Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast keeps blocking (but not fixing) a malicious url (markizak.com)


  • Please log in to reply

#1
cl1nt

cl1nt

    New Member

  • Member
  • Pip
  • 3 posts
Hi.

Let me start by saying I kind of neglected scanning for viruses and malware for some time. Today I noticed my keyboard-settings got kind of screwed up (putting out two apostrophes where I typed only one), and someone somewhere on the internet suggested it might be because of a badly coded keylogger. This prompted me to start my virusscanner (AVG Free), which I then noticed didn't work at all. I then replaced AVG with avast!, which did seem to work, after a deep scan it found about 8 infections. In addition to this avast! now keeps telling me it is blocking a malicious URL every 7/8 minutes or so, whenever I'm active at the computer (leading me to believe I do indeed have a keylogger on my laptop). The process to which this url is linked, is reported to be explorer.exe itself (located in C:\Windows\, so it is the real deal). I have tried running Malwarebytes and Temp File Cleaner by Oldtimer. I tried searching the internet for someone experiencing the same problem, but found nothing that may help me.

The object avast! keeps reporting is:
Object: markizak.com/Mcn93n2fs111v8w43hghbv/gate.php

The OTL log is:

OTL logfile created on: 22-5-2011 4:00:40 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Clint\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 2,79 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 37,63 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 153,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 648,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1397,26 Gb Total Space | 1107,81 Gb Free Space | 79,28% Space Free | Partition Type: NTFS

Computer Name: LAPTOP_CLINT | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-04-14 18:57:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-26 22:24:40 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-09-30 17:49:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008-09-30 17:45:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008-09-20 02:19:48 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-12-12 10:50:27 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-09-03 07:29:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007-06-26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007-01-17 01:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2006-11-02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe


========== Modules (SafeList) ==========

MOD - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-09-19 18:46:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-10-28 21:38:35 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007-08-03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-05-18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007-02-06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2002-12-17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002-12-17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-03-16 00:41:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-08-11 05:19:26 | 000,029,752 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007-08-03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-07-31 07:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007-05-14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007-03-06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-03-06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-02-16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-01-24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006-12-14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/entryflash.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-21 17:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-30 23:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-30 23:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-04-30 22:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009-11-13 06:45:28 | 000,000,000 | ---D | M]

[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions
[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-30 13:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions
[2010-07-15 04:32:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-06-28 17:57:54 | 000,001,504 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\imdb.xml
[2009-01-20 21:22:06 | 000,002,111 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\videos-zoeken-op-youtube.xml
[2008-10-18 17:23:25 | 000,001,330 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\wikipedia-en.xml
[2011-04-30 23:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011-05-21 17:19:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-04-14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-03-21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010-01-01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-01-01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-01-01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-01-01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2010-09-19 19:05:59 | 000,001,674 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [asam] File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{8D0BAED8-9297-20E9-C4A6-7044E63DF5A1}] File not found
O4 - HKCU..\Run: [4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI] C:\Recycle.Bin\Recycle.Bin.exe (Iflhsd Wbaxjiol)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [asam] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [sefwypge] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 145.97.192.174
O20 - AppInit_DLLs: (nmklo) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O24 - Desktop BackupWallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003-04-14 11:13:44 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003-04-17 13:37:48 | 000,000,438 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [1997-01-17 20:52:36 | 000,000,362 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f9a0c0c-869d-11dd-bf8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f9a0c0c-869d-11dd-bf8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004-04-08 12:29:20 | 001,039,360 | R--- | M] ()
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\DXInstall\Command - "" = G:\WINDOWS\DIRECTX\DXSETUP.EXE -- [1996-09-13 18:00:16 | 000,037,888 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\EReg\Command - "" = Windows\Ereg\Ereg32.exe
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\Install\Command - "" = G:\WINDOWS\SETUP.EXE -- [1998-10-02 21:04:32 | 000,071,680 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\ReadMe\Command - "" = NotePad.exe ReadMe.txt
O33 - MountPoints2\{1ba5ff03-1709-11df-a75c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba5ff03-1709-11df-a75c-0023541de7fb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{6eb21316-9fba-11dd-8496-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb21316-9fba-11dd-8496-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{c0b5b48a-dd39-11df-9479-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b5b48a-dd39-11df-9479-0023541de7fb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011-05-22 03:59:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 00:17:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-21 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011-05-21 17:20:42 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-21 17:20:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-21 17:20:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-21 17:20:33 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-21 17:20:33 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-21 17:20:31 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-21 17:19:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-05-21 17:19:01 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-21 17:18:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-04-29 01:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Caminova
[2007-01-24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 03:42:43 | 000,087,323 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2011-05-22 03:40:19 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011-05-22 03:39:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 03:39:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 03:39:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-22 01:33:01 | 000,739,564 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011-05-22 01:33:01 | 000,652,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-05-22 01:33:01 | 000,158,518 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011-05-22 01:33:01 | 000,127,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-05-22 01:29:52 | 000,157,696 | ---- | M] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-22 00:17:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-22 00:06:17 | 000,000,945 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-22 00:06:16 | 000,000,921 | ---- | M] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 20:26:51 | 004,746,369 | ---- | M] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-21 17:20:45 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011-05-21 17:20:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-21 17:19:25 | 000,000,000 | ---- | M] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2011-05-15 19:04:04 | 007,171,671 | ---- | M] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-08 17:57:21 | 000,097,146 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:42 | 000,000,877 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-30 23:10:42 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | M] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf

