Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antimalware doctor


  • This topic is locked This topic is locked
74 replies to this topic

#1 JeroenV

JeroenV

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 25 October 2010 - 02:42 AM

I caught antimalware doctor on saturday evening, i immediatly used rkill to terminate it and scanned with mbam (both a fast and full scan) yet it wasn't gone after that. I scanned with housecall and even now it's not gone, althought most of the popups are.

everytime i log back in on my pc it pops up and the same map (i manually delete everytime) is back at its spot. it's in appdata\roaming\weirdname

forgot how i get the scan log of housecall

here are the scan logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4929

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23/10/2010 22:43:51
mbam-log-2010-10-23 (22-43-51).txt

Scantype: Volledige scan (C:\|D:\|F:\|G:\|)
Objecten gescand: 60795
Verstreken tijd: 21 minuut/minuten, 31 seconde(n)

Geheugenprocessen ge´nfecteerd: 12
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 11
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 14

Geheugenprocessen ge´nfecteerd:
C:\Users\Jeroen\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\nlctmqm4vi.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\fh0d2edv.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\fhqln.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\483830.exe (Heuristics.Shuriken) -> Failed to unload process.
C:\Users\Jeroen\AppData\Local\Temp\user.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\winlogon.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeroen\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> Unloaded process successfully.

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgpsid (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgnlb (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgnsc (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgomc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgouqc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgmzgkyen\appdata\local\temp\avszkd6rwecbhhf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgnz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgssc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfnzkfgpz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
C:\Users\Jeroen\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\nlctmqm4vi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\fh0d2edv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\fhqln.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\483830.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Users\Jeroen\AppData\Local\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\avszkd6rwecbhhf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4929

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23/10/2010 23:02:11
mbam-log-2010-10-23 (23-02-11).txt

Scantype: Snelle scan
Objecten gescand: 157364
Verstreken tijd: 9 minuut/minuten, 32 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 5
Registerwaarden ge´nfecteerd: 6
Registerdata ge´nfecteerd: 1
Mappen ge´nfecteerd: 2
Bestanden ge´nfecteerd: 29

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefnvzcxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefnjbaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefndcaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS\Config\csrss.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysogp32.exe (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\irkipq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\audzl9v58r4lnjo4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\bxnxwj.exe (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\sstol.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\471C.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\471D.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\f6zvg0t0gzw4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\gq81c.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\ajpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\~TMCBD6.tmp (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\~TMD058.tmp (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\~TMD4CB.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\riqzg55a.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\rr37w.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\70AC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\tsjni.dll (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Users\Jeroen\AppData\Local\Temp\vz5h9a49.dll (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Users\Jeroen\AppData\Local\Temp\k7fmvci.dll (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Users\Jeroen\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Jeroen\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4929

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24/10/2010 12:16:35
mbam-log-2010-10-24 (12-16-35).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 435964
Verstreken tijd: 2 uur/uren, 36 minuut/minuten, 48 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 3
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 6

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefndcaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefnjbaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nftfeefnvzcxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Jeroen\Downloads\Anno 1404 CrackOnly\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
C:\Users\Jeroen\AppData\Local\Temp\k7fmvci.dll (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Users\Jeroen\AppData\Local\Temp\vz5h9a49.dll (Trojan.Downloader.Gen) -> Delete on reboot.
C:\Users\Jeroen\AppData\Local\Temp\tsjni.dll (Trojan.Downloader.Gen) -> Delete on reboot.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 02 November 2010 - 06:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 07 November 2010 - 04:13 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 08 November 2010 - 09:27 AM

Reopened at OP's request. Please follow the instructions in post 2 above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 08 November 2010 - 09:54 AM

Hi,

There's one problem when i try to create a gmer log. At some point in the program it stops working and when i try to restart the program i get a BSOD and the laptop restarts.

Here are the OTL logs. i put nr1 & nr2 so you can easily find them, i noticed they're quite big.

I also did a scan with housecall and it noted me of 2 trojans, but the program told me that it could be normal files.
I can't seem to find the log so here's a screenshot to show it
http://img225.imageshack.us/img225/5685/logfa.jpg

NR1
OTL logfile created on: 8/11/2010 14:27:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jeroen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000813 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
11,00 Gb Paging File | 9,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,76 Gb Total Space | 108,03 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive D: | 228,00 Gb Total Space | 178,51 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Drive E: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS

Computer Name: PC_VAN_JEROEN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 14:08:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
PRC - [2010/10/30 09:04:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/11/04 03:24:52 | 000,667,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/08 01:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/09/24 09:58:36 | 006,335,008 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/08/25 09:51:50 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/25 09:51:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/10 12:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 12:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 11:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 11:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 14:08:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/03/04 19:54:51 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2008/01/21 03:24:58 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/21 03:24:13 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/21 03:23:53 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/21 03:23:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2008/01/21 03:23:52 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2008/01/21 03:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/12 09:49:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 09:48:57 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/02/24 02:55:00 | 003,506,124 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/19 10:42:21 | 000,436,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\1235779546\Jeroen1235779546L.exe -- (.1235779546)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/07/10 12:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 12:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/09 11:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006/02/01 23:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jeroen\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2010/10/09 14:28:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/09 14:28:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/07/09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/03/12 09:49:20 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 09:49:12 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 09:49:00 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/03/12 09:48:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/12 09:48:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/11 14:38:27 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/10/12 08:05:55 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/12/23 08:25:46 | 000,243,712 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008/09/24 09:31:06 | 002,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/28 03:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/04 05:54:34 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/08/04 05:54:30 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/08/04 05:54:24 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/07/22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/06/25 22:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel®
DRV - [2008/03/21 04:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 02:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/29 01:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 01:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/11/14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2004/01/26 16:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/01/26 16:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 34 96 B8 01 94 90 40 4E AE FB E6 29 A3 8B C3 1A [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 34 96 B8 01 94 90 40 4E AE FB E6 29 A3 8B C3 1A [binary data]

IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://bb.kdg.be/webapps/portal/frameset.jsp
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 34 96 B8 01 94 90 40 4E AE FB E6 29 A3 8B C3 1A [binary data]
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.be"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668add}:0.7.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {D591A8AF-267A-4626-AB5E-B37F643B7046}:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {7596d5df-ae1f-4505-9169-93d4525c3152}:1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "www.google.be"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=nl_EU&apn_uid=AC749160-64AA-47F5-8D36-0AF4A9946DDA&apn_ptnrs=UG&apn_sauid=BE75DF9A-9049-4E90-AE85-D0CFB5724FC1&apn_dtid=&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 09:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 09:05:09 | 000,000,000 | ---D | M]

[2009/07/18 16:10:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Extensions
[2009/07/18 16:10:51 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/11/07 14:46:39 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions
[2010/04/19 13:33:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/10/25 08:29:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/25 08:29:33 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/29 12:38:46 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/10/25 08:29:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/05 20:04:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}
[2010/10/24 15:52:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/25 08:29:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 19:00:07 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668add}
[2010/02/05 20:23:36 | 000,000,000 | ---D | M] (FFComponent) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{e45a0de0-b4de-11de-8a39-0800200c9a66}
[2010/10/20 15:59:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/31 18:17:20 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/07/18 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\ChoiceGuard@Microsoft
[2010/10/25 08:29:36 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\DTToolbar@toolbarnet.com
[2010/05/13 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\mozilla\Firefox\Profiles\4zevry4z.default\extensions\radiobar@toolbar
[2010/08/16 22:09:52 | 000,002,385 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\askcom.xml
[2010/01/13 18:53:49 | 000,002,172 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\bing.xml
[2010/03/24 15:12:38 | 000,000,917 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\conduit.xml
[2009/10/12 08:08:17 | 000,000,523 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\daemon-search.xml
[2010/04/11 21:14:49 | 000,010,017 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\mywebsearch.xml
[2010/08/31 18:17:18 | 000,003,915 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\sweetim.xml
[2010/04/19 13:34:21 | 000,001,201 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\winamp-search.xml
[2010/10/31 21:02:19 | 000,002,315 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\Mozilla\FireFox\Profiles\4zevry4z.default\searchplugins\wot-safe-search.xml
[2010/10/24 16:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 11:15:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/24 16:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/02/05 20:23:21 | 000,000,000 | ---D | M] (TabQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D591A8AF-267A-4626-AB5E-B37F643B7046}
[2009/12/31 10:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/07/18 16:14:36 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/10/30 09:05:01 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/10/30 09:05:01 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/02/05 20:23:21 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery118.xml
[2010/02/05 22:32:37 | 000,002,388 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tabquery119.xml
[2010/10/30 09:05:01 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/10/30 09:05:01 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010/10/30 09:05:01 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010/08/31 13:47:41 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003..\Run: [android 1] C:\Users\Jeroen\AppData\Local\Temp\~TMD4EB.tmp (PFMGR)
O4 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003..\Run: [formtell70700loadraw.exe] C:\Users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0\formtell70700loadraw.exe File not found
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-584992422-2063136800-1232671703-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a992091d-73a3-11de-86a5-00234eeee9db}\Shell\AutoRun\command - "" = G:\myfolder\myfile.exe -- File not found
O33 - MountPoints2\{a992091d-73a3-11de-86a5-00234eeee9db}\Shell\open\command - "" = G:\myfolder\myfile.exe -- File not found
O33 - MountPoints2\{e64eb4a0-b6fd-11de-ba1a-00234eeee9db}\Shell - "" = AutoRun
O33 - MountPoints2\{e64eb4a0-b6fd-11de-ba1a-00234eeee9db}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: iso70700ultrabox.exe - hkey= - key= - C:\Users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0\iso70700ultrabox.exe File not found
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\Windows\System32\MSAUD32.ACM (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 14:18:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2010/10/27 12:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2010/10/26 05:57:59 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0
[2010/10/24 16:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/24 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/23 21:13:00 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/10/23 21:12:51 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/18 20:39:07 | 000,000,000 | ---D | C] -- C:\Users\Jeroen\AppData\Local\PunkBuster
[2010/10/14 19:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/14 19:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/14 19:01:50 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/10/14 19:01:38 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/10/09 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jeroen\Documents\*.tmp files -> C:\Users\Jeroen\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2055/09/19 07:29:11 | 000,002,012 | ---- | M] () -- C:\Windows\System32\NAV_75_cltDynam.dat
[2010/11/08 14:08:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jeroen\Desktop\OTL.exe
[2010/11/08 13:34:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 13:34:14 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/08 10:08:50 | 000,779,138 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/11/08 10:08:50 | 000,698,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/08 10:08:50 | 000,169,902 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/11/08 10:08:50 | 000,144,298 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 10:04:02 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/08 10:02:26 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/11/08 10:02:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 10:02:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 22:28:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/07 21:12:40 | 000,137,960 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/11/07 21:12:02 | 000,235,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/10/27 12:25:22 | 002,373,712 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010/10/26 07:56:27 | 000,052,736 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 20:00:19 | 000,069,147 | ---- | M] () -- C:\Users\Jeroen\Documents\VBPrak db2.pdf
[2010/10/25 11:34:18 | 000,000,680 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\d3d9caps.dat
[2010/10/25 08:25:34 | 000,000,524 | ---- | M] () -- C:\Users\Jeroen\Desktop\rkill - Snelkoppeling.lnk
[2010/10/23 21:13:05 | 000,000,177 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\812.bat
[2010/10/23 21:13:01 | 000,000,016 | ---- | M] () -- C:\Users\Jeroen\AppData\Roaming\dxqkew.dat
[2010/10/18 08:09:45 | 000,001,700 | ---- | M] () -- C:\Users\Jeroen\Desktop\BYOND.lnk
[2010/10/14 18:29:48 | 000,379,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 13:03:45 | 000,208,439 | ---- | M] () -- C:\Users\Jeroen\AppData\Local\debuggee.mdmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jeroen\Documents\*.tmp files -> C:\Users\Jeroen\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 20:00:19 | 000,069,147 | ---- | C] () -- C:\Users\Jeroen\Documents\VBPrak db2.pdf
[2010/10/25 08:25:34 | 000,000,524 | ---- | C] () -- C:\Users\Jeroen\Desktop\rkill - Snelkoppeling.lnk
[2010/10/23 21:13:05 | 000,000,177 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\812.bat
[2010/10/23 21:13:00 | 000,000,016 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\dxqkew.dat
[2010/10/18 20:39:13 | 000,235,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/10/18 20:34:13 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/10/14 19:01:50 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/10/12 13:03:43 | 000,208,439 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\debuggee.mdmp
[2010/10/10 13:43:24 | 000,000,055 | ---- | C] () -- C:\Users\Jeroen\Documents\Engine.ini
[2010/10/09 14:28:04 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/10/09 14:28:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/09/01 14:57:46 | 000,000,036 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\housecall.guid.cache
[2010/06/10 14:47:50 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/19 13:43:07 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/19 13:43:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/19 13:43:06 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/19 13:43:06 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/19 13:43:05 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/06 16:22:39 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/02/05 20:31:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/17 10:05:07 | 000,001,440 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/07 21:52:12 | 000,052,736 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 20:24:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/12/19 20:24:10 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/10/12 08:05:55 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/01 09:27:39 | 000,137,960 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/01 09:27:39 | 000,022,328 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\PnkBstrK.sys
[2009/10/01 09:27:14 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/09/14 11:53:06 | 000,000,680 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\d3d9caps.dat
[2009/08/26 19:22:51 | 000,000,552 | ---- | C] () -- C:\Users\Jeroen\AppData\Local\d3d8caps.dat
[2009/08/20 11:42:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/20 11:40:13 | 000,000,179 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\setup.log
[2009/08/20 11:40:08 | 000,000,760 | ---- | C] () -- C:\Users\Jeroen\AppData\Roaming\setup_ldm.iss
[2009/07/18 17:25:22 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2009/07/18 15:55:30 | 000,000,536 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/18 20:17:02 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/18 20:17:01 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/18 09:41:54 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009/02/18 09:41:54 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009/02/18 09:37:55 | 000,003,468 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009/02/18 09:36:40 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2009/02/18 08:28:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/10/28 07:45:34 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0
[2009/07/24 17:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Acoustica
[2010/09/01 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Atari
[2010/03/14 12:42:28 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\AVG9
[2010/04/20 07:32:43 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\CodeLite
[2009/10/12 08:05:42 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\DAEMON Tools
[2010/01/15 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Facebook
[2010/03/25 22:39:43 | 000,000,000 | -H-D | M] -- C:\Users\Jeroen\AppData\Roaming\ijjigame
[2010/10/04 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\LimeWire
[2010/08/23 13:43:22 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Opera
[2009/12/19 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\PC Suite
[2009/12/19 20:23:48 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Samsung
[2010/09/20 08:37:13 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\SpeedSim
[2009/12/21 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\Unity
[2010/10/23 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Jeroen\AppData\Roaming\uTorrent
[2010/11/08 10:02:26 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/11/07 22:28:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:24:26 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\eventcls.dll
[2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >
[2010/08/31 14:39:46 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/08 10:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/25 22:31:17 | 000,001,167 | ---- | M] () -- C:\ijjiFFPlugin.log
[2009/02/27 11:49:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/27 11:49:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/08 10:02:05 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
[2009/02/18 09:30:10 | 000,001,564 | ---- | M] () -- C:\RHDSetup.log
[2010/10/26 05:58:05 | 000,000,379 | ---- | M] () -- C:\rkill.log
[2009/07/18 14:43:06 | 000,000,086 | ---- | M] () -- C:\Setup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/21 03:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Files - Unicode (All) ==========
[2010/03/26 13:14:47 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?o) -- C:\Windows\System32\Πŏ
[2010/03/26 13:14:47 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?o) -- C:\Windows\System32\Πŏ

