Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explore.exe 50% cpu usage all the time


  • This topic is locked This topic is locked
15 replies to this topic

#1 netherblood

netherblood

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 05 November 2009 - 04:03 PM

Sorry for my English, if it's not correctly spelled or something. (i'm from The Netherlands....)
I have the same problem as someone posted today. The explorer.exe is running 50% all the time. I have scanned my computer with several malware, virus en spyware scanners. But the explorer.exe doesn't go away.....
Rootrepeal doesn't work. It get's stuck when I scan (have tried it several times) (when it get's stuck I resetted my computer.)

here the DDS:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Alexander at 21:25:43,53 on do 05-11-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.986 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 091105-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Logitech\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
D:\Logitech\FxSvr2.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Itunes\iTunes.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Alexander\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LogitechSoftwareUpdate] d:\logitech\ManifestEngine.exe boot
uRun: [Simplify Media] "c:\program files\simplify media\SimplifyMedia.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] d:\logitech\ISStart.exe
mRun: [LogitechVideoTray] d:\logitech\LogiTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alexan~1\menust~1\progra~1\opstar~1\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\firefo~1.lnk - c:\program files\firefoxpreloader\FirefoxPreloader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: adobe.com\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://62.100.53.122/activex/AxisCamControl.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {F0C46420-B50B-4BA1-ADBE-C1ECF47E0916} - hxxp://81.204.252.155/XViewer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexan~1\applic~1\mozilla\firefox\profiles\afd2qehn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
FF - component: c:\documents and settings\alexander\application data\mozilla\firefox\profiles\afd2qehn.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-16 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-29 24652]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-8-14 21888]
S3 Clr0xcrrtat;Clr0xcrrtat; [x]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-23 29744]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-9-20 13225]

=============== Created Last 30 ================

2009-10-30 22:17:42 0 d-----w- c:\program files\iPod
2009-10-30 22:14:40 57820 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-28 15:07:01 98304 ----a-w- c:\windows\system32\CDJ-400_Asio.dll
2009-10-28 15:07:01 0 d-----w- c:\program files\Pioneer
2009-10-25 17:08:17 0 d-----w- c:\program files\Simplify Media
2009-10-15 14:45:02 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 23:58:06 41872 ----a-w- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2009-11-05 19:36:25 558574 ----a-w- c:\windows\system32\perfh013.dat
2009-11-05 19:36:25 109514 ----a-w- c:\windows\system32\perfc013.dat
2009-09-11 14:20:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05:37 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:32:11 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:32:05 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:32:04 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 17:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:02:17 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 11:36:18 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2008-08-29 17:17:52 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-08-29 17:17:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008082920080830\index.dat
2009-01-07 09:38:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-01-07 09:38:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-01-07 09:38:01 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:26:21,92 ===============

I hope you can help me!
thanks!


The explore.exe is now running normal... just 00 or 02....
Is this more often that it runs 50% for 3 hours and then just 00?
The Main question: is this a virus?
Thanks!

Just watching a film and want to look something at the internet, and my computer very slow....
Again it's 50%....

Hope you can help me! Thanks!

Edited by netherblood, 06 November 2009 - 06:36 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 10 November 2009 - 07:47 AM

Hello netherblood

Welcome to BleepingComputer :(

Please first uninstall one of the 2 antivirus programs that you have installed.
Eset or Avast that will help a lot.
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 11 November 2009 - 05:30 PM

Thanks for the Help!

Have done the things you said, hope i've done it right
here the three files:

OTL.txt:

OTL logfile created on: 11-11-2009 22:35:45 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Alexander\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,75% Memory free
3,35 Gb Paging File | 2,86 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 37,85 Gb Free Space | 48,44% Space Free | Partition Type: NTFS
Drive D: | 105,03 Gb Total Space | 45,24 Gb Free Space | 43,07% Space Free | Partition Type: NTFS
Drive E: | 49,72 Gb Total Space | 10,04 Gb Free Space | 20,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 281,92 Gb Free Space | 60,53% Space Free | Partition Type: NTFS
Drive N: | 931,28 Gb Total Space | 492,52 Gb Free Space | 52,89% Space Free | Partition Type: FAT32

Computer Name: GAME
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Alexander\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - D:\logitech\LogiTray.exe (Logitech Inc.)
PRC - D:\logitech\FxSvr2.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Alexander\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
MOD - C:\Program Files\AlienGUIse\wbhelp.dll (Stardock.Net, Inc)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$SONY_MEDIAMGR2) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (LycoFltr) -- C:\WINDOWS\system32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (sfvfs02) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwproxy.xs4all.nl:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.nl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.0.0
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.2
FF - prefs.js..extensions.enabledItems: {9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.6
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.ftp: "wwwproxy.xs4all.nl"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "wwwproxy.xs4all.nl"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "wwwproxy.xs4all.nl"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "wwwproxy.xs4all.nl"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "wwwproxy.xs4all.nl"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-06-22 14:31:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 02:02:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-07 13:36:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-11 08:02:51 | 00,000,000 | ---D | M]