========== Files Created - No Company Name ==========

[2011-05-21 17:30:38 | 000,000,945 | ---- | C] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-21 17:30:38 | 000,000,921 | ---- | C] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 15:15:34 | 004,746,369 | ---- | C] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-15 19:04:04 | 007,171,671 | ---- | C] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-08 17:57:21 | 000,097,146 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:41 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-04-30 23:10:41 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | C] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf
[2010-11-27 00:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2010-08-03 17:49:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010-08-03 17:49:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010-07-15 02:33:03 | 000,000,183 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-03-14 20:13:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-14 20:12:58 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-03-14 20:12:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-03-06 22:27:45 | 000,011,994 | -HS- | C] () -- C:\Users\Clint\AppData\Local\nO4L
[2009-08-08 17:36:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-08-08 17:17:48 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009-08-08 17:15:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009-05-11 20:52:01 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2009-05-11 20:52:01 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-05-11 20:52:01 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009-03-22 16:13:17 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009-03-22 16:13:17 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009-03-22 16:13:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009-03-14 21:50:30 | 000,000,680 | ---- | C] () -- C:\Users\Clint\AppData\Local\d3d9caps.dat
[2009-02-17 18:54:27 | 000,061,952 | ---- | C] () -- C:\Windows\SSEUninstaller.exe
[2009-01-22 01:11:13 | 000,138,512 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-01-22 01:11:05 | 000,201,440 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009-01-22 01:10:59 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008-12-03 16:46:57 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008-12-01 12:42:11 | 000,000,093 | ---- | C] () -- C:\Users\Clint\AppData\Local\fusioncache.dat
[2008-11-12 16:28:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-21 20:02:50 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008-10-21 20:02:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-10-18 18:14:43 | 000,157,696 | ---- | C] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.dat
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2008-10-18 14:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008-09-20 02:25:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008-09-20 02:19:48 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008-09-20 02:19:37 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008-09-20 02:19:35 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008-09-20 02:10:31 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-04-16 13:26:40 | 000,739,564 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008-04-16 13:26:40 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008-04-16 13:26:40 | 000,158,518 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008-04-16 13:26:40 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2008-04-16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007-08-06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007-03-06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 003,748,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,652,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,127,648 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010-11-27 16:55:51 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\AVG10
[2010-07-14 23:52:53 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Awuq
[2009-06-29 06:59:20 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Belastingdienst
[2010-08-17 23:47:19 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010-05-23 21:59:19 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\com.adobe.bridge.PublishPanel
[2008-10-21 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\DAEMON Tools
[2010-03-16 00:52:44 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\DAEMON Tools Lite
[2010-12-29 18:51:34 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Doctor Who
[2011-04-30 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\FileZilla
[2009-02-04 01:55:01 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\fretsonfire
[2009-01-14 18:22:51 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\OpenOffice.org
[2009-05-11 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Orbit
[2010-12-06 23:32:03 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\PDF Writer
[2008-12-01 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Publish Providers
[2009-08-08 17:39:09 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Samsung
[2008-12-01 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Sony
[2010-05-02 17:04:06 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\StageManager
[2010-08-24 11:16:53 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Thunderbird
[2011-05-22 02:23:11 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\uTorrent
[2010-07-04 01:00:44 | 000,000,000 | ---D | M] -- C:\Users\Clint\AppData\Roaming\Ygyp
[2011-05-22 03:37:51 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
This line is active malware:
O4 - HKCU..\Run: [4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI] C:\Recycle.Bin\Recycle.Bin.exe (Iflhsd Wbaxjiol)

Can't tell what it does but you can submit the file:
C:\Recycle.Bin\Recycle.Bin.exe
to http://virustotal.com and see what other anti-viruses say about it.


Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O4 - HKLM..\Run: [asam] File not found
O4 - HKCU..\Run: [{8D0BAED8-9297-20E9-C4A6-7044E63DF5A1}] File not found
O4 - HKCU..\Run: [4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI] C:\Recycle.Bin\Recycle.Bin.exe (Iflhsd Wbaxjiol)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [asam] File not found
O4 - HKCU..\Run: [sefwypge] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (nmklo) - File not found
O33 - MountPoints2\{0f9a0c0c-869d-11dd-bf8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f9a0c0c-869d-11dd-bf8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004-04-08 12:29:20 | 001,039,360 | R--- | M] ()
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\DXInstall\Command - "" = G:\WINDOWS\DIRECTX\DXSETUP.EXE -- [1996-09-13 18:00:16 | 000,037,888 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\EReg\Command - "" = Windows\Ereg\Ereg32.exe
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\Install\Command - "" = G:\WINDOWS\SETUP.EXE -- [1998-10-02 21:04:32 | 000,071,680 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\ReadMe\Command - "" = NotePad.exe ReadMe.txt
O33 - MountPoints2\{1ba5ff03-1709-11df-a75c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba5ff03-1709-11df-a75c-0023541de7fb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{6eb21316-9fba-11dd-8496-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb21316-9fba-11dd-8496-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{c0b5b48a-dd39-11df-9479-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b5b48a-dd39-11df-9479-0023541de7fb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2010-03-06 22:27:45 | 000,011,994 | -HS- | C] () -- C:\Users\Clint\AppData\Local\nO4L

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL (Rightclick and Run As Administrator) again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
Download and Save the AVG removal tool before running Combofix.
http://download.avg....6_2011_1322.exe
Then Rightclick and Run As Administrator

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on Combofix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. Did it find anything?

