 162281
Source Name: Service Control Manager
Time Written: 20090105133656.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 10029
Message: DCOM heeft de service usnjsvc met argumenten "" gestart om de server te kunnen uitvoeren:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
Record Number: 162282
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090105133807.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 7036
Message: De Messenger USN Journal Reader service voor Gedeelde mappen-service heeft nu de status wordt uitgevoerd.
Record Number: 162283
Source Name: Service Control Manager
Time Written: 20090105133807.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 7036
Message: De Windows Modules Installer-service heeft nu de status gestopt.
Record Number: 162284
Source Name: Service Control Manager
Time Written: 20090105133851.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 26
Message: Toepassingspop-up: Windows - Schrijfbeveiligingsfout : Exception Processing Message 0xc00000a2 Parameters 0x000007FEFD567240 0x000007FEFD567240 0x000007FEFD567240 0x000007FEFD567240
Record Number: 162285
Source Name: Application Popup
Time Written: 20090105134735.000000-000
Event Type: Informatie
User:

Application event log

Computer Name: JULIENLAPERE
Event Code: 0
Message:
Record Number: 9050
Source Name: iPod Service
Time Written: 20090105133656.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 9051
Source Name: usnjsvc
Time Written: 20090105133807.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 102
Message: msnmsgr (3956) \\.\C:\Users\Julien\AppData\Local\Microsoft\Messenger\rulybatters@hotmail.com\SharingMetadata\Working\database_DC74_B3A8_74B3_8434\dfsr.db: De database-engine (6.00.6001.0000) heeft een nieuwe sessie (0) gestart.
Record Number: 9052
Source Name: ESENT
Time Written: 20090105133807.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 103
Message: msnmsgr (3956) \\.\C:\Users\Julien\AppData\Local\Microsoft\Messenger\rulybatters@hotmail.com\SharingMetadata\Working\database_DC74_B3A8_74B3_8434\dfsr.db: De database-engine heeft een nieuwe sessie (0) stopgezet.
Record Number: 9053
Source Name: ESENT
Time Written: 20090105134923.000000-000
Event Type: Informatie
User:

Computer Name: JULIENLAPERE
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 9054
Source Name: LightScribeService
Time Written: 20090105135049.000000-000
Event Type: Informatie
User:

Security event log

Computer Name: JULIENLAPERE
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
Beveiligings-id: S-1-5-21-4176920991-204044218-681795809-1000
Accountnaam: Julien
Accountdomein: JULIENLAPERE
Aanmeldings-id: 0xbf9ca
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
Accountnaam: Lapere Julien
Accountdomein: JULIENLAPERE
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:
Naam van doelserver: proxy01.InternaatDeZwaan.lokaal
Aanvullende gegevens: proxy01.InternaatDeZwaan.lokaal

Procesgegevens:
Proces-id: 0xd60
Procesnaam: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Netwerkgegevens:
Netwerkadres: -
Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 42038
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105134841.177053-000
Event Type: Controle geslaagd
User:

Computer Name: JULIENLAPERE
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
Beveiligings-id: S-1-5-21-4176920991-204044218-681795809-1000
Accountnaam: Julien
Accountdomein: JULIENLAPERE
Aanmeldings-id: 0xbf9ca
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
Accountnaam: Lapere Julien
Accountdomein: JULIENLAPERE
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:
Naam van doelserver: proxy01.InternaatDeZwaan.lokaal
Aanvullende gegevens: proxy01.InternaatDeZwaan.lokaal

Procesgegevens:
Proces-id: 0xd60
Procesnaam: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Netwerkgegevens:
Netwerkadres: -
Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 42039
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105134856.654053-000
Event Type: Controle geslaagd
User:

Computer Name: JULIENLAPERE
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
Beveiligings-id: S-1-5-21-4176920991-204044218-681795809-1000
Accountnaam: Julien
Accountdomein: JULIENLAPERE
Aanmeldings-id: 0xbf9ca
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
Accountnaam: Lapere Julien
Accountdomein: JULIENLAPERE
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:
Naam van doelserver: proxy01.InternaatDeZwaan.lokaal
Aanvullende gegevens: proxy01.InternaatDeZwaan.lokaal