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:538A295C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A384652A

< End of report >

NR2
OTL Extras logfile created on: 8/11/2010 14:27:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jeroen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000813 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
11,00 Gb Paging File | 9,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,76 Gb Total Space | 108,03 Gb Free Space | 47,43% Space Free | Partition Type: NTFS
Drive D: | 228,00 Gb Total Space | 178,51 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Drive E: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS

Computer Name: PC_VAN_JEROEN | User Name: Jeroen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Users\Jeroen\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe ()

[HKEY_USERS\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Jeroen\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Jeroen\AppData\Roaming\av.exe" = C:\Users\Jeroen\AppData\Roaming\av.exe:*:Enabled:Windows Messanger -- File not found
"C:\Users\Jeroen\AppData\Local\Temp\BS.exe" = C:\Users\Jeroen\AppData\Local\Temp\BS.exe:*:Enabled:Windows Messanger -- ()
"C:\Program Files\Subagames\ACE Online\Launcher.atm" = C:\Program Files\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2 -- ()
"C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19CFFD2A-2F4A-4D98-A0F4-ED7A1091E0F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{1B0A9663-3C79-48E0-A2CA-A78C29E51606}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F5884E2-5B85-4EDB-AD0F-F41563E72FD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5B646E11-B6F6-4552-AFAD-475A0232EEDD}" = rport=138 | protocol=17 | dir=out | app=system |
"{677BB54C-F7A9-4C7C-A731-D5ABD16E74F3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6DB85545-7B00-4793-911C-886AAFC85E61}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E97DA88-55D9-4363-B985-49351EA493B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77E1EF40-1FF0-44C5-97DC-BF277E256BC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C219510-5E4B-43B2-AC6F-9B0604FF7129}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E2AEF3C-DA64-487B-9D19-7098CE4547BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FC73CA3-3BAF-4970-89C9-93969ADD4C03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8272AE6C-33AA-4511-A372-732B4B10B314}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88163BCE-706B-4440-8182-1993FD1BAED5}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8AA4ED96-B6FD-4B62-B1E7-8E1EFB2C7196}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{99738B71-12E0-4753-AA66-C848114115F5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B37823F1-33F3-41B7-9D58-66399A8D4678}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0D72858-E653-494D-ADC8-30DB7C68EAA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15A08C0-17AA-4B88-88C5-86582D4CCE3A}" = rport=139 | protocol=6 | dir=out | app=system |
"{E833B278-5B9E-4533-B18A-C48125B9BB7D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9969DBC-F703-4DEE-A631-060E4489AADA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA20F409-527B-46A1-997F-73B2C29A67E4}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0134C222-6BF5-4B6B-ACF3-1547A941FC3A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0ABFF33D-B4FC-4F93-9CDD-61E35D7F836A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{10DD4905-604D-4021-8695-46BFC3734DFE}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{1AC41C6A-2565-46CB-BD63-E4A2CF23A890}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F6F413A-9153-4D02-97EB-61D44DD4BC6C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2A9F9F30-ACF9-456A-925E-844CEAF15BB8}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{2FB2F61C-6E90-486D-85BA-5D20EE9A4A9F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32B666DD-BC21-407B-90E2-52BAD5101EB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AC52D34-BEFC-4E36-8DDA-DFBAEEDFA110}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4E0B3EB8-B9E4-499F-AEB4-34EFA8C7ADA5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4EAD9C44-810C-4F31-921C-7CD605395F1E}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{58D5E3E1-42BA-467B-A414-E842A27B30F1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{58FF2095-68E6-4CD1-8D34-18C3B9E732F8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{5B1F8072-305B-41B6-9BAE-4608B8C8CA3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69C86741-B350-4EFE-90A9-3C25B00FD73E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6D1CDBDF-5324-4140-9850-826E08121EC5}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{6DEA1637-7203-4434-B0B6-54DB0F3E1CD6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6E549E83-77AB-4D76-A951-8509887AE71A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{70F23188-4EF5-4874-9827-EB83450D1080}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{72B96AD4-A9DC-4576-BC9A-2C763F89BBCA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{72CD9E0F-526E-4C4F-9168-5F2C80783ECB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{75AAD974-A72E-47CE-9559-27CE0260D6C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79F3E954-E0F2-4293-8008-2F83A84BC54E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7BA1EB0E-991E-4C3B-A92E-FB85F669520B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{81940C04-BC9A-4877-95FE-F8BB90288E91}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{84E8B38B-48CD-450A-B03E-A7BF104FA179}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8750B0ED-F9FA-4DF4-A663-CF2A523D3409}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{8E268928-4278-4213-A72B-5566C241F39D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{918B4E82-0949-434E-9295-2D7183E8347F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9920F5F0-AB7B-4AED-A6F8-B78112C50D9E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A26E8ED6-3A61-4C87-B1AF-9ADF3440F710}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{A537CBEA-CDDC-4D51-A492-F73231F7A2EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A5F2772D-4CDD-4E6E-B043-4810E12D2906}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{ADEE431D-D68C-4A8A-8092-0D4A50D2BABA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B0BFD584-E330-4EA5-8BD6-B5CA6437D853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B421FBA8-1A1D-47D0-832A-9429B3D7F04E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