Ron
  • 0

#3
cl1nt

cl1nt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks alot for your help! I followed all your instructions and all programs ran just fine, my laptop also seems to be fixed now. Here are the logs you asked for:

OTL log:

OTL logfile created on: 22-5-2011 12:31:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Clint\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 3,25 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 37,63 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 153,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 648,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP_CLINT | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-04-14 18:57:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-09-30 17:49:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008-09-30 17:45:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008-09-20 02:19:48 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-12-12 10:50:27 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-09-03 07:29:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007-09-01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007-08-03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007-07-10 19:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007-06-26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007-05-18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007-04-19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-02-06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007-01-18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007-01-17 01:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2006-12-21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006-12-19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006-11-02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-09-19 18:46:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-10-28 21:38:35 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007-08-03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-05-18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007-02-06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2002-12-17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002-12-17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-03-16 00:41:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-08-11 05:19:26 | 000,029,752 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007-08-03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-07-31 07:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007-05-14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007-03-06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-03-06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-02-16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-01-24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006-12-14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.php....php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.php....php?rvs=google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/entryflash.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-21 17:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-30 23:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-30 23:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-04-30 22:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009-11-13 06:45:28 | 000,000,000 | ---D | M]

[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions
[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-30 13:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions
[2010-07-15 04:32:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-06-28 17:57:54 | 000,001,504 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\imdb.xml
[2009-01-20 21:22:06 | 000,002,111 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\videos-zoeken-op-youtube.xml
[2008-10-18 17:23:25 | 000,001,330 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\wikipedia-en.xml
[2011-04-30 23:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011-05-21 17:19:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-04-14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-03-21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010-01-01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-01-01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-01-01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-01-01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2010-09-19 19:05:59 | 000,001,674 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 145.97.192.174
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O24 - Desktop BackupWallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003-04-14 11:13:44 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003-04-17 13:37:48 | 000,000,438 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [1997-01-17 20:52:36 | 000,000,362 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\DXInstall\Command - "" = G:\WINDOWS\DIRECTX\DXSETUP.EXE -- [1996-09-13 18:00:16 | 000,037,888 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\EReg\Command - "" = Windows\Ereg\Ereg32.exe
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\Install\Command - "" = G:\WINDOWS\SETUP.EXE -- [1998-10-02 21:04:32 | 000,071,680 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\ReadMe\Command - "" = NotePad.exe ReadMe.txt
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-05-22 12:19:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-05-22 03:59:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 00:17:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-21 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011-05-21 17:20:42 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-21 17:20:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-21 17:20:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-21 17:20:33 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-21 17:20:33 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-21 17:20:31 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-21 17:19:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-05-21 17:19:01 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-21 17:18:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-04-29 01:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Caminova
[2011-04-26 22:03:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011-04-26 22:03:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2007-01-24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011-05-22 12:28:31 | 000,087,323 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2011-05-22 12:27:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011-05-22 12:23:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 12:23:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 12:23:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 01:33:01 | 000,739,564 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011-05-22 01:33:01 | 000,652,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-05-22 01:33:01 | 000,158,518 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011-05-22 01:33:01 | 000,127,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-05-22 01:29:52 | 000,157,696 | ---- | M] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-22 00:17:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-22 00:06:17 | 000,000,945 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-22 00:06:16 | 000,000,921 | ---- | M] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 20:26:51 | 004,746,369 | ---- | M] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-21 17:20:45 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011-05-21 17:20:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-21 17:19:25 | 000,000,000 | ---- | M] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2011-05-15 19:04:04 | 007,171,671 | ---- | M] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-08 17:57:21 | 000,097,146 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:42 | 000,000,877 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-30 23:10:42 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | M] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf

========== Files Created - No Company Name ==========

[2011-05-21 17:30:38 | 000,000,945 | ---- | C] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-21 17:30:38 | 000,000,921 | ---- | C] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 15:15:34 | 004,746,369 | ---- | C] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-15 19:04:04 | 007,171,671 | ---- | C] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-08 17:57:21 | 000,097,146 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:41 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-04-30 23:10:41 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | C] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf
[2010-11-27 00:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2010-08-03 17:49:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010-08-03 17:49:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010-07-15 02:33:03 | 000,000,183 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-03-14 20:13:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-14 20:12:58 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-03-14 20:12:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-08-08 17:36:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-08-08 17:17:48 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009-08-08 17:15:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009-05-11 20:52:01 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2009-05-11 20:52:01 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-05-11 20:52:01 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009-03-22 16:13:17 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009-03-22 16:13:17 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009-03-22 16:13:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009-03-14 21:50:30 | 000,000,680 | ---- | C] () -- C:\Users\Clint\AppData\Local\d3d9caps.dat
[2009-02-17 18:54:27 | 000,061,952 | ---- | C] () -- C:\Windows\SSEUninstaller.exe
[2009-01-22 01:11:13 | 000,138,512 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-01-22 01:11:05 | 000,201,440 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009-01-22 01:10:59 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008-12-03 16:46:57 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008-12-01 12:42:11 | 000,000,093 | ---- | C] () -- C:\Users\Clint\AppData\Local\fusioncache.dat
[2008-11-12 16:28:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-21 20:02:50 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008-10-21 20:02:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-10-18 18:14:43 | 000,157,696 | ---- | C] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.dat
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2008-10-18 14:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008-09-20 02:25:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008-09-20 02:19:48 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008-09-20 02:19:37 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008-09-20 02:19:35 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008-09-20 02:10:31 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-04-16 13:26:40 | 000,739,564 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008-04-16 13:26:40 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008-04-16 13:26:40 | 000,158,518 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008-04-16 13:26:40 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2008-04-16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007-08-06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007-03-06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 003,748,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,652,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,127,648 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