Procesgegevens:
Proces-id: 0xd60
Procesnaam: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Netwerkgegevens:
Netwerkadres: -
Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 42040
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105134857.086053-000
Event Type: Controle geslaagd
User:

Computer Name: JULIENLAPERE
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
Beveiligings-id: S-1-5-21-4176920991-204044218-681795809-1000
Accountnaam: Julien
Accountdomein: JULIENLAPERE
Aanmeldings-id: 0xbf9ca
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
Accountnaam: Lapere Julien
Accountdomein: JULIENLAPERE
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:
Naam van doelserver: proxy01.InternaatDeZwaan.lokaal
Aanvullende gegevens: proxy01.InternaatDeZwaan.lokaal

Procesgegevens:
Proces-id: 0x11cc
Procesnaam: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Netwerkgegevens:
Netwerkadres: -
Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 42041
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105134927.055053-000
Event Type: Controle geslaagd
User:

Computer Name: JULIENLAPERE
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
Beveiligings-id: S-1-5-21-4176920991-204044218-681795809-1000
Accountnaam: Julien
Accountdomein: JULIENLAPERE
Aanmeldings-id: 0xbf9ca
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
Accountnaam: Lapere Julien
Accountdomein: JULIENLAPERE
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:
Naam van doelserver: proxy01.InternaatDeZwaan.lokaal
Aanvullende gegevens: proxy01.InternaatDeZwaan.lokaal

Procesgegevens:
Proces-id: 0x11cc
Procesnaam: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Netwerkgegevens:
Netwerkadres: -
Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 42042
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105134927.055053-000
Event Type: Controle geslaagd
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={5158F1F5-FA1B-4D49-B546-55A5004B89BD}
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 05 January 2009 - 02:19 PM

IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\Windows\tasks\uklnzbpw.job
    C:\Windows\SysWow64\cbXPjHWN.dll
    C:\Windows\system32\f
    C:\Windows\system32\bycool1
    C:\Windows\system32\bycool
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FCE8A2-988A-422F-A6B5-74C44DF7A40C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kfqjaw]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fc77ee-9b8e-11dd-b3a3-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c02f92a-69db-11dd-ac9e-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584a40b5-d8ee-11dd-92b0-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{666a4713-84ec-11dd-bffc-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72075ced-c134-11dd-9c1c-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb1f-71eb-11dd-8f83-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb4f-71eb-11dd-8f83-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b24df3f-6f10-11dd-b716-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a27f-cdcd-11dd-98c0-001fc65e9a0a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62df17b-9aa8-11dd-9f5f-001fc65e9a0a}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Odiloonas

Odiloonas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 January 2009 - 06:43 AM

Here are the logs you requested yesterday.

Thanks

---------
========== PROCESSES ==========
Unable to kill process: explorer.exe
========== FILES ==========
C:\Windows\tasks\uklnzbpw.job moved successfully.
File/Folder C:\Windows\SysWow64\cbXPjHWN.dll not found.
C:\Windows\system32\f\d\e\d\h moved successfully.
C:\Windows\system32\f\d\e\d moved successfully.
C:\Windows\system32\f\d\e moved successfully.
C:\Windows\system32\f\d moved successfully.
C:\Windows\system32\f moved successfully.
C:\Windows\system32\bycool1 moved successfully.
C:\Windows\system32\bycool moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FCE8A2-988A-422F-A6B5-74C44DF7A40C}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kfqjaw\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47fc77ee-9b8e-11dd-b3a3-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c02f92a-69db-11dd-ac9e-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584a40b5-d8ee-11dd-92b0-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{666a4713-84ec-11dd-bffc-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72075ced-c134-11dd-9c1c-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb1f-71eb-11dd-8f83-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a7dfb4f-71eb-11dd-8f83-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b24df3f-6f10-11dd-b716-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d1a27f-cdcd-11dd-98c0-001fc65e9a0a}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62df17b-9aa8-11dd-9f5f-001fc65e9a0a}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\TmpFile1 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_115604

Files moved on Reboot...
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
-------
Logfile of random's system information tool 1.05 (written by random/random)
Run by Julien at 2009-01-06 12:18:25
Microsoft« Windows VistaÖ Home Premium Service Pack 1
System drive C: has 320 GB (46%) free of 703 GB
Total RAM: 4094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:27, on 6/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\runonce.exe
C:\Users\Julien\Desktop\OTMoveIt3.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Julien\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Julien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nView] C:\Users\Julien\nview.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldnl-be.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11174 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files (x86)\google\googletoolbar1.dll [2008-09-11 2423872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar1.dll [2008-09-11 2423872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-09-08 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2008-12-25 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"NVIDIA nView"=C:\Users\Julien\nview.exe []
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-11 171448]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2008-11-04 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - open - regedit.exe "%1" %*
.scr - open - "C:\Windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-06 11:56:04 ----D---- C:\_OTMoveIt
2009-01-05 14:53:20 ----A---- C:\Windows\gmer_uninstall.cmd
2009-01-05 14:53:20 ----A---- C:\Windows\gmer.ini
2009-01-05 14:53:20 ----A---- C:\Windows\gmer.exe
2009-01-05 14:53:20 ----A---- C:\Windows\gmer.dll
2009-01-05 14:50:47 ----D---- C:\rsit
2009-01-02 15:05:56 ----D---- C:\Program Files (x86)\PokerStars.NET
2008-12-28 13:36:38 ----D---- C:\Users\Julien\AppData\Roaming\TeamViewer
2008-12-28 13:36:35 ----D---- C:\Program Files (x86)\TeamViewer
2008-12-26 17:05:33 ----D---- C:\Program Files (x86)\Trend Micro
2008-12-25 04:39:37 ----D---- C:\VundoFix Backups
2008-12-25 04:15:08 ----A---- C:\Windows\system32\javaws.exe
2008-12-25 04:15:08 ----A---- C:\Windows\system32\javaw.exe
2008-12-25 04:15:08 ----A---- C:\Windows\system32\java.exe
2008-12-25 03:51:10 ----A---- C:\Windows\system32\SSSensor.dll
2008-12-25 03:50:55 ----D---- C:\Program Files (x86)\Sygate
2008-12-25 03:49:47 ----D---- C:\ProgramData\CheckPoint
2008-12-25 03:49:47 ----D---- C:\Program Files (x86)\Zone Labs
2008-12-25 03:49:35 ----D---- C:\Windows\Internet Logs
2008-12-25 03:30:17 ----A---- C:\Windows\system32\aswBoot.exe
2008-12-25 03:22:12 ----D---- C:\ProgramData\Avg8
2008-12-25 03:18:20 ----D---- C:\Program Files (x86)\CCleaner
2008-12-24 12:53:08 ----D---- C:\Windows\system32\wER
2008-12-24 12:53:07 ----D---- C:\Windows\system32\whSLD02
2008-12-24 12:53:06 ----D---- C:\Temp
2008-12-22 03:06:58 ----A---- C:\Windows\system32\mshtml.dll
2008-12-22 03:03:17 ----A---- C:\Windows\system32\tzres.dll
2008-12-21 09:42:48 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-21 09:42:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-21 09:42:43 ----A---- C:\Windows\system32\gdi32.dll
2008-12-21 09:42:39 ----A---- C:\Windows\explorer.exe
2008-12-21 09:42:38 ----A---- C:\Windows\system32\explorer.exe
2008-12-21 09:42:34 ----A---- C:\Windows\system32\mf.dll
2008-12-21 09:42:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-21 09:42:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-21 09:42:32 ----A---- C:\Windows\system32\logagent.exe
2008-12-21 09:42:24 ----A---- C:\Windows\system32\shell32.dll
2008-12-21 09:42:02 ----A---- C:\Windows\system32\urlmon.dll
2008-12-21 09:42:01 ----A---- C:\Windows\system32\ieframe.dll
2008-12-21 09:42:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-21 09:42:00 ----A---- C:\Windows\system32\mstime.dll
2008-12-21 09:41:57 ----A---- C:\Windows\system32\iertutil.dll
2008-12-21 09:41:56 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wups.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wudriver.dll
2008-12-21 09:34:38 ----A---- C:\Windows\system32\wuapi.dll
2008-12-21 09:34:31 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-21 09:34:31 ----A---- C:\Windows\system32\wuapp.exe
2008-12-05 03:35:20 ----D---- C:\Users\Julien\AppData\Roaming\PE Explorer
2008-12-04 20:42:23 ----A---- C:\Windows\system32\_AxShlEx.dll
2008-12-04 19:01:55 ----D---- C:\Program Files (x86)\Alcohol Soft
2008-12-04 16:08:10 ----D---- C:\Windows\system32\xlive
2008-12-04 16:08:09 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2008-12-04 15:39:27 ----D---- C:\Program Files (x86)\Rockstar Games
2008-12-04 02:05:24 ----RHD---- C:\Users\Julien\AppData\Roaming\SecuROM
2008-12-04 02:05:02 ----D---- C:\Users\Julien\AppData\Roaming\Template
2008-12-03 14:59:35 ----A---- C:\Windows\system32\CmdLineExt_x64.dll
2008-12-01 01:50:05 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2008-12-01 01:35:14 ----D---- C:\Program Files (x86)\Lavalys
2008-12-01 01:10:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-01 01:10:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-01 01:10:29 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-01 01:10:03 ----A---- C:\Windows\system32\connect.dll
2008-12-01 01:09:52 ----A---- C:\Windows\system32\msxml3.dll
2008-12-01 01:09:51 ----A---- C:\Windows\system32\win32spl.dll
2008-12-01 01:09:39 ----A---- C:\Windows\system32\netapi32.dll
2008-12-01 01:09:37 ----A---- C:\Windows\system32\msxml6.dll
2008-12-01 01:09:36 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-01 01:09:33 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-23 21:10:29 ----D---- C:\Users\Julien\AppData\Roaming\Leadertech
2008-11-11 22:21:05 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-11 22:21:05 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-11 22:21:04 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-11 22:21:03 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-11 22:21:02 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-11 22:21:01 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-11 22:21:01 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-11 22:21:00 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-11 22:21:00 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-11 22:20:58 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-11 22:20:58 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-11 22:20:57 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-11 22:20:57 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-11 22:20:56 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-11 22:20:56 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-11 22:20:55 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-11 22:20:54 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-11 22:20:54 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-11 22:20:53 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-11 22:20:53 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-11 22:20:52 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-11 22:20:52 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-11 22:20:51 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-11 22:20:49 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-11 22:20:49 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-11 22:20:48 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-11 22:20:48 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-11 22:20:47 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-11 22:20:46 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-11 22:20:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-11 22:20:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-11 22:20:45 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-11 22:20:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-11 22:20:43 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-11 22:20:39 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-11 22:20:38 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-11 22:20:38 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-11 22:20:37 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-11 22:20:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-11 22:20:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-11 22:20:34 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-11 22:20:33 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-11 22:20:32 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-11 22:18:36 ----A---- C:\Windows\system32\pbsvc.exe
2008-11-04 21:38:29 ----A---- C:\Windows\system32\win_utilman.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezUPBHook.dll
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezUninst.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezShellStart.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezSetup.exe
2008-11-04 21:38:20 ----A---- C:\Windows\system32\ezMAPIHelper.exe
2008-11-03 04:54:09 ----D---- C:\Users\Julien\AppData\Roaming\Alien Skin
2008-11-03 04:53:59 ----A---- C:\DiagnosticData.txt
2008-11-03 04:46:26 ----A---- C:\Windows\system32\ASTSRV.EXE
2008-11-03 04:46:25 ----D---- C:\Program Files (x86)\Alien Skin
2008-10-28 17:41:22 ----A---- C:\Windows\system32\xlive.dll
2008-10-28 17:41:20 ----A---- C:\Windows\system32\xlivefnt.dll
2008-10-28 17:40:48 ----A---- C:\Windows\system32\xlive.dll.cat
2008-10-22 00:24:17 ----A---- C:\Windows\system32\EncDec.dll
2008-10-22 00:24:16 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-13 15:33:08 ----A---- C:\Windows\system32\hlvdd.dll
2008-10-13 15:22:21 ----A---- C:\Windows\system32\atl71.dll