B470ABE9-7B50-4334-98E9-E0EC0C7E7C9D}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{B6B81246-B3A0-4E32-927E-479CA4A9E948}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C30B525B-2D01-4A26-A988-F662163F529A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{C4B633D6-27AF-4985-A2F6-84CD4E480B56}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CD02D4BA-DB3C-44E9-9865-F3BDA10B2365}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D54F4414-216B-4CDF-B77C-8C6497007D0C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D78E2CD0-4FCD-4059-B9D9-57567FA88360}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2B575A0-ECC7-437C-A88E-B7042304E0B8}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{EDAF0844-A780-4721-A6A8-43050AF7364C}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{F2967825-A2E4-4496-8742-B5460EAB8A4D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{02EF5D6D-07C8-411D-AFAB-47FF70D2DDD0}C:\users\jeroen\downloads\anarchyonline_18.1.1-small.exe" = protocol=6 | dir=in | app=c:\users\jeroen\downloads\anarchyonline_18.1.1-small.exe |
"TCP Query User{106CBA63-203F-44C7-81D6-A06A79603A64}C:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe |
"TCP Query User{1B685678-D843-4A18-A063-D90006184431}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2549FCBA-1574-46A1-86DA-93EC1F63B629}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{437A5B61-0967-4415-B9B2-7FA37744577D}C:\program files\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"TCP Query User{4F6BE1FB-98FD-4A8A-B513-16B7D12AC9A6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{581BFBC9-317C-41B0-BFFD-7A5B8027E085}C:\program files\java\jdk1.6.0_16\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\bin\java.exe |
"TCP Query User{71CD8FF7-56D8-4A08-8B81-9CBCD1419915}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{8366370E-8497-402F-8119-544B9FFB6D6A}C:\users\jeroen\appdata\local\aptana studio 2.0\aptanastudio.exe" = protocol=6 | dir=in | app=c:\users\jeroen\appdata\local\aptana studio 2.0\aptanastudio.exe |
"TCP Query User{A150CD12-4D96-4A8E-B32F-34E159831B65}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{B1E7E671-7343-4311-8EBD-0B1EFF91600A}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{CC5A7054-1680-46C0-AC1C-80222BCA0FF4}C:\program files\subagames\ace online\res-voip\scvoip.exe" = protocol=6 | dir=in | app=c:\program files\subagames\ace online\res-voip\scvoip.exe |
"TCP Query User{CE5BE016-0FB7-40C3-971F-12573E441CE7}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{DE0E7873-745D-498B-95E8-A7A982068CE4}C:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe |
"TCP Query User{E61BFFFB-2AB0-4954-8C1D-8FAE63351D71}C:\program files\java\jdk1.6.0_16\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\bin\java.exe |
"UDP Query User{0FE5A88A-FA87-42BF-9B7F-9069C9C923C3}C:\program files\subagames\ace online\res-voip\scvoip.exe" = protocol=17 | dir=in | app=c:\program files\subagames\ace online\res-voip\scvoip.exe |
"UDP Query User{1868E320-EC33-4D8C-A68E-9E96A5AE41FF}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{1F43CEA5-45A9-484C-8BBA-B42BA66E5D85}C:\users\jeroen\appdata\local\aptana studio 2.0\aptanastudio.exe" = protocol=17 | dir=in | app=c:\users\jeroen\appdata\local\aptana studio 2.0\aptanastudio.exe |
"UDP Query User{29CC21B3-6A81-4394-B058-884FF6AF8779}C:\program files\java\jdk1.6.0_16\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\bin\java.exe |
"UDP Query User{3B4F0250-24E7-4788-95DC-BC2B5986CF21}C:\users\jeroen\downloads\anarchyonline_18.1.1-small.exe" = protocol=17 | dir=in | app=c:\users\jeroen\downloads\anarchyonline_18.1.1-small.exe |
"UDP Query User{3F7D8C26-C9D1-4030-B1C8-144A9AFBC622}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{5AD66EB7-B910-4745-B86C-8818176A3F39}C:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe |
"UDP Query User{60027C9A-579B-4BD8-816B-F8F9951C3E25}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{643650C5-BA1A-4F7C-9006-A3BC356768C6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{655AEEF5-B858-4648-B134-9B1BCC1B45CE}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{757D8B4B-EBA6-47C6-AD87-991B8113DD9F}C:\program files\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"UDP Query User{842E875E-EC12-4DF6-A0D3-8FB57D4F150B}C:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 8.1.3\bin\idea.exe |
"UDP Query User{88814EFC-552A-4576-8766-E078934B0FBF}C:\program files\java\jdk1.6.0_16\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\bin\java.exe |
"UDP Query User{E577BE8E-C204-4764-83D3-AC9C7DEB4CCB}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{F6B2D624-C564-4CE0-982B-316B67A373D8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-0000-4000-1800-0000836BD2D2}" = Microsoft Business Solutions-Navision 4.0
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6500
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B5BFFF9-9D55-45AF-9390-AA4DC1C4EEFE}" = Microsoft SQL Server Desktop Engine
"{62012DD0-5B43-464C-BC62-68DE5B1B73DE}" = Windows Live Movie Maker
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel« Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-2 2.1.0.0 Full Setup
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1043-7B44-A91000000001}" = Adobe Reader 9.1 - Nederlands
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars™
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51109E7-3818-4BC2-B3FD-A59AC2378A2B}" = Windows Live Toolbar
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Aptana Studio 2.0" = Aptana Studio 2.0
"BlueJ_is1" = BlueJ 2.5.2
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.0
"CodeLite_is1" = CodeLite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"GameSpy Arcade" = GameSpy Arcade
"Gunz" = ijji - Gunz
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IntelliJ IDEA 8.1.3" = IntelliJ IDEA 8.1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Standard)
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office tweede editie runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"New X Editor 3" = New X Editor 3
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"RarZilla Free Unrar" = RarZilla Free Unrar
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SpeedSim" = SpeedSim
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TabQuery" = TabQuery 1.0 build 119
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = ÁTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zoo Tycoon 1.0" = Zoo Tycoon Expanded

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-584992422-2063136800-1232671703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Applicatie Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/09/2010 10:17:30 | Computer Name = PC_van_Jeroen | Source = Windows Search Service | ID = 3013
Description =

Error - 17/09/2010 10:17:44 | Computer Name = PC_van_Jeroen | Source = Windows Search Service | ID = 3013
Description =

Error - 17/09/2010 10:17:44 | Computer Name = PC_van_Jeroen | Source = Windows Search Service | ID = 3013
Description =

Error - 18/09/2010 3:55:26 | Computer Name = PC_van_Jeroen | Source = WinMgmt | ID = 10
Description =

Error - 18/09/2010 15:36:33 | Computer Name = PC_van_Jeroen | Source = WinMgmt | ID = 10
Description =

Error - 19/09/2010 3:07:06 | Computer Name = PC_van_Jeroen | Source = WinMgmt | ID = 10
Description =

Error - 19/09/2010 16:49:22 | Computer Name = PC_van_Jeroen | Source = Application Hang | ID = 1002
Description = Programma winamp.exe, versie 5.5.7.2830 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar
is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen
in het Configuratiescherm controleren. Proces-id: 18c0 Starttijd: 01cb580a17e91be9
Eindtijd:
1825

Error - 20/09/2010 3:09:22 | Computer Name = PC_van_Jeroen | Source = WinMgmt | ID = 10
Description =

Error - 21/09/2010 0:43:31 | Computer Name = PC_van_Jeroen | Source = WinMgmt | ID = 10
Description =

Error - 21/09/2010 3:30:18 | Computer Name = PC_van_Jeroen | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 21/03/2010 12:17:34 | Computer Name = PC_van_Jeroen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7002
Description =

Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7000
Description =

Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7009
Description =

Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7000
Description =

Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7000
Description =

Error - 8/11/2010 5:02:19 | Computer Name = PC_van_Jeroen | Source = Service Control Manager | ID = 7024
Description =

Error - 8/11/2010 5:02:34 | Computer Name = PC_van_Jeroen | Source = Dhcp | ID = 1002
Description = De IP-adreslease 192.168.1.2 voor de netwerkkaart met netwerkadres
0022FA2EB0E2 is geweigerd door de DHCP-server 12.12.12.12. De DHCP-server heeft
een DHCPNACK-bericht verzonden.

Error - 8/11/2010 5:02:53 | Computer Name = PC_van_Jeroen | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 8/11/2010 8:34:19 | Computer Name = PC_van_Jeroen | Source = ipnathlp | ID = 31004
Description = De DNS-proxy-agent kan geen 0 bytes geheugen toewijzen. Dit kan wijzen
op het feit dat het systeem weinig virtueel geheugen heeft of dat geheugenbeheer
een interne fout heeft gevonden.

Error - 8/11/2010 8:34:25 | Computer Name = PC_van_Jeroen | Source = Dhcp | ID = 1002
Description = De IP-adreslease 10.132.112.187 voor de netwerkkaart met netwerkadres
0022FA2EB0E2 is geweigerd door de DHCP-server 0.0.0.0. De DHCP-server heeft een
DHCPNACK-bericht verzonden.


< End of report >





Thanks in advance for your help

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 09 November 2010 - 07:12 PM

Hello, JeroenV.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire, uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.







Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.






You also have these questionable toolbars installed
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
DAEMON Tools Toolbar


You can remove them via Add/Remove Programs. See here for more information:
http://forums.spybot.info/showthread.php?p=374590#post374590
http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search=32099AAC-C132-4136-9E9A-4E364A424E17



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker

  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 12 November 2010 - 03:37 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R710
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 160):
0x82C19000 \SystemRoot\system32\ntoskrnl.exe
0x82FC3000 \SystemRoot\system32\hal.dll
0x8AC06000 \SystemRoot\system32\kdcom.dll
0x8AC0E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AC6E000 \SystemRoot\system32\PSHED.dll
0x8AC7F000 \SystemRoot\system32\BOOTVID.dll
0x8AC87000 \SystemRoot\system32\CLFS.SYS
0x8ACC8000 \SystemRoot\system32\CI.dll
0x8ADA8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE24000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE31000 \SystemRoot\system32\drivers\acpi.sys
0x8AE77000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AE80000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AE88000 \SystemRoot\system32\drivers\pci.sys
0x8AEAF000 \SystemRoot\System32\drivers\partmgr.sys
0x8AEBE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AEC1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AECB000 \SystemRoot\system32\drivers\volmgr.sys
0x8AEDA000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AF24000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B000000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B0D0000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x8B118000 \SystemRoot\system32\drivers\atapi.sys
0x8B120000 \SystemRoot\system32\drivers\ataport.SYS
0x8B13E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B170000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B180000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B1F1000 \SystemRoot\system32\drivers\ndis.sys
0x8B2FC000 \SystemRoot\system32\drivers\msrpc.sys
0x8B327000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B401000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B505000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B614000 \SystemRoot\system32\drivers\volsnap.sys
0x8B64D000 \SystemRoot\System32\Drivers\spldr.sys
0x8B655000 \SystemRoot\System32\drivers\sfhlp01.sys
0x8B657000 \SystemRoot\System32\drivers\prosync1.sys
0x8B659000 \SystemRoot\System32\drivers\SCSIPORT.SYS
0x8B67F000 \SystemRoot\System32\drivers\prohlp02.sys
0x8B697000 \SystemRoot\System32\Drivers\mup.sys
0x8B6A6000 \SystemRoot\System32\drivers\ecache.sys
0x8B6CD000 \SystemRoot\system32\drivers\disk.sys
0x8B6DE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B6FF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B708000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x8B714000 \SystemRoot\System32\Drivers\AVGIDSvx.sys
0x8B361000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B36C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F809000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90287000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90289000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90328000 \SystemRoot\System32\drivers\watchdog.sys
0x90335000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90340000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9037E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9038D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90404000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9078C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x907D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x907DC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x907EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9039F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x907FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x903CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x903DA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B375000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B384000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B3B2000 \SystemRoot\system32\DRIVERS\storport.sys
0x903F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF34000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B3F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF4B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF6E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF7D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF91000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x907FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AFB6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFE0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFEA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90805000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90839000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9084A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90A5B000 \SystemRoot\system32\drivers\portcls.sys
0x90A88000 \SystemRoot\system32\drivers\drmk.sys
0x90AAD000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90ACA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90AD3000 \SystemRoot\System32\Drivers\Null.SYS
0x90ADA000 \SystemRoot\System32\Drivers\Beep.SYS
0x90AEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90AF1000 \SystemRoot\System32\drivers\vga.sys
0x90AFD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90B1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90B26000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90B2E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90B39000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90B47000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90B50000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x90B5A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90B70000 \SystemRoot\system32\DRIVERS\smb.sys
0x90B84000 \SystemRoot\System32\Drivers\avgtdix.sys
0x90BBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91806000 \SystemRoot\system32\drivers\afd.sys
0x9184E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91864000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91872000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91885000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x918C1000 \SystemRoot\System32\drivers\prodrv06.sys
0x918CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x918D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x918EF000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x918F5000 \SystemRoot\System32\Drivers\avgldx86.sys
0x91929000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91940000 \SystemRoot\System32\Drivers\VMC302.sys
0x9197C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91985000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91995000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x9199C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x919A4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x919AC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x919B8000 \SystemRoot\System32\Drivers\bthport.sys
0x919F2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x91A03000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x91A0D000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x91A27000 \SystemRoot\system32\drivers\btwavdt.sys
0x91A8E000 \SystemRoot\system32\drivers\btwaudio.sys
0x91B0E000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x91B11000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x91B27000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B71D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81C60000 \SystemRoot\System32\win32k.sys
0x91B34000 \SystemRoot\System32\drivers\Dxapi.sys
0x91B3E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81E80000 \SystemRoot\System32\TSDDD.dll
0x81EA0000 \SystemRoot\System32\cdd.dll
0x91B4D000 \SystemRoot\system32\drivers\luafv.sys
0x91B68000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0xA080E000 \SystemRoot\system32\drivers\spsys.sys
0xA08BD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA08CD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA08F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0901000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0914000 \SystemRoot\system32\drivers\HTTP.sys
0xA0981000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA099E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA09B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA09CC000 \SystemRoot\system32\drivers\mrxdav.sys
0xA09EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0A0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0A44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0A5C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0A84000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0AEA000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA0B2D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA5804000 \SystemRoot\system32\drivers\peauth.sys
0xA58E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA58EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA58F8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA591E000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0x76E70000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 SYSTEM
484 C:\Windows\System32\smss.exe
552 csrss.exe
612 csrss.exe
620 C:\Windows\System32\wininit.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\audiodg.exe
1140 C:\Windows\System32\SLsvc.exe
1180 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\winlogon.exe
1356 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\wlanext.exe
1572 C:\Windows\System32\taskeng.exe
1652 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\nvvsvc.exe
1720 C:\Windows\System32\svchost.exe
828 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
616 C:\Windows\System32\svchost.exe
1336 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
496 C:\Windows\System32\FsUsbExService.Exe
2028 C:\Windows\System32\svchost.exe
972 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2088 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2108 C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
2156 C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
2212 C:\Windows\System32\svchost.exe
2232 oracle.exe
2688 C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
2732 C:\Windows\System32\svchost.exe
2752 C:\Windows\System32\PnkBstrA.exe
2764 C:\Windows\System32\svchost.exe
2776 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2804 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2824 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2868 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2900 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2920 C:\Windows\System32\svchost.exe
3004 C:\Windows\System32\svchost.exe
3032 C:\Windows\System32\SearchIndexer.exe
3596 C:\Windows\System32\alg.exe
3724 WmiPrvSE.exe
2460 C:\Windows\System32\dwm.exe
1788 C:\Windows\System32\taskeng.exe
2008 C:\Windows\explorer.exe
2724 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2820 C:\Windows\System32\taskeng.exe
3616 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2056 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3868 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2832 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2968 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
824 C:\Program Files\Windows Media Player\wmpnscfg.exe
2568 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3464 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3256 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3968 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
648 C:\Program Files\Windows Media Player\wmpnetwk.exe
4400 C:\Windows\System32\mobsync.exe
4580 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4692 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4832 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4876 C:\Windows\System32\wuauclt.exe
5596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4792 C:\Program Files\Internet Explorer\ieuser.exe
5884 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
4216 C:\Windows\System32\SearchProtocolHost.exe
4984 C:\Windows\System32\SearchFilterHost.exe
6080 dllhost.exe
6088 dllhost.exe
5248 C:\Users\Jeroen\Desktop\MBRCheck.exe
3796 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`70900000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 13 November 2010 - 06:43 AM

Hello, JeroenV.
Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 13 November 2010 - 08:16 AM

here is the log:

note 1: i downloaded frostwire to get some songs but i deinstalled after downloading them. (really sorry about that, i know i shouldn't have done that)

note 2: during the program i got these warnings:
pev.cfxxe is damaged, c:\program files\ windows media player\en-US
pev.cfxxe is damaged, c:\program files\ windows media player\nl-US

and one more thing: while combofix was removing files & maps and was making the log report everything dissapeared. Everything being my taskbar & icons.


thanks in advance for your help


ComboFix 10-11-12.04 - Jeroen 13/11/2010 13:47:27.1.4 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6001.1.1252.32.1043.18.3066.1395 [GMT 1:00]
Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jeroen\AppData\Roaming\020000008e811fab777C.manifest
c:\users\Jeroen\AppData\Roaming\020000008e811fab777O.manifest
c:\users\Jeroen\AppData\Roaming\020000008e811fab777P.manifest
c:\users\Jeroen\AppData\Roaming\020000008e811fab777S.manifest
c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}
c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}\chrome.manifest
c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}\chrome\xulcache.jar
c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}\defaults\preferences\xulcache.js
c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{7596d5df-ae1f-4505-9169-93d4525c3152}\install.rdf
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-13 to 2010-11-13 ))))))))))))))))))))))))))))))
.

2010-11-12 08:22 . 2010-11-12 08:38 -------- d-----w- c:\users\Jeroen\AppData\Roaming\FrostWire
2010-11-12 08:20 . 2010-11-13 12:46 -------- d-----w- c:\program files\FrostWire
2010-11-10 10:26 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-27 11:25 . 2010-10-27 11:25 -------- d-----w- c:\programdata\id Software
2010-10-27 09:21 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:21 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 04:57 . 2010-10-28 06:45 -------- d-----w- c:\users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0
2010-10-24 15:34 . 2010-10-24 15:34 -------- d-----w- c:\program files\Common Files\Java
2010-10-24 15:33 . 2010-09-15 02:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-24 15:33 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 20:13 . 2010-10-23 20:13 177 ----a-w- c:\users\Jeroen\AppData\Roaming\812.bat
2010-10-18 19:39 . 2010-11-09 14:42 235248 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-18 19:39 . 2010-10-18 19:39 -------- d-----w- c:\users\Jeroen\AppData\Local\PunkBuster
2010-10-18 19:34 . 2010-10-27 11:25 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-14 18:05 . 2010-10-14 18:05 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-14 18:03 . 2010-10-14 18:06 -------- d-----w- c:\program files\NVIDIA Corporation

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:42 . 2009-10-01 08:27 137960 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-09 14:42 . 2009-10-01 08:27 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-18 19:34 . 2009-10-01 08:27 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-09 13:52 . 2000-12-06 11:02 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2010-10-09 13:28 . 2010-10-09 13:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-10-09 13:28 . 2010-10-09 13:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-09-23 08:31 . 2010-09-21 07:44 1680064 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-09-23 08:24 . 2010-09-21 07:44 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-21 07:29 . 2010-09-21 07:29 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-09-20 09:25 . 2010-10-14 10:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-14 09:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-14 09:53 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-14 09:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-14 09:53 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-14 09:53 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-14 09:53 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-14 09:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-14 09:53 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-14 09:53 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-14 09:53 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-14 09:53 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-14 09:53 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-14 09:53 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-14 09:53 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07 . 2010-10-14 09:53 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01 . 2010-10-27 09:21 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-27 09:21 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-27 09:21 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-27 09:21 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 15:21 . 2010-10-14 09:53 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-18 00:31 . 2010-08-31 11:55 5934416 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B145060-01A1-4392-B343-1952634D1828}\mpengine.dll
2010-08-17 13:32 . 2010-09-15 12:30 126464 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-25 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-18 789008]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

R2 .1235779546;1235779546;c:\program files\1235779546\Jeroen1235779546L.exe [2009-09-19 436104]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 ALSysIO;ALSysIO;c:\users\Jeroen\AppData\Local\Temp\ALSysIO.sys [x]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [x]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [x]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3506124]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-12 717296]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-12 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-12 52872]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-11 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-12-23 243712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://bb.kdg.be/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mSearch Bar = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - www.google.be
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Jeroen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Jeroen\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-formtell70700loadraw.exe - c:\users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0\formtell70700loadraw.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-iso70700ultrabox - c:\users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0\iso70700ultrabox.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
ActiveSetup-{5021F95F-A9D4-F377-FBED-FEF3D75DF9C2} - c:\users\Jeroen\AppData\Roaming\av.exe
AddRemove-TabQuery - c:\program files\TabQuery\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 13:57
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-11-13 14:01:40
ComboFix-quarantined-files.txt 2010-11-13 13:01

Pre-Run: 117.698.961.408 bytes beschikbaar
Post-Run: 119.997.001.728 bytes beschikbaar

- - End Of File - - E6C49AE51022FEA744C890A74A627DE0

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 13 November 2010 - 08:56 AM

Hello, JeroenV.

Thanks for letting me know. That can be normal re: combofix. How is it running now?



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Folder::
c:\users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0
File::
c:\users\Jeroen\AppData\Roaming\812.bat
C:\Users\Jeroen\AppData\Roaming\dxqkew.dat
C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
Driver::
.1235779546
ALSysIO
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Jeroen\AppData\Roaming\av.exe"=-
"C:\Users\Jeroen\AppData\Local\Temp\BS.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 14 November 2010 - 05:01 AM

During the time that combofix ran i got the same error as i got yesterday:

the map or file c:\program files\windows media player\en-us is damaged or unreadable. use the helpprogram chkdsk. (literally translated)

not sure what to do with that warning.


and here is the combofix log.

ComboFix 10-11-12.04 - Jeroen 14/11/2010 10:19:49.2.4 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6001.1.1252.32.1043.18.3066.2007 [GMT 1:00]
Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Mozilla Firefox\plugins\npbyond.dll"
"c:\users\Jeroen\AppData\Roaming\812.bat"
"c:\users\Jeroen\AppData\Roaming\dxqkew.dat"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\npbyond.dll
c:\users\Jeroen\AppData\Roaming\812.bat
c:\users\Jeroen\AppData\Roaming\AAD0F0F7A6633FDDB2BC9530C4F207E0
c:\users\Jeroen\AppData\Roaming\dxqkew.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.1235779546
-------\Service_ALSysIO


(((((((((((((((((((( Bestanden Gemaakt van 2010-10-14 to 2010-11-14 ))))))))))))))))))))))))))))))
.

2010-11-14 09:28 . 2010-11-14 09:28 -------- d-----w- c:\users\Jeroen_2\AppData\Local\temp
2010-11-12 08:22 . 2010-11-12 08:38 -------- d-----w- c:\users\Jeroen\AppData\Roaming\FrostWire
2010-11-12 08:20 . 2010-11-13 12:46 -------- d-----w- c:\program files\FrostWire
2010-11-10 10:26 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:42 . 2009-10-01 08:27 137960 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-09 14:42 . 2009-10-01 08:27 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-18 19:34 . 2009-10-01 08:27 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-09 13:52 . 2000-12-06 11:02 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2010-10-09 13:28 . 2010-10-09 13:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-10-09 13:28 . 2010-10-09 13:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-09-23 08:31 . 2010-09-21 07:44 1680064 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-09-23 08:24 . 2010-09-21 07:44 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-21 07:29 . 2010-09-21 07:29 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-09-20 09:25 . 2010-10-14 10:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-14 09:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-14 09:53 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-14 09:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-14 09:53 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-14 09:53 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-14 09:53 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-14 09:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-14 09:53 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-14 09:53 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-14 09:53 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-14 09:53 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-14 09:53 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-14 09:53 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-14 09:53 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07 . 2010-10-14 09:53 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01 . 2010-10-27 09:21 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-27 09:21 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-27 09:21 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-27 09:21 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 15:21 . 2010-10-14 09:53 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-18 00:31 . 2010-08-31 11:55 5934416 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B145060-01A1-4392-B343-1952634D1828}\mpengine.dll
2010-08-17 13:32 . 2010-09-15 12:30 126464 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-25 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-18 789008]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [x]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [x]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3506124]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-12 717296]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-12 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-12 52872]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-11 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-12-23 243712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://bb.kdg.be/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mSearch Bar = about:blank
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - www.google.be
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\4zevry4z.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Jeroen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Jeroen\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 10:34
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4308)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Voltooingstijd: 2010-11-14 10:39:36 - machine werd herstart
ComboFix-quarantined-files.txt 2010-11-14 09:39

Pre-Run: 119.656.964.096 bytes beschikbaar
Post-Run: 119.142.834.176 bytes beschikbaar

- - End Of File - - 6EB36AE18E906D3AD7698D08AF6C6E88

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 14 November 2010 - 06:48 AM

We'll want to literally do what it says and run chkdsk. Do you have a backup? Occasionally this can hang. Best to back up important files now just in case if you haven't already.

When that's done:
  • Click the Windows button on the taskbar.
  • In the search box type cmd.
  • You will see the cmd icon pop up when it searches. Right-click on cmd and select Run as Administrator
  • At the C:\ prompt, type chkdsk c: /f /r and press Enter.
  • Chkdsk will then run at the next reboot. With > 100Gb in your C: partition, it will take a fair amount of time to run.

Let me know how that goes.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 14 November 2010 - 07:37 AM

do you know how i would reinstall windows on a samsung laptop? just in case, so when chkdsk goes wrong i'd be able to format & reinstall.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 PM

Posted 14 November 2010 - 08:06 AM

Samsungs typically have recovery partitions that will restore it back to factory settings. You can get there through a boot option by pressing a certain key at a specific time. What model is it?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 JeroenV

JeroenV
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 14 November 2010 - 08:31 AM

it's a r710




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users