[2008-06-19 16:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Extensions
[2008-06-19 16:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008-06-19 14:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-11 12:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions
[2008-11-22 13:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2009-09-21 20:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009-10-22 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}
[2009-08-16 11:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-11-11 12:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009-09-21 20:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\SkipScreen@SkipScreen
[2009-10-17 11:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\smarterwiki@wikiatic.com
[2008-06-19 14:41:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-07 13:36:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-07 13:36:47 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-07 13:36:47 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008-08-29 18:20:34 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007-04-10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007-12-19 02:58:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007-12-19 13:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009-11-07 13:36:49 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008-10-14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-06-22 14:31:28 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009-09-13 14:06:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009-09-13 14:06:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-09-13 14:06:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-09-13 14:06:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-09-13 14:06:45 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009-09-13 14:06:45 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009-09-13 14:06:45 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-06-22 14:31:40 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009-06-22 14:31:19 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007-04-16 18:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009-07-30 23:28:32 | 00,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2009-07-31 00:44:43 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-07-30 23:28:32 | 00,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2009-07-30 23:28:32 | 00,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2009-07-30 23:28:32 | 00,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2009-07-30 23:28:32 | 00,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: (676160 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 17879 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Koppelingen) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Koppelingen) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] D:\logitech\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] D:\logitech\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Alexander\Menu Start\Programma's\Opstarten\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: adobe.com ([www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: 302 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://62.100.53.122/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {F0C46420-B50B-4BA1-ADBE-C1ECF47E0916} http://81.204.252.155/XViewer.cab (XViewer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Preloader van browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Cache-daemon voor onderdeelcategorieën - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-12 00:04:18 | 00,000,067 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-04-01 13:53:24 | 00,000,071 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008-07-24 18:19:34 | 00,000,000 | ---D | M] - N:\autorun -- [ FAT32 ]
O33 - MountPoints2\{51cd060c-6020-11dd-be35-001a92631c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{51cd060c-6020-11dd-be35-001a92631c8d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{51cd060e-6020-11dd-be35-001a92631c8d}\Shell\AutoRun\command - "" = K:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{8c38cbdb-b1c6-11dd-be53-001a92631c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{8c38cbdb-b1c6-11dd-be53-001a92631c8d}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O33 - MountPoints2\{cab30b0a-672b-11dd-be36-001a92631c8d}\Shell\AutoRun\command - "" = N:\wd_windows_tools\WDSetup.exe -- [2008-06-19 12:46:02 | 01,760,476 | ---- | M] (Western Digital Corporation )
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\wd_windows_tools\WDSetup.exe -- [2008-06-19 12:46:02 | 01,760,476 | ---- | M] (Western Digital Corporation )
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-11 22:23:04 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Bureaublad\OTL.exe
[2009-11-09 22:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009-11-07 13:38:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009-11-05 21:14:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Alexander\Bureaublad\RootRepeal.exe
[2009-10-30 23:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-10-28 16:07:01 | 00,098,304 | ---- | C] (Pioneer Corporation.) -- C:\WINDOWS\System32\CDJ-400_Asio.dll
[2009-10-28 16:07:01 | 00,000,000 | ---D | C] -- C:\Program Files\Pioneer
[2009-10-25 18:08:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Simplify Media
[2009-10-15 15:45:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU
[2007-12-14 15:09:02 | 00,217,088 | ---- | C] ( ) -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007-08-09 14:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Alexander\Local Settings\Application Data\stdole.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-11 22:27:22 | 00,291,840 | ---- | M] () -- C:\uw20bg6q.exe
[2009-11-11 22:23:05 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Bureaublad\OTL.exe
[2009-11-11 22:20:15 | 16,515,072 | ---- | M] () -- C:\Documents and Settings\Alexander\ntuser.dat
[2009-11-11 10:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-11-11 03:25:00 | 01,266,296 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-11 03:25:00 | 00,558,574 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2009-11-11 03:25:00 | 00,490,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-11 03:25:00 | 00,109,514 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2009-11-11 03:25:00 | 00,089,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-11 03:20:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-11 03:20:46 | 01,584,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-11 03:20:46 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-11 03:20:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-11 03:19:01 | 00,000,288 | -HS- | M] () -- C:\Documents and Settings\Alexander\ntuser.ini
[2009-11-09 22:34:04 | 00,109,568 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-09 22:34:04 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-06 03:14:42 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-11-05 22:29:07 | 00,000,808 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-05 22:29:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-05 22:29:07 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-11-05 21:28:28 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alexander\Bureaublad\settings.dat
[2009-11-05 21:14:07 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Alexander\Bureaublad\RootRepeal.exe
[2009-11-05 21:13:30 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Alexander\Bureaublad\dds.scr
[2009-11-05 20:45:28 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Watch.lnk
[2009-11-05 20:45:28 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2009-11-05 18:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-11-04 11:51:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-11-01 20:04:13 | 00,071,398 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009-10-30 23:22:26 | 00,055,584 | ---- | M] () -- E:\Mijn Documenten\bookmarks firefox.html
[2009-10-30 23:18:17 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
[2009-10-30 23:14:40 | 00,057,820 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-10-28 16:38:00 | 00,006,883 | ---- | M] () -- C:\VirtualDJ Local Database v5.xml
[2009-10-21 05:08:56 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-10-21 05:08:56 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009-10-13 17:00:10 | 00,081,328 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-11 22:27:21 | 00,291,840 | ---- | C] () -- C:\uw20bg6q.exe
[2009-11-06 03:14:42 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-11-05 21:28:28 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alexander\Bureaublad\settings.dat
[2009-11-05 21:13:28 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Alexander\Bureaublad\dds.scr
[2009-11-05 20:45:28 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Watch.lnk
[2009-11-05 20:45:28 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2009-10-30 23:22:26 | 00,055,584 | ---- | C] () -- E:\Mijn Documenten\bookmarks firefox.html
[2009-10-30 23:18:17 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
[2009-10-30 23:14:40 | 00,057,820 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-09-16 14:26:33 | 04,576,764 | -H-- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\IconCache.db
[2009-08-02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009-07-18 14:46:30 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Alexander\Application Data\$_hpcst$.hpc
[2009-03-17 18:32:11 | 00,071,398 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-03-16 19:22:30 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-03-02 18:41:09 | 00,001,360 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008-10-12 12:54:56 | 00,000,277 | ---- | C] () -- C:\WINDOWS\game.ini
[2008-10-12 00:20:15 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008-10-12 00:04:18 | 00,001,194 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008-10-12 00:04:11 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008-10-12 00:04:11 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008-10-12 00:04:11 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008-10-12 00:04:11 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008-10-12 00:04:11 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008-10-11 23:28:55 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-07-01 23:50:27 | 00,000,594 | ---- | C] () -- C:\Documents and Settings\Alexander\Application Data\AutoGK.ini
[2008-07-01 18:31:01 | 01,274,997 | ---- | C] () -- C:\Documents and Settings\Alexander\Application Data\NMM-MetaData.db
[2007-12-01 16:09:31 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Alexander\Application Data\PnkBstrK.sys
[2007-11-26 17:39:35 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007-10-21 00:08:53 | 00,005,095 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xnwfyhdk.mld
[2007-10-11 22:03:56 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-09-20 16:07:34 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2007-09-19 20:01:01 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-09-19 20:00:59 | 00,109,568 | ---- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-09-19 19:55:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007-09-19 19:52:24 | 00,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-19 19:34:53 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\fusioncache.dat
[2007-09-19 18:41:06 | 00,007,849 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-09-19 18:32:01 | 00,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007-09-19 18:32:01 | 00,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007-09-19 18:30:11 | 00,013,423 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007-09-19 18:29:21 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007-09-19 18:29:07 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-09-19 18:28:36 | 00,081,328 | ---- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007-09-19 18:25:59 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007-09-19 18:25:59 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007-09-19 18:25:58 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007-09-19 18:25:58 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007-09-19 18:25:58 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007-09-19 18:25:58 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007-09-19 18:25:58 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007-09-19 18:25:58 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007-09-19 18:25:58 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007-09-19 18:25:58 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007-09-19 18:22:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Alexander\Application Data\desktop.ini
[2007-03-03 15:12:28 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\dbexpint.dll
[2006-08-11 14:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-08-11 14:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-08-11 14:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-08-11 14:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-08-11 14:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-08-11 14:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-03-02 13:00:00 | 00,000,808 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-12-07 10:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-12-20 17:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002-10-15 23:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2009-11-06 07:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Azureus
[2008-10-11 23:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\DAEMON Tools
[2008-05-23 23:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\InterVideo
[2008-04-26 22:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Leadertech
[2008-04-15 15:50:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\LimeWire
[2007-09-20 21:32:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\LimeWirePlus
[2008-07-20 16:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Nokia
[2008-09-02 18:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Notepad++
[2008-09-16 22:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\NSeries
[2007-11-24 22:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Obsidium
[2008-06-19 16:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Participatory Culture Foundation
[2008-07-01 17:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\PC Suite
[2008-08-29 23:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\PCF-VLC
[2009-03-17 00:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Publish Providers
[2007-11-26 16:45:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alexander\Application Data\SecuROM
[2009-03-17 00:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Sony
[2008-01-09 15:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\SystemRequirementsLab
[2008-09-10 15:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Thinstall
[2008-04-26 21:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Ubisoft
[2008-04-20 22:35:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\URSoft
[2008-02-07 19:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Windows Live Writer
[2007-11-23 22:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009-04-16 07:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2007-10-22 18:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008-07-01 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-08-23 13:08:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2008-07-01 17:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008-07-01 18:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008-10-12 00:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008-10-12 00:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008-08-14 10:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2008-12-29 04:53:54 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2008-10-12 00:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009-03-17 00:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009-11-11 22:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-04-26 21:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008-08-29 23:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009-03-13 20:42:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008-12-29 02:20:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2008-12-29 00:41:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009-09-13 14:08:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-04-08 15:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006-03-02 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-11 03:20:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >


Extras.txt:

OTL Extras logfile created on: 11-11-2009 22:35:45 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Alexander\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,75% Memory free
3,35 Gb Paging File | 2,86 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 37,85 Gb Free Space | 48,44% Space Free | Partition Type: NTFS
Drive D: | 105,03 Gb Total Space | 45,24 Gb Free Space | 43,07% Space Free | Partition Type: NTFS
Drive E: | 49,72 Gb Total Space | 10,04 Gb Free Space | 20,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 281,92 Gb Free Space | 60,53% Space Free | Partition Type: NTFS
Drive N: | 931,28 Gb Total Space | 492,52 Gb Free Space | 52,89% Space Free | Partition Type: FAT32

Computer Name: GAME
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire Plus\LimeWire.exe" = C:\Program Files\LimeWire Plus\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"D:\steam\steamapps\netherblood\counter-strike source\hl2.exe" = D:\steam\steamapps\netherblood\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\nfs underground\Speed.exe" = D:\nfs underground\Speed.exe:*:Enabled:Speed -- File not found
"D:\cod2\CoD2MP_s.exe" = D:\cod2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- File not found
"D:\steam\steam.exe" = D:\steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Alexander\Bureaublad\q3a\ChallengeQ3.exe" = C:\Documents and Settings\Alexander\Bureaublad\q3a\ChallengeQ3.exe:*:Enabled:ChallengeQ3 -- File not found
"D:\DC++\DCPlusPlus.exe" = D:\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Documents and Settings\Alexander\Bureaublad\q3a\quake3.exe" = C:\Documents and Settings\Alexander\Bureaublad\q3a\quake3.exe:*:Enabled:quake3 -- File not found
"D:\DC++\Downloads\UnrealTournament\System\UnrealTournament.exe" = D:\DC++\Downloads\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- File not found
"D:\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"D:\Program Files\GameSpy Arcade\Aphex.exe" = D:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\F.E.A.R\fpupdate.exe" = D:\F.E.A.R\fpupdate.exe:*:Enabled:fpupdate -- File not found
"D:\World of Warcraft\WoW-2.2.0-enGB-downloader.exe" = D:\World of Warcraft\WoW-2.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Azureus\Azureus.exe" = D:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\counter-strike 1.6\Counter-Strike Condition Zero 1.2 build 2771\hl.exe" = D:\counter-strike 1.6\Counter-Strike Condition Zero 1.2 build 2771\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Alexander\Application Data\U3\0001487163903B8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Alexander\Application Data\U3\0001487163903B8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\pinnacle(Goed)\programs\RM.exe" = D:\pinnacle(Goed)\programs\RM.exe:*:Enabled:Render Manager -- File not found
"D:\pinnacle(Goed)\programs\Studio.exe" = D:\pinnacle(Goed)\programs\Studio.exe:*:Enabled:Studio -- File not found
"D:\pinnacle(Goed)\programs\PMSRegisterFile.exe" = D:\pinnacle(Goed)\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"D:\pinnacle(Goed)\programs\umi.exe" = D:\pinnacle(Goed)\programs\umi.exe:*:Enabled:umi -- File not found
"D:\Call of Duty 4\iw3mp.exe" = D:\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Itunes\iTunes.exe" = D:\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}" = Scratch Live 1.9.1 (19136)
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18BA2F73-9F8E-4938-860E-F7BC31531608}" = Windows Communication Foundation Language Pack - NLD
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{29C22873-B939-4EF9-B6E3-1EFE7FA391D1}" = ASUS nVidia Driver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{301BEB64-7C38-4BB5-8F94-62E6160532C8}" = Nokia Download!
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars®
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A41F810-D0AF-4B50-8F11-C242C76F6D24}" = Nokia Nseries PC Suite
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC829AD-026C-4ABD-99EA-1152869E229C}" = Brain Breaker Starters
"{7EE94A24-188A-4D98-9018-37857701996E}" = Nokia Photos
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}" = Nokia NSeries Application Installer
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{89A33B7F-A5C2-4F18-AD71-AC29278507B7}" = Nokia NSeries One Touch Access
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISER_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISER_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISER_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90870373-8351-4F73-B5C1-73A9A01BAAEA}" = Nokia NSeries Content Copier
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-0052-0413-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97B21A40-E5B6-4887-9CC4-38FB416A2998}" = Nokia NSeries System Utilities
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1" = Hitman Pro
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06BD059-8EDE-41F3-B91A-73C2C6811187}" = Windows Workflow Foundation NL Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-software
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA585226-334C-4411-8F52-0C7F58BC932A}" = Nokia NSeries Music Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer
"{D99B2022-8C8B-4F47-8B7F-D6ECC3562B51}" = Media Manager 2.4
"{DB69E0FB-FF6C-4C47-A048-C66710E79EE6}" = Microsoft Office Communicator 2007
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-configuratieprogramma
"{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync
"{FE5D756F-71E1-47C4-972A-D6775344B40B}" = Nokia Software Updater
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-stuurprogrammapakket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-stuurprogrammapakket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0
"avast!" = avast! Antivirus
"Azureus Vuze" = Azureus Vuze
"CDJ-400" = Pioneer CDJ-400 Driver
"C-Media Oxygen HD Sound" = Razer Barracuda AC-1 Gaming Audio Card
"Collab" = Collab
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis Wars®" = Crysis Wars®
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fiesta Online" = Fiesta Online 1.01.000
"Firefox Preloader_is1" = Firefox Preloader
"FL Studio 8" = FL Studio 8
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.12.3
"lvdrivers_11.50" = Logitech QuickCam-stuurprogrammapakket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
"Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MixMeister Studio 7.1.1_is1" = MixMeister Studio 7.1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Need for Speed Shift_is1" = Need for Speed Shift
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia NSeries Application Installer" = Nokia NSeries Application Installer 6.83.11
"Nokia NSeries Content Copier" = Nokia NSeries Content Copier 6.83.11
"Nokia NSeries Music Manager" = Nokia NSeries Music Manager 6.83.11
"Nokia NSeries One Touch Access" = Nokia NSeries One Touch Access 6.83.11
"Nokia NSeries System Utilities" = Nokia NSeries System Utilities 6.83.11
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"packagefactory_is1" = PackageFactory for U3 (build 100)
"Picasa2" = Picasa 2
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-stuurprogramma
"RealPlayer 6.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"Toxic Biohazard" = Toxic Biohazard
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"InstallShield_{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27-9-2007 11:53:21 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\familiedag 2007\P9220329.JPG failed, 0000001E.

Error - 17-10-2007 17:18:29 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ftp.freenet.de/pub/filepilot/window...klcodec350s.exe
failed, 0000001E.

Error - 26-4-2008 17:22:48 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\RONLAPTOP\SharedDocs\Mijn afbeeldingen\Thumbs.db failed, 00000005.

Error - 6-12-2008 14:14:39 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://kongshare.com/ScriptResource.axd?d=...435102452331250
failed, 0000A413.

Error - 10-12-2008 2:00:35 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\df04b0db7a2579ff2983576f327ed088\BIT162.tmp
failed, 00000026.

Error - 13-12-2008 8:49:07 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Hurk\data (h)\Mijn afbeeldingen\FOTO'S HONDJES\BEERTJE 3E NEST OKT 2008\Thumbs.db
failed, 00000035.

Error - 14-12-2008 8:19:45 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Hurk\data (h)\Mijn afbeeldingen\FOTO'S HONDJES\P3140131.JPG failed, 00000035.


Error - 20-9-2009 11:53:14 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping
- server DOWN???, 00000002.

Error - 6-11-2009 7:08:13 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.ondertitel.com/tiny_mce/plugins...ditor_plugin.js failed,
0000A413.

Error - 8-11-2009 14:14:42 | Computer Name = GAME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://statisch.marktplaats.com/js/widgets...min.js?20091019 failed, 0000A413.


[ Application Events ]
Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

Error - 10-11-2009 18:45:41 | Computer Name = GAME | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:29 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:30 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:30 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.

Error - 9-11-2009 17:20:30 | Computer Name = GAME | Source = Service Control Manager | ID = 7023
Description = De Application Management-service is gestopt met de volgende foutcode:
%%126.


