Thanks alot for your help! I followed all your instructions and all programs ran just fine, my laptop also seems to be fixed now. Here are the logs you asked for:
OTL log:
OTL logfile created on: 22-5-2011 12:31:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Clint\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 3,25 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 37,63 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 153,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 648,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LAPTOP_CLINT | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-04-14 18:57:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-09-30 17:49:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008-09-30 17:45:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008-09-20 02:19:48 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-12-12 10:50:27 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-09-03 07:29:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007-09-01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007-08-03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007-07-10 19:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007-06-26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007-05-18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007-04-19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-02-06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007-01-18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007-01-17 01:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2006-12-21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006-12-19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006-11-02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
========== Modules (SafeList) ========== MOD - [2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-09-19 18:46:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-10-28 21:38:35 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007-08-03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-05-18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007-02-06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2002-12-17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002-12-17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ========== DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-03-16 00:41:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-08-11 05:19:26 | 000,029,752 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007-08-03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-07-31 07:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007-05-14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007-03-06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-03-06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-02-16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-01-24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006-12-14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.asus.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://downloads.php....php?rvs=googleIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://downloads.php....php?rvs=google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.asus.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.asus.com/entryflash.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.google.nl/"FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-21 17:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-30 23:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-30 23:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-04-30 22:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009-11-13 06:45:28 | 000,000,000 | ---D | M]
[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions
[2010-08-24 11:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-30 13:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions
[2010-07-15 04:32:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Clint\AppData\Roaming\mozilla\Firefox\Profiles\yitub4n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-06-28 17:57:54 | 000,001,504 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\imdb.xml
[2009-01-20 21:22:06 | 000,002,111 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\videos-zoeken-op-youtube.xml
[2008-10-18 17:23:25 | 000,001,330 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\searchplugins\wikipedia-en.xml
[2011-04-30 23:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011-05-21 17:19:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-04-14 18:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-03-21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010-01-01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-01-01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-01-01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-01-01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2010-09-19 19:05:59 | 000,001,674 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 145.97.192.174
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O24 - Desktop BackupWallPaper: C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003-04-14 11:13:44 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003-04-17 13:37:48 | 000,000,438 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [1997-01-17 20:52:36 | 000,000,362 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell - "" = AutoRun
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2000-03-06 14:34:26 | 000,578,048 | R--- | M] (Broderbund Software)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\DXInstall\Command - "" = G:\WINDOWS\DIRECTX\DXSETUP.EXE -- [1996-09-13 18:00:16 | 000,037,888 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\EReg\Command - "" = Windows\Ereg\Ereg32.exe
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\Install\Command - "" = G:\WINDOWS\SETUP.EXE -- [1998-10-02 21:04:32 | 000,071,680 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{192ee52d-3084-11df-862c-0023541de7fb}\Shell\ReadMe\Command - "" = NotePad.exe ReadMe.txt
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011-05-22 12:19:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-05-22 03:59:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 00:17:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-21 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011-05-21 17:20:42 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-21 17:20:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-21 17:20:34 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-21 17:20:33 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-21 17:20:33 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-21 17:20:31 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-21 17:19:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-05-21 17:19:01 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-21 17:18:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011-05-21 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-04-29 01:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Caminova
[2011-04-26 22:03:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011-04-26 22:03:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2007-01-24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ========== [2011-05-22 12:28:31 | 000,087,323 | ---- | M] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2011-05-22 12:27:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011-05-22 12:23:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 12:23:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-22 12:23:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-22 03:59:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\OTL.exe
[2011-05-22 01:33:01 | 000,739,564 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011-05-22 01:33:01 | 000,652,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-05-22 01:33:01 | 000,158,518 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011-05-22 01:33:01 | 000,127,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-05-22 01:29:52 | 000,157,696 | ---- | M] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-22 00:17:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Clint\Desktop\TFC.exe
[2011-05-22 00:06:17 | 000,000,945 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-22 00:06:16 | 000,000,921 | ---- | M] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 20:26:51 | 004,746,369 | ---- | M] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-21 17:20:45 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011-05-21 17:20:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-21 17:19:25 | 000,000,000 | ---- | M] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2011-05-15 19:04:04 | 007,171,671 | ---- | M] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-05-08 17:57:21 | 000,097,146 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | M] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:42 | 000,000,877 | ---- | M] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-30 23:10:42 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | M] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf
========== Files Created - No Company Name ========== [2011-05-21 17:30:38 | 