OTL Extras log:

OTL Extras logfile created on: 22-5-2011 12:31:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Clint\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 3,25 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 37,63 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 153,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 648,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP_CLINT | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\sysservice.exe" = C:\Windows\system32\sysservice.exe:*:Enabled:DNS client


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03550986-BB2A-4EA0-8401-E4CAEE4B675E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0524A412-CB74-4BE7-BA50-D48FF03CB0F8}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{1C2DDBB9-05D9-46EB-9CD6-A38EABBD3DBD}" = rport=139 | protocol=6 | dir=out | app=system |
"{26AF7982-8992-47C4-9641-3AB9CD3E8242}" = lport=138 | protocol=17 | dir=in | app=system |
"{27C36912-564A-40BA-B833-782EE7FA291E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{34E3D622-DC91-4DB9-90D3-81D7DD0CCBF4}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{683F4085-03BA-4BB4-90A2-55C2E1F29024}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FF07B6E-FF75-47AE-84C9-A37B95D3FB39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C05A0F5C-91F1-4BF8-87EA-4ED4EEF0AD32}" = lport=445 | protocol=6 | dir=in | app=system |
"{C44BDE9E-D3F5-46AA-92EE-C6F74644BF24}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C8977CE2-5925-45B4-A633-B036B3676592}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CE669F14-F98B-45BF-B561-22CE2E5BB9ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E7203A3B-CECE-46F8-BFB8-16DE364C5EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{EABB8C26-E20D-4865-9FDF-F8797AEA8F14}" = lport=139 | protocol=6 | dir=in | app=system |
"{EDB0A78C-B301-48F9-9287-CC79A44016D7}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F34186B5-35B6-4154-9251-C7C7572DA234}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7CFE0F7-32BD-4FF9-B0AD-320D7B4D468C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC190160-297D-40BE-9776-2B6DAC90CE4C}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E3B68-53E0-485C-AF10-52E0915CF477}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{15659E20-71F3-4663-AFA3-25F1A6653380}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1B3957AC-598E-4C39-9140-79A20368B886}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FA0D09A-270A-4012-816B-E27D131FCBAD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2C05B0B2-448C-477B-92F6-AA06EB0E3790}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F7054A8-B571-44A4-878A-B447FE8CCAA7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{36C9229F-2229-4038-91EF-8850DBAB714A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3C4DC441-C99B-439F-BE42-367DFBE9F236}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{41C55FF4-FC2B-4A26-82A8-06E4122037E9}" = protocol=6 | dir=in | app=c:\users\clint\appdata\local\asam.exe |
"{4A2DC845-D768-46FE-9519-F280098B1D4A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5487752C-4FD4-4C67-97BD-5B651D1E1403}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{5F355BF0-0933-4D77-ACB6-B1307DFCADB3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5F7EE90E-A673-47C5-994A-C902CC0CAADA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{636CF605-9ABE-43C3-BC96-2990AEF4A571}" = protocol=17 | dir=in | app=c:\users\clint\documents\vixy.net\vixy.exe |
"{6629E95A-ED02-469F-90DD-1D964101D78D}" = protocol=6 | dir=in | app=c:\users\clint\documents\vixy.net\vixy.exe |
"{6675BF05-4538-43DD-AC96-0BF03A7D3374}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6844A6A8-1F0E-42A6-9EF4-D6D557FBC735}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{74656566-A754-40C1-A4D0-7A0A33578B45}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7C94638E-75BD-4FC5-81B3-E51388457083}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{800EEEF9-A5BD-461C-9DF4-95A02844C136}" = protocol=17 | dir=in | app=c:\users\clint\appdata\local\asam.exe |
"{8BECFAFE-75A5-46B1-A509-1D1302DFDA4E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{8D7F5E85-A3EF-4179-8E2E-4C9D6F19C7E3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8F917AD5-A9C8-47F2-BCA8-F9E40D5932E0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{AFA4E4C8-6963-4C3E-9110-E294B05D5A9B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BD53F9AD-8469-46C2-ABF4-68A6B4CDF1B4}" = protocol=6 | dir=in | app=c:\windows\system32\sysservice.exe |
"{C2DD2BAC-F632-439F-89B0-DE48E7DBFDF7}" = protocol=58 | dir=out | [email protected],-28546 |
"{CC3F2ACF-93C9-4D48-A7EF-9813B36D1A7B}" = protocol=1 | dir=in | [email protected],-28543 |
"{D796CB59-6937-4AA3-881D-58A08311E1FF}" = protocol=17 | dir=in | app=c:\windows\system32\sysservice.exe |
"{DC9EDD98-2070-4DA0-86F5-7FC127341D0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E8F1AA20-4EB2-4015-AF68-CD60EECCE38E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EB558756-2DCB-4216-B32D-401999BBF79E}" = protocol=58 | dir=in | [email protected],-28545 |
"{F0099E6E-C473-4261-8DC4-6253A4F73EF1}" = protocol=1 | dir=out | [email protected],-28544 |
"{F57128EA-19F9-4255-AB02-6B74830F1D42}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FA4B32A7-38CD-46ED-9878-F5489F38B248}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FB4B3579-2ACC-4985-877B-A414849476E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FBA25EB7-7339-4CCF-B2CF-D3040FACA553}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{0BE84227-0F63-4422-A56F-A630953DB9A4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0F9114E8-7032-42E6-89DD-E6DAE347F55F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4DDF5966-F7C6-42E0-B97C-9A5FCAB7F8AE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{571A69C9-7C70-4358-B7EF-A0A9B9E09369}C:\windows\system\smsc.exe" = protocol=6 | dir=in | app=c:\windows\system\smsc.exe |
"TCP Query User{5883735A-E601-4FD7-A957-58CBEF4FF5DE}C:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe |
"TCP Query User{87BE6355-1EB6-453D-959E-3584C4BDE2F1}C:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe |
"TCP Query User{8C5F915B-F9FB-4374-8C9A-77F21E0C5770}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A9D7D225-2EF1-456B-94A1-7BA0EEFBCE35}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{C0954CE6-DD3F-4127-A8CA-1B04CD0112B0}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"TCP Query User{D57DD6B7-C371-4A70-88EA-53685C446F06}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{E10B3088-CB92-4A0C-902E-F75F7D58EE20}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F8D2D33A-5DB6-4A33-AD53-FF8A46E5A4B5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FD19A38C-5EE1-47E0-A84F-35564CFB2A78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FDA293BD-739F-4FA4-BB24-EE7E1A83F5F0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1A8BB06C-B06D-4856-B71B-C664A2A152E2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2A19340D-8A88-4CFF-B812-B51E1CB76152}C:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe |
"UDP Query User{35297A79-9C3F-4DD7-9A06-2CFD5FA6F451}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{42384852-2602-46A4-8DD9-552BF90DC5DC}C:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe |
"UDP Query User{4CACFF36-E70B-4A84-B3EF-86F54F7EFBA1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{52F05E39-0F4E-424E-B51A-68FEAF90096A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{54F0A0C3-21A2-4782-8FED-12FAAE9B0234}C:\windows\system\smsc.exe" = protocol=17 | dir=in | app=c:\windows\system\smsc.exe |
"UDP Query User{7FB6106E-AA1B-412F-B5A7-74C5C7B54196}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8868DCDE-3BF3-4EF2-86E2-9A1D78BF712B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{88BEA8EF-41AF-419B-A82D-74FE0DBC61FC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8BE994AA-49C3-44C4-A74C-DA10B92BA632}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{AC47C98A-7930-4D08-A55D-D3C7814ECA58}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{AD5B563E-FEE9-4157-861D-9D0C23E673A3}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"UDP Query User{B2986937-D963-4C6F-82C7-C58F75957B37}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{12259703-CC6E-4690-A62E-995C281C4A56}" = Woordenboek Latijn-Nederlands
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}" = Sony Vegas 6.0
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8BF6957D-9288-41A3-88B6-D5902FBC51EF}" = Uru - To D'ni Expansion Pack
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1477E-810A-4185-BD9E-1A803498EFB3}" = OpenOffice.org 3.0
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}" = Sony Media Manager 2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast" = avast! Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drum Tab Printer" = Drum Tab Printer
"DVDGenie" = DVD Genie (remove only)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.1.3.1
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"GameOfLife" = Game of Life
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009
"iFinger 2.0" = iFinger 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Na klar! Leerlingen-cd-rom 5 vwo" = Na klar! Leerlingen-cd-rom 5 vwo
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"Orb" = Winamp Remote
"PROHYBRIDR" = 2007 Microsoft Office system
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Last Express" = The Last Express
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = ÁTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1-5-2011 8:27:43 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 2-5-2011 4:32:37 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 4-5-2011 4:24:56 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 6-5-2011 6:27:52 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 7-5-2011 6:33:06 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 8-5-2011 7:11:11 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 9-5-2011 11:19:21 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 10-5-2011 4:21:34 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 11-5-2011 18:31:29 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