< End of report >


Results.log:

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-11 23:22:54
Windows 5.1.2600 Service Pack 3
Running: uw20bg6q.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\pgtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9C46A6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9C46A574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9C46AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9C46A14C]
SSDT spob.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spob.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9C46A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9C46A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9C46A0F0]
SSDT spob.sys ZwQueryKey [0xBA6C7108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9C46A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9C46A72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9C46A8AE]

INT 0x63 ? 8A5A1BF8
INT 0x73 ? 8A5A1BF8
INT 0x82 ? 8A614BF8
INT 0x94 ? 8A374F00
INT 0xB4 ? 8A5A4BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x9C47382E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x9C473678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x9C4737AC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 9C4737B0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP 9C47367C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP 9C473832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spob.sys Het systeem kan het opgegeven bestand niet vinden. !
.text USBPORT.SYS!DllUnload B874F8AC 5 Bytes JMP 8A3744E0
.text a1k1hbbc.SYS B8633386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a1k1hbbc.SYS B86333AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a1k1hbbc.SYS B86333C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a1k1hbbc.SYS B86333C9 1 Byte [2E]
.text a1k1hbbc.SYS B86333C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spob.sys
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\a1k1hbbc.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A6121F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 898AF4B0

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8A375500
Device \Driver\usbehci \Device\USBPDO-1 8A360500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5A21F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5A21F8
Device \Driver\Cdrom \Device\CdRom0 8A366500
Device \Driver\nvata \Device\00000072 8A5A11F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5A21F8
Device \Driver\Cdrom \Device\CdRom1 8A366500
Device \Driver\atapi \Device\Ide\IdePort0 [BA621B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA621B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 [BA621B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5A21F8
Device \Driver\nvata \Device\00000074 8A5A11F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89BB51F8
Device \Driver\NetBT \Device\NetbiosSmb 89BB51F8
Device \Driver\usbstor \Device\00000086 89A64500
Device \Driver\NetBT \Device\NetBT_Tcpip_{145F635E-60F6-4441-9AFD-14595457AACF} 89BB51F8
Device \Driver\PCI_PNP3872 \Device\0000004e spob.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbstor \Device\00000089 89A64500

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8A375500
Device \Driver\nvata \Device\NvAta0 8A5A11F8
Device \Driver\usbehci \Device\USBFDO-1 8A360500
Device \Driver\sptd \Device\2145511372 spob.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898AC500
Device \Driver\nvata \Device\NvAta1 8A5A11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898AC500
Device \Driver\Ftdisk \Device\FtControl 8A5A21F8
Device \Driver\usbstor \Device\0000008a 89A64500
Device \Driver\usbstor \Device\0000008b 89A64500
Device \Driver\usbstor \Device\0000008c 89A64500
Device \Driver\a1k1hbbc \Device\Scsi\a1k1hbbc1 8A368500
Device \Driver\a1k1hbbc \Device\Scsi\a1k1hbbc1Port5Path0Target0Lun0 8A368500
Device \Driver\JRAID \Device\Scsi\JRAID1 8A6131F8
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Fastfat \Fat 898AF4B0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 89A52500
Device \Driver\nvata -> \Driver\nvata \Device\Harddisk0\DR0 8A5A11F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x5A 0x5A 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0xB1 0xE3 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x7C 0xB5 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x5A 0x5A 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0xB1 0xE3 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAD 0x7C 0xB5 0x28 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----




I hope I posted the right things
Thanks for te help!!

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 12 November 2009 - 07:24 AM

Yes you did.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 12 November 2009 - 09:36 AM

Here the content of Systemlook.txt:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:33 on 12/11/2009 by Alexander (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [16:16 29/08/2008] [12:00 02/03/2006] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [12:00 02/03/2006] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [17:30 19/09/2007] [12:00 02/03/2006] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys --a--- 95360 bytes [17:30 19/09/2007] [12:00 02/03/2006] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 12 November 2009 - 01:53 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 13 November 2009 - 05:53 PM

Ok The results here:


C:\WINDOWS\$NtServicePackUninstall$\atapi.sys:

Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.12 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2942 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.12 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.894 2009.11.11 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5202 2009.11.13 -
NOD32 4603 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2034 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.12 -
Extra informatie
File size: 95360 bytes
MD5 : cdfe4411a69c224bd1d11b2da92dac51
SHA1 : a42fbfeb5a4d94118b483d7f18113aa8c329a052
SHA256: 0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x155F7
timedatestamp.....: 0x41107B4D (Wed Aug 4 07:59:41 2004)
machinetype.......: 0x14C (Intel I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x9672 0x9680 6.45 70b67d65eb28dcccdcba61a31c4d40e2
NONPAGE 0x9A00 0x18E8 0x1900 6.48 5629c7db94fbcf0123c267ec52f0c942
.rdata 0xB300 0xA54 0xA80 4.37 569d2979d21f645730a1a59fd512d25c
.data 0xBD80 0xD94 0xE00 0.44 77b784be18c5257bf3b9c132a03019db
PAGESCAN 0xCB80 0x154F 0x1580 6.15 d1c7adb0c1e5491b58c485d62076561f
PAGE 0xE100 0x5F54 0x5F80 6.46 0951fe4f10eee3d01d5d5aab9a0472bc
INIT 0x14080 0x22A0 0x2300 6.48 4354ab341533bda39d4f4dc3548ef9bd
.rsrc 0x16380 0x3F0 0x400 3.40 0184b21986944fd39532f818b4c642ab
.reloc 0x16780 0xCF0 0xD00 6.46 ae8fd4a932f7899f6257876856210914

( 3 imports )

> hal.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, PoCallDriver, IoCreateDevice, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, KeCancelTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, RtlCopyUnicodeString, memmove, MmHighestUserAddress
> wmilib.sys: WmiSystemControl, WmiCompleteRequest

( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...1d11b2da92dac51
ssdeep: 1536:BVzXEOXUOyD8HT6OhAVJqNoQrPs2W7IDdXBoDZYkvR5TJWBwEsjG0cXFIQ0bbZPO:BVL/Eiz6OhrNoQzsnwBoDjR51hljrckO
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: ATAPI.SYS, atapi.sys
( Microsoft )