======List of files/folders modified in the last 3 months======

2009-01-06 12:18:19 ----D---- C:\Windows\Temp
2009-01-06 12:12:45 ----D---- C:\Windows\System32
2009-01-06 12:12:45 ----D---- C:\Windows\inf
2009-01-06 12:11:39 ----D---- C:\Windows\Prefetch
2009-01-06 12:07:25 ----AD---- C:\Windows
2009-01-06 11:56:04 ----D---- C:\Windows\Tasks
2009-01-06 11:56:04 ----D---- C:\Windows\SysWOW64
2009-01-06 11:54:49 ----D---- C:\Users\Julien\AppData\Roaming\uTorrent
2009-01-06 10:59:44 ----SHD---- C:\System Volume Information
2009-01-05 19:34:43 ----D---- C:\Users\Julien\AppData\Roaming\Adobe
2009-01-05 14:53:20 ----D---- C:\Windows\system32\drivers
2009-01-05 01:57:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-01-04 08:53:31 ----A---- C:\vraylog.txt
2009-01-02 15:05:56 ----RD---- C:\Program Files (x86)
2008-12-31 10:36:46 ----HD---- C:\hp
2008-12-31 01:11:47 ----SD---- C:\Windows\Downloaded Program Files
2008-12-26 18:25:40 ----SHD---- C:\Windows\Installer
2008-12-26 18:23:54 ----D---- C:\Program Files (x86)\Adobe
2008-12-26 18:23:24 ----D---- C:\Windows\winsxs
2008-12-26 18:22:26 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-12-25 13:07:08 ----A---- C:\VundoFix.txt
2008-12-25 04:14:44 ----D---- C:\Program Files (x86)\Java
2008-12-25 04:13:28 ----D---- C:\Program Files (x86)\Common Files
2008-12-25 03:49:47 ----HD---- C:\ProgramData
2008-12-25 03:30:15 ----RD---- C:\Program Files
2008-12-25 03:26:52 ----D---- C:\Users\Julien\AppData\Roaming\LimeWire
2008-12-25 03:19:42 ----D---- C:\Windows\Debug
2008-12-22 03:32:16 ----D---- C:\Windows\rescache
2008-12-22 03:15:54 ----D---- C:\Windows\AppPatch
2008-12-22 03:15:54 ----D---- C:\Program Files (x86)\Windows Mail
2008-12-22 03:15:53 ----D---- C:\Windows\system32\nl-NL
2008-12-22 03:08:49 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 15:43:16 ----SHD---- C:\$Recycle.Bin
2008-12-11 15:42:43 ----RD---- C:\Users
2008-12-10 19:16:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-04 16:08:47 ----RSD---- C:\Windows\assembly
2008-12-04 02:05:01 ----SD---- C:\Users\Julien\AppData\Roaming\Microsoft
2008-12-03 05:31:30 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-24 20:24:52 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-23 20:59:08 ----D---- C:\Program Files (x86)\EA GAMES
2008-11-11 22:20:21 ----D---- C:\Windows\Logs
2008-11-11 21:50:51 ----D---- C:\Program Files (x86)\Activision
2008-11-05 01:36:38 ----D---- C:\Windows\ehome
2008-11-04 21:38:37 ----D---- C:\Program Files (x86)\EasyBits For Kids
2008-10-23 17:59:24 ----D---- C:\Program Files (x86)\Rail Simulator
2008-10-23 17:23:31 ----D---- C:\ProgramData\Media Center Programs
2008-10-22 00:52:24 ----D---- C:\Windows\Microsoft.NET
2008-10-22 00:44:41 ----D---- C:\Windows\system32\migration
2008-10-16 00:17:18 ----SD---- C:\ProgramData\Microsoft
2008-10-13 17:22:03 ----D---- C:\Users\Julien\AppData\Roaming\Winamp
2008-10-09 00:01:44 ----D---- C:\Users\Julien\AppData\Roaming\DAEMON Tools
2008-10-09 00:01:42 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 a1dyrtkt;a1dyrtkt; C:\Windows\system32\drivers\a1dyrtkt.sys []
S3 acxjl69o;acxjl69o; C:\Windows\system32\drivers\acxjl69o.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Julien\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys []
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-14 79360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour-service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-24 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-23 185640]
R3 iPod Service;iPod-service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-14 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 06 January 2009 - 09:23 AM

That looks a lot better.. How is the computer now?.. Lets do an online scan to make sure we get them all :thumbsup:


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 January 2009 - 03:14 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users