Error - 13-5-2011 5:57:52 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21-5-2011 21:43:51 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 21-5-2011 22:09:42 | Computer Name = Laptop_Clint | Source = Dhcp | ID = 1001
Description = Deze computer heeft geen adres toegewezen gekregen van het netwerk
(door de DHCP-server) voor de netwerkkaart met netwerkadres 0022432768AC. De volgende
fout is opgetreden: %%1223. De computer zal doorgaan om zelf een adres van de server
met netwerkadressen (DHCP-server) proberen te verkrijgen.

Error - 21-5-2011 22:31:10 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7034
Description =

Error - 22-5-2011 0:37:41 | Computer Name = Laptop_Clint | Source = HTTP | ID = 15016
Description =

Error - 22-5-2011 0:38:24 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7000
Description =

Error - 22-5-2011 0:40:24 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 22-5-2011 6:19:42 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7034
Description =

Error - 22-5-2011 6:23:44 | Computer Name = Laptop_Clint | Source = HTTP | ID = 15016
Description =

Error - 22-5-2011 6:24:17 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7000
Description =

Error - 22-5-2011 6:24:37 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

Malwarebytes' log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6639

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22-5-2011 14:43:56
mbam-log-2011-05-22 (14-43-56).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 362771
Verstreken tijd: 1 uur/uren, 51 minuut/minuten, 34 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 2
Registerwaarden ge´nfecteerd: 1
Registerdata ge´nfecteerd: 1
Mappen ge´nfecteerd: 3
Bestanden ge´nfecteerd: 19