Disc 2438.5: atapi.sysMSDN Disc 2428.4: atapi.sysMSDN Disc 2428.5: atapi.sysMSDN Disc 2428.8: atapi.sysMSDN Disc 2438.7: atapi.sysMSDN Disc 2438.8: atapi.sysMSDN Disc 2439.6: atapi.sysMSDN Disc 2439.7: atapi.sysMSDN Disc 2439.8: atapi.sysMSDN Disc 2440.3: atapi.sysMSDN Disc 2440.4: atapi.sysMSDN Disc 2440.5: atapi.sysMSDN Disc 2441.5: atapi.sysMSDN Disc 2441.6: atapi.sysMSDN Disc 2441.7: atapi.sysMSDN Disc 2442.4: atapi.sysMSDN Disc 2442.6: atapi.sysMSDN Disc 2443.2: atapi.sysMSDN Disc 2443.4: atapi.sysMSDN Disc 2444.3: atapi.sysMSDN Disc 2444.3: atapi.sysMSDN Disc 2444.4: atapi.sysMSDN Disc 2444.6: atapi.sysMSDN Disc 2455.6: atapi.sysMSDN Disc 2464.5: atapi.sysMSDN Disc 2465.4: atapi.sysMSDN Disc 2465.5: atapi.sysMSDN Disc 2466.2: atapi.sysMSDN Disc 2466.4: atapi.sysMSDN Disc 2476.2: atapi.sysMSDN Disc 2476.4: atapi.sysMSDN Disc 2477.2: atapi.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: atapi.sysVirtual PC for Mac Windows XP Home Edition: atapi.sysVirtual PC for Mac Windows XP Professional Edition: atapi.sys



C:\WINDOWS\ServicePackFiles\i386\atapi.sys

Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.5.0.41 2009.11.10 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.10 -
Antiy-AVL 2.0.3.7 2009.11.10 -
Authentium 5.2.0.5 2009.11.10 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.10 -
BitDefender 7.2 2009.11.10 -
CAT-QuickHeal 10.00 2009.11.10 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2905 2009.11.10 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 Win32.Rootkit
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
F-Secure 9.0.15370.0 2009.11.09 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.10 -
Ikarus T3.1.1.74.0 2009.11.10 -
Jiangmin 11.0.800 2009.11.10 -
K7AntiVirus 7.10.892 2009.11.09 -
Kaspersky 7.0.0.125 2009.11.10 -
McAfee 5797 2009.11.09 -
McAfee+Artemis 5797 2009.11.09 -
McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5202 2009.11.10 -
NOD32 4592 2009.11.10 -
Norman 6.03.02 2009.11.09 -
nProtect 2009.1.8.0 2009.11.10 -
Panda 10.0.2.2 2009.11.09 -
PCTools 7.0.3.5 2009.11.10 -
Prevx 3.0 2009.11.13 -
Rising 22.21.01.09 2009.11.10 -
Sophos 4.47.0 2009.11.10 -
Sunbelt 3.2.1858.2 2009.11.10 -
Symantec 1.4.4.12 2009.11.10 -
TheHacker 6.5.0.2.064 2009.11.09 -
TrendMicro 9.0.0.1003 2009.11.10 -
VBA32 3.12.10.11 2009.11.09 -
ViRobot 2009.11.10.2029 2009.11.10 -
VirusBuster 4.6.5.0 2009.11.09 -
Extra informatie
File size: 96512 bytes
MD5 : 9f3a2f5aa6875c72bf062c712cfa2674
SHA1 : a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159F7
timedatestamp.....: 0x4802539D (Sun Apr 13 20:40:29 2008)
machinetype.......: 0x14C (Intel I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97BA 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9B80 0x18E8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xB480 0xA64 0xA80 4.31 8523651899e28819a14bf9415af25708
.data 0xBF00 0xD94 0xE00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xCD00 0x157F 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xE280 0x61DA 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22BE 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3E0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16B80 0xD20 0xD80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...f062c712cfa2674
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1KbDD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-

C:\WINDOWS\system32\drivers\atapi.sys


Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.5.0.41 2009.11.10 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.10 -
Antiy-AVL 2.0.3.7 2009.11.10 -
Authentium 5.2.0.5 2009.11.10 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.10 -
BitDefender 7.2 2009.11.10 -
CAT-QuickHeal 10.00 2009.11.10 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2905 2009.11.10 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 Win32.Rootkit
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
F-Secure 9.0.15370.0 2009.11.09 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.10 -
Ikarus T3.1.1.74.0 2009.11.10 -
Jiangmin 11.0.800 2009.11.10 -
K7AntiVirus 7.10.892 2009.11.09 -
Kaspersky 7.0.0.125 2009.11.10 -
McAfee 5797 2009.11.09 -
McAfee+Artemis 5797 2009.11.09 -
McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5202 2009.11.10 -
NOD32 4592 2009.11.10 -
Norman 6.03.02 2009.11.09 -
nProtect 2009.1.8.0 2009.11.10 -
Panda 10.0.2.2 2009.11.09 -
PCTools 7.0.3.5 2009.11.10 -
Prevx 3.0 2009.11.13 -
Rising 22.21.01.09 2009.11.10 -
Sophos 4.47.0 2009.11.10 -
Sunbelt 3.2.1858.2 2009.11.10 -
Symantec 1.4.4.12 2009.11.10 -
TheHacker 6.5.0.2.064 2009.11.09 -
TrendMicro 9.0.0.1003 2009.11.10 -
VBA32 3.12.10.11 2009.11.09 -
ViRobot 2009.11.10.2029 2009.11.10 -
VirusBuster 4.6.5.0 2009.11.09 -
Extra informatie
File size: 96512 bytes
MD5 : 9f3a2f5aa6875c72bf062c712cfa2674
SHA1 : a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x159F7
timedatestamp.....: 0x4802539D (Sun Apr 13 20:40:29 2008)
machinetype.......: 0x14C (Intel I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97BA 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9B80 0x18E8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xB480 0xA64 0xA80 4.31 8523651899e28819a14bf9415af25708
.data 0xBF00 0xD94 0xE00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xCD00 0x157F 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xE280 0x61DA 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22BE 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3E0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16B80 0xD20 0xD80 6.39 ce2b0898cc0e40b618e5df9099f6be45

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...f062c712cfa2674
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1KbDD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-


C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys


Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.12 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2942 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.12 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.894 2009.11.11 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5202 2009.11.13 -
NOD32 4603 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2034 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.12 -
Extra informatie
File size: 95360 bytes
MD5 : cdfe4411a69c224bd1d11b2da92dac51
SHA1 : a42fbfeb5a4d94118b483d7f18113aa8c329a052
SHA256: 0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x155F7
timedatestamp.....: 0x41107B4D (Wed Aug 4 07:59:41 2004)
machinetype.......: 0x14C (Intel I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x9672 0x9680 6.45 70b67d65eb28dcccdcba61a31c4d40e2
NONPAGE 0x9A00 0x18E8 0x1900 6.48 5629c7db94fbcf0123c267ec52f0c942
.rdata 0xB300 0xA54 0xA80 4.37 569d2979d21f645730a1a59fd512d25c
.data 0xBD80 0xD94 0xE00 0.44 77b784be18c5257bf3b9c132a03019db
PAGESCAN 0xCB80 0x154F 0x1580 6.15 d1c7adb0c1e5491b58c485d62076561f
PAGE 0xE100 0x5F54 0x5F80 6.46 0951fe4f10eee3d01d5d5aab9a0472bc
INIT 0x14080 0x22A0 0x2300 6.48 4354ab341533bda39d4f4dc3548ef9bd
.rsrc 0x16380 0x3F0 0x400 3.40 0184b21986944fd39532f818b4c642ab
.reloc 0x16780 0xCF0 0xD00 6.46 ae8fd4a932f7899f6257876856210914

( 3 imports )

> hal.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, PoCallDriver, IoCreateDevice, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, KeCancelTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, RtlCopyUnicodeString, memmove, MmHighestUserAddress
> wmilib.sys: WmiSystemControl, WmiCompleteRequest

( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...1d11b2da92dac51
ssdeep: 1536:BVzXEOXUOyD8HT6OhAVJqNoQrPs2W7IDdXBoDZYkvR5TJWBwEsjG0cXFIQ0bbZPO:BVL/Eiz6OhrNoQzsnwBoDjR51hljrckO
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: ATAPI.SYS, atapi.sys
( Microsoft )

Disc 2438.5: atapi.sysMSDN Disc 2428.4: atapi.sysMSDN Disc 2428.5: atapi.sysMSDN Disc 2428.8: atapi.sysMSDN Disc 2438.7: atapi.sysMSDN Disc 2438.8: atapi.sysMSDN Disc 2439.6: atapi.sysMSDN Disc 2439.7: atapi.sysMSDN Disc 2439.8: atapi.sysMSDN Disc 2440.3: atapi.sysMSDN Disc 2440.4: atapi.sysMSDN Disc 2440.5: atapi.sysMSDN Disc 2441.5: atapi.sysMSDN Disc 2441.6: atapi.sysMSDN Disc 2441.7: atapi.sysMSDN Disc 2442.4: atapi.sysMSDN Disc 2442.6: atapi.sysMSDN Disc 2443.2: atapi.sysMSDN Disc 2443.4: atapi.sysMSDN Disc 2444.3: atapi.sysMSDN Disc 2444.3: atapi.sysMSDN Disc 2444.4: atapi.sysMSDN Disc 2444.6: atapi.sysMSDN Disc 2455.6: atapi.sysMSDN Disc 2464.5: atapi.sysMSDN Disc 2465.4: atapi.sysMSDN Disc 2465.5: atapi.sysMSDN Disc 2466.2: atapi.sysMSDN Disc 2466.4: atapi.sysMSDN Disc 2476.2: atapi.sysMSDN Disc 2476.4: atapi.sysMSDN Disc 2477.2: atapi.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: atapi.sysVirtual PC for Mac Windows XP Home Edition: atapi.sysVirtual PC for Mac Windows XP Professional Edition: atapi.sys


Thanks for help!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 14 November 2009 - 06:18 AM

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 14 November 2009 - 06:39 PM

Hi, It gives a sign that nod 32 is working. But I have uninstalled nod...
It's not in the list of program access and defaults. Also I searched for files named "nod32" "ESET" "nod" and more... with everything but no file where found...
What do I have to do?

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 14 November 2009 - 07:18 PM

That is ok please proceed anyway if it isn't there then it will not interfere.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 15 November 2009 - 10:15 AM

Ok did the scan
Here the content of the file:

ComboFix 09-11-15.02 - Alexander 15-11-2009 16:00..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1281 [GMT 1:00]
Gestart vanuit: e:\mijn documenten\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091115-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexander\Favorieten\Videos.url
c:\documents and settings\Alexander\Menu Start\Programma's\Videos.url
C:\LOG2A1.tmp
C:\LOG31.tmp
C:\LOG39.tmp
C:\LOG3A.tmp
N:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-15 to 2009-11-15 ))))))))))))))))))))))))))))))
.

2009-11-11 22:48 . 2009-11-14 23:31 -------- d-----w- c:\program files\Everything
2009-11-11 21:27 . 2009-11-11 21:27 291840 ----a-w- C:\uw20bg6q.exe
2009-11-07 12:38 . 2009-11-07 12:38 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-07 12:38 . 2009-11-11 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-05 22:00 . 2009-11-05 22:00 10628032 ----a-w- c:\documents and settings\Alexander\Application Data\Azureus\tmp\AZU33725.tmp\Vuze_4.2.0.8b_win32.exe
2009-11-05 19:41 . 2009-11-05 19:41 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2009-10-30 22:17 . 2009-10-30 22:17 -------- d-----w- c:\program files\iPod
2009-10-30 22:14 . 2009-10-30 22:14 57820 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-30 22:10 . 2009-10-30 22:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 15:07 . 2009-10-28 15:07 -------- d-----w- c:\program files\Pioneer
2009-10-28 15:07 . 2008-07-17 09:47 98304 ----a-w- c:\windows\system32\CDJ-400_Asio.dll
2009-10-25 17:08 . 2009-11-05 21:26 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Simplify Media
2009-10-22 18:02 . 2007-03-09 10:40 77824 ----a-w- c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 15:11 . 2006-03-02 12:00 558574 ----a-w- c:\windows\system32\perfh013.dat
2009-11-15 15:11 . 2006-03-02 12:00 109514 ----a-w- c:\windows\system32\perfc013.dat
2009-11-15 15:09 . 2007-09-20 21:13 -------- d-----w- c:\documents and settings\Alexander\Application Data\Xfire
2009-11-11 21:30 . 2008-03-11 15:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-11 02:20 . 2007-09-20 21:13 -------- d-----w- c:\program files\Xfire
2009-11-11 02:03 . 2007-10-19 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 22:46 . 2008-08-06 20:58 -------- d-----w- c:\documents and settings\Alexander\Application Data\U3
2009-11-06 06:30 . 2007-11-23 21:16 -------- d-----w- c:\documents and settings\Alexander\Application Data\Azureus
2009-11-05 19:45 . 2008-03-11 16:45 -------- d-----w- c:\program files\Lavasoft
2009-11-05 19:43 . 2007-10-19 23:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-05 19:41 . 2008-03-11 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 19:38 . 2008-03-11 15:47 -------- d-----w- c:\program files\SpywareGuard
2009-10-30 22:17 . 2007-09-20 15:05 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 14:45 . 2009-03-16 23:14 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-13 16:00 . 2007-09-19 17:28 81328 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 05:50 . 2007-10-19 23:46 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 18:36 . 2009-01-21 19:02 -------- d-----w- c:\program files\Microsoft
2009-09-27 15:34 . 2007-10-19 23:23 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-16 17:00 . 2008-07-30 23:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-16 12:28 . 2009-09-16 12:28 57344 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}\NewShortcut7_7771B2A712EF4ED6B9E64A04820E098E.exe
2009-09-16 12:28 . 2009-09-16 12:28 57344 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}\NewShortcut1_7771B2A712EF4ED6B9E64A04820E098E.exe
2009-09-11 14:20 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-09-27 15:33 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-09-27 15:33 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-09-27 15:33 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-09-27 15:33 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-09-27 15:33 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-09-27 15:33 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-09-27 15:33 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-09-27 15:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:32 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:32 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:32 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 17:42 . 2008-09-11 22:08 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 17:42 . 2007-09-20 15:05 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2007-09-19 18:31 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-09-19 18:31 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-09-19 18:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-16 22:16 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-16 22:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-09-19 18:31 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-09-19 18:31 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-09-19 18:31 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-09-19 18:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2008-08-29 17:20 . 2008-08-23 12:09 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="d:\logitech\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="d:\logitech\LogiTray.exe" [2005-06-08 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-11-6 3152272]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2008-10-9 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk]
path=c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Menu Start^Programma's^Opstarten^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Menu Start^Programma's^Opstarten^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
path=c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Menu Start^Programma's^Opstarten^Stardock ObjectDock.lnk]
path=c:\documents and settings\Alexander\Menu Start\Programma's\Opstarten\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Air Mouse.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Nokia Nseries PC Suite.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"d:\\steam\\steamapps\\netherblood\\counter-strike source\\hl2.exe"=
"d:\\steam\\steam.exe"=
"d:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Call of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16-4-2008 23:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16-4-2008 23:16 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [29-8-2008 23:35 24652]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [14-8-2008 10:56 21888]
S3 Clr0xcrrtat;Clr0xcrrtat; [x]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23-8-2008 13:09 29744]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27-5-2009 2:27 29262680]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [20-9-2007 15:49 13225]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Inhoud van de 'Gedeelde Taken' map

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\www
DPF: {F0C46420-B50B-4BA1-ADBE-C1ECF47E0916} - hxxp://81.204.252.155/XViewer.cab
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
FF - component: c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\afd2qehn.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-AlienGUIse Theme Manager - c:\progra~1\ALIENG~1\thememgr.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 16:07
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5681F8]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1757981266-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1004336348-1757981266-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:b1,77,a6,f3,d1,dc,10,cc,82,a1,88,d0,91,3f,73,03,0d,d4,96,63,9b,
c4,83,df,8b,9d,dc,04,b3,3e,af,45,52,c3,7e,52,31,ce,0a,c6,f5,7c,a8,01,c6,da,\
"rkeysecu"=hex:82,56,e2,95,29,5a,2a,fb,76,2c,c9,27,19,0d,04,18
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
d:\logitech\FxSvr2.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Voltooingstijd: 2009-11-15 16:13 - machine werd herstart
ComboFix-quarantined-files.txt 2009-11-15 15:13

Pre-Run: 40.380.649.472 bytes beschikbaar
Post-Run: 51.743.363.072 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B242AD3A8E5CCE1885895193C253D320


Thanks!

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 15 November 2009 - 01:54 PM

How are things running now?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 16 November 2009 - 04:56 AM

:( no high exlorer.exe seen til now
I think it's fully gone :(

thanks!!!!!

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:52 PM

Posted 16 November 2009 - 10:03 PM

Very good.
Please uninstall Viewpoint or anything that says Viewpoint.
------------------

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 netherblood

netherblood
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 17 November 2009 - 10:31 AM

Super!!!! thanks!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users