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Clint\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\uninstall.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05222011_121940\c_recycle.bin\recycle.bin.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\Desktop\armanager.lnk (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\files (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Combofix-log (this one seems to be in dutch, my native language, if you need a translation, I will provide one):

ComboFix 11-05-21.03 - Clint 22-05-2011 14:58:14.1.2 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6001.1.1252.31.1043.18.2943.1794 [GMT 2:00]
Gestart vanuit: c:\users\Clint\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk
c:\windows\system32\8cb6910.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))
.
.
2011-05-22 13:12 . 2011-05-22 13:19 -------- d-----w- c:\users\Clint\AppData\Local\temp
2011-05-22 13:12 . 2011-05-22 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 10:47 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 10:47 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 10:19 . 2011-05-22 10:19 -------- d-----w- C:\_OTL
2011-05-21 15:55 . 2011-05-18 10:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F48247E-AE52-4F5E-9237-2F05A4C94314}\mpengine.dll
2011-05-21 15:20 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 15:20 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 15:20 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 15:20 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 15:20 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 15:20 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 15:19 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 15:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 15:17 . 2011-05-21 15:17 -------- d-----w- c:\programdata\AVAST Software
2011-05-21 15:17 . 2011-05-21 15:17 -------- d-----w- c:\program files\AVAST Software
2011-05-11 22:43 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 21:10 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-30 21:10 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-30 21:10 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-30 21:10 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-30 21:10 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-30 21:10 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-30 21:10 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 21:10 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-28 23:45 . 2011-03-21 06:22 1680272 ----a-w- c:\program files\Mozilla Firefox\plugins\npdjvu.dll
2011-04-28 23:45 . 2011-04-28 23:45 -------- d-----w- c:\program files\Caminova
2011-04-26 20:03 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 20:03 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 12:48 . 2008-09-20 00:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-03-10 16:12 . 2011-04-13 22:19 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-13 22:19 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-13 22:19 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-26 20:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-26 20:03 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-26 20:03 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-26 20:03 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-13 22:19 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-13 22:19 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-13 22:20 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-13 22:20 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-13 22:19 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-13 22:19 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:57 . 2011-04-30 21:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-12 4710400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-20 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-20 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.asus.com/entryflash.htm
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Bestandsassociaties -------
.
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKU-Default-Run-4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI - c:\recycle.bin\Recycle.Bin.exe
AddRemove-DVDGenie - c:\program files\DVD Genie\uninst-dvdgenie.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 15:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
c:\users\Clint\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
.
Scan succesvol afgerond
verborgen bestanden: 2
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(2452)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2011-05-22 15:31:24 - machine werd herstart
ComboFix-quarantined-files.txt 2011-05-22 13:31
.
Pre-Run: 3.311.173.632 bytes beschikbaar
Post-Run: 2.705.727.488 bytes beschikbaar
.
- - End Of File - - C708E5C141C94294B8D71ECB5A7E151C


TDSSKiller log:

2011/05/22 15:38:56.0908 5988 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 15:38:56.0990 5988 ================================================================================
2011/05/22 15:38:56.0990 5988 SystemInfo:
2011/05/22 15:38:56.0990 5988
2011/05/22 15:38:56.0990 5988 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/22 15:38:56.0990 5988 Product type: Workstation
2011/05/22 15:38:56.0990 5988 ComputerName: LAPTOP_CLINT
2011/05/22 15:38:56.0992 5988 UserName: Clint
2011/05/22 15:38:56.0992 5988 Windows directory: C:\Windows
2011/05/22 15:38:56.0992 5988 System windows directory: C:\Windows
2011/05/22 15:38:56.0992 5988 Processor architecture: Intel x86
2011/05/22 15:38:56.0992 5988 Number of processors: 2
2011/05/22 15:38:56.0992 5988 Page size: 0x1000
2011/05/22 15:38:56.0992 5988 Boot type: Normal boot
2011/05/22 15:38:56.0992 5988 ================================================================================
2011/05/22 15:38:57.0575 5988 Initialize success
2011/05/22 15:39:10.0779 6080 ================================================================================
2011/05/22 15:39:10.0779 6080 Scan started
2011/05/22 15:39:10.0779 6080 Mode: Manual;
2011/05/22 15:39:10.0779 6080 ================================================================================
2011/05/22 15:39:11.0812 6080 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/22 15:39:12.0373 6080 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/22 15:39:12.0550 6080 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/22 15:39:12.0620 6080 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/22 15:39:12.0712 6080 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/22 15:39:13.0064 6080 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/22 15:39:13.0368 6080 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/22 15:39:13.0492 6080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/22 15:39:13.0685 6080 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/22 15:39:13.0937 6080 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/22 15:39:14.0195 6080 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/22 15:39:14.0424 6080 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/22 15:39:14.0671 6080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/22 15:39:15.0018 6080 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/22 15:39:15.0314 6080 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/22 15:39:15.0839 6080 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/05/22 15:39:15.0973 6080 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/05/22 15:39:16.0303 6080 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/22 15:39:16.0468 6080 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/22 15:39:16.0587 6080 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/22 15:39:16.0755 6080 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/22 15:39:17.0015 6080 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/22 15:39:17.0264 6080 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/22 15:39:17.0552 6080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 15:39:17.0635 6080 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/22 15:39:17.0935 6080 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
2011/05/22 15:39:18.0304 6080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/22 15:39:18.0531 6080 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/22 15:39:18.0656 6080 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 15:39:18.0720 6080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/22 15:39:18.0799 6080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/22 15:39:18.0893 6080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/22 15:39:18.0982 6080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/22 15:39:19.0024 6080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/22 15:39:19.0104 6080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/22 15:39:19.0184 6080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/22 15:39:19.0337 6080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 15:39:19.0403 6080 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/22 15:39:19.0453 6080 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/22 15:39:19.0534 6080 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/22 15:39:19.0651 6080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/22 15:39:19.0685 6080 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/22 15:39:19.0723 6080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/22 15:39:19.0781 6080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/22 15:39:19.0824 6080 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/22 15:39:20.0060 6080 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 15:39:20.0417 6080 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/22 15:39:20.0916 6080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 15:39:21.0389 6080 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 15:39:21.0552 6080 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/22 15:39:21.0643 6080 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/22 15:39:21.0948 6080 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/22 15:39:22.0274 6080 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/22 15:39:22.0445 6080 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/22 15:39:22.0488 6080 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 15:39:22.0532 6080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 15:39:22.0586 6080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 15:39:22.0620 6080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 15:39:22.0760 6080 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 15:39:22.0801 6080 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 15:39:22.0902 6080 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 15:39:22.0989 6080 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/22 15:39:23.0156 6080 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/22 15:39:23.0481 6080 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 15:39:23.0576 6080 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/22 15:39:23.0637 6080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/22 15:39:23.0694 6080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/22 15:39:23.0733 6080 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/22 15:39:24.0016 6080 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/22 15:39:24.0372 6080 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 15:39:24.0653 6080 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/22 15:39:24.0928 6080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/22 15:39:25.0095 6080 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/22 15:39:25.0462 6080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/22 15:39:26.0071 6080 IntcAzAudAddService (dfe2efd0d7f301214db3d999512783a7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/22 15:39:26.0505 6080 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/22 15:39:26.0547 6080 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 15:39:26.0595 6080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 15:39:26.0830 6080 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/22 15:39:27.0097 6080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/22 15:39:27.0284 6080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/22 15:39:27.0603 6080 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/22 15:39:27.0956 6080 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/22 15:39:28.0201 6080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/22 15:39:28.0259 6080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/22 15:39:28.0316 6080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/22 15:39:28.0377 6080 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/22 15:39:28.0433 6080 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/22 15:39:28.0660 6080 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 15:39:28.0929 6080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 15:39:29.0021 6080 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/22 15:39:29.0065 6080 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/22 15:39:29.0108 6080 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/22 15:39:29.0153 6080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/22 15:39:29.0370 6080 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/22 15:39:29.0536 6080 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/22 15:39:29.0645 6080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/22 15:39:29.0766 6080 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/22 15:39:29.0886 6080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 15:39:30.0089 6080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/22 15:39:30.0357 6080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 15:39:30.0495 6080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 15:39:30.0555 6080 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/22 15:39:30.0954 6080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 15:39:31.0153 6080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/22 15:39:31.0296 6080 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 15:39:31.0586 6080 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 15:39:31.0799 6080 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 15:39:31.0855 6080 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 15:39:32.0038 6080 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/22 15:39:32.0089 6080 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/22 15:39:32.0332 6080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 15:39:32.0464 6080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/22 15:39:32.0533 6080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 15:39:32.0595 6080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 15:39:32.0680 6080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 15:39:32.0722 6080 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 15:39:32.0797 6080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/22 15:39:33.0072 6080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 15:39:33.0304 6080 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/05/22 15:39:33.0465 6080 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/22 15:39:33.0583 6080 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 15:39:33.0681 6080 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/05/22 15:39:34.0056 6080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 15:39:34.0277 6080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 15:39:34.0338 6080 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 15:39:34.0375 6080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 15:39:34.0430 6080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 15:39:34.0498 6080 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 15:39:34.0629 6080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/22 15:39:34.0691 6080 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 15:39:34.0777 6080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 15:39:34.0905 6080 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 15:39:35.0009 6080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/22 15:39:35.0078 6080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/22 15:39:35.0275 6080 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/22 15:39:36.0888 6080 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/22 15:39:37.0328 6080 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 15:39:37.0362 6080 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/22 15:39:37.0542 6080 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 15:39:37.0599 6080 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/22 15:39:37.0726 6080 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/22 15:39:38.0040 6080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/22 15:39:38.0183 6080 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 15:39:38.0281 6080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/22 15:39:38.0538 6080 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/22 15:39:38.0744 6080 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/22 15:39:38.0849 6080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/22 15:39:39.0074 6080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/22 15:39:39.0323 6080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 15:39:39.0358 6080 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/22 15:39:39.0623 6080 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 15:39:39.0711 6080 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/22 15:39:39.0828 6080 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/22 15:39:39.0896 6080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/22 15:39:39.0958 6080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 15:39:40.0007 6080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 15:39:40.0204 6080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 15:39:40.0464 6080 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 15:39:40.0958 6080 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 15:39:41.0144 6080 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 15:39:41.0189 6080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 15:39:41.0289 6080 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/22 15:39:41.0588 6080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 15:39:41.0980 6080 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 15:39:42.0353 6080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 15:39:42.0480 6080 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/22 15:39:42.0645 6080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/22 15:39:42.0871 6080 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/22 15:39:42.0927 6080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/22 15:39:42.0997 6080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/22 15:39:43.0055 6080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/22 15:39:43.0091 6080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/22 15:39:43.0303 6080 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/22 15:39:43.0514 6080 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/22 15:39:43.0570 6080 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/22 15:39:43.0612 6080 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/22 15:39:43.0681 6080 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/22 15:39:43.0752 6080 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/22 15:39:43.0805 6080 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/22 15:39:43.0993 6080 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 15:39:44.0379 6080 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/22 15:39:45.0048 6080 SNP2UVC (e7230cdcc9e7b7559147cf7bc24a1d1d) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/22 15:39:45.0508 6080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/22 15:39:46.0139 6080 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/22 15:39:46.0139 6080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/22 15:39:46.0172 6080 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 15:39:46.0436 6080 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 15:39:46.0745 6080 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 15:39:46.0868 6080 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 15:39:46.0950 6080 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/05/22 15:39:46.0994 6080 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/05/22 15:39:47.0271 6080 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/05/22 15:39:47.0471 6080 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/05/22 15:39:47.0570 6080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/22 15:39:47.0670 6080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/22 15:39:47.0733 6080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/22 15:39:47.0985 6080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/22 15:39:48.0295 6080 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/22 15:39:48.0646 6080 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 15:39:49.0056 6080 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 15:39:49.0406 6080 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 15:39:49.0685 6080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 15:39:50.0079 6080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 15:39:50.0481 6080 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 15:39:50.0988 6080 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/22 15:39:51.0350 6080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 15:39:51.0467 6080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/22 15:39:51.0702 6080 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 15:39:51.0779 6080 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/22 15:39:51.0854 6080 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 15:39:52.0237 6080 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/22 15:39:52.0454 6080 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/22 15:39:52.0506 6080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/22 15:39:52.0584 6080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/22 15:39:52.0666 6080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/22 15:39:52.0776 6080 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/22 15:39:52.0865 6080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/22 15:39:53.0049 6080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/22 15:39:53.0392 6080 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/22 15:39:53.0500 6080 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/22 15:39:53.0635 6080 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/22 15:39:53.0832 6080 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/22 15:39:54.0146 6080 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/22 15:39:54.0387 6080 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/22 15:39:54.0677 6080 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/22 15:39:54.0740 6080 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 15:39:54.0803 6080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/22 15:39:54.0843 6080 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/22 15:39:55.0219 6080 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/22 15:39:55.0496 6080 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/22 15:39:56.0060 6080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/22 15:39:56.0454 6080 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 15:39:56.0711 6080 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/22 15:39:57.0076 6080 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/22 15:39:57.0451 6080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/22 15:39:57.0679 6080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 15:39:57.0744 6080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 15:39:58.0260 6080 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/22 15:39:58.0553 6080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 15:39:59.0054 6080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/22 15:39:59.0271 6080 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/22 15:39:59.0439 6080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 15:39:59.0678 6080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 15:39:59.0865 6080 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/22 15:40:00.0020 6080 ================================================================================
2011/05/22 15:40:00.0020 6080 Scan finished
2011/05/22 15:40:00.0020 6080 ================================================================================
2011/05/22 15:40:00.0041 6072 Detected object count: 1
2011/05/22 15:40:32.0955 6072 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/22 15:40:32.0999 6072 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/22 15:40:33.0020 6072 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/05/22 15:40:33.0020 6072 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/22 15:40:52.0885 5928 Deinitialize success


aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 15:46:33
-----------------------------
15:46:33.511 OS Version: Windows 6.0.6001 Service Pack 1
15:46:33.511 Number of processors: 2 586 0x6802
15:46:33.514 ComputerName: LAPTOP_CLINT UserName: Clint
15:46:40.812 Initialize success
15:47:05.142 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:47:05.147 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
15:47:07.189 Disk 0 MBR read successfully
15:47:07.192 Disk 0 MBR scan
15:47:07.196 Disk 0 unknown MBR code
15:47:09.211 Disk 0 scanning sectors +488392065
15:47:09.279 Disk 0 scanning C:\Windows\system32\drivers
15:47:15.769 Service scanning
15:47:17.668 Disk 0 trace - called modules:
15:47:17.699 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
15:47:17.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b9e410]
15:47:17.709 3 CLASSPNP.SYS[8a5a6745] -> nt!IofCallDriver -> [0x854289c8]
15:47:17.714 5 acpi.sys[8072a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84abd030]
15:47:17.720 Scan finished successfully
15:47:58.476 Disk 0 MBR has been saved successfully to "C:\Users\Clint\Documents\malwarelogs\MBR.dat"
15:47:58.486 The log file has been saved successfully to "C:\Users\Clint\Documents\malwarelogs\aswMBR.txt"

Also, the scanlog of the boot-time scan revealed no virussen, malware, etc.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
Your logs look clean. I think we just need to clean up a little:

We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"\users\Clint\Downloads\ComboFix.exe" /Uninstall

Start, (All) Programs, Accessories, right click on Command Prompt and select Run As Administrator (Continue) then right click, Paste (or Edit, Paste) then hit Enter.

To hide hidden files again:
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

OTL has a cleanup option you can use. Remember to right click on it and Run As Administrator.

You do not have the latest Java (JavaÖ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
JavaÖ 6 Update 16 which may be new enough that it will be removed automatically.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#5
cl1nt

cl1nt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks again for your help!

I followed your instructions except for the router-issue. Since I have 14 flatmates with which I share the router, I'll first have to bring this up with them. But I'll be sure to do this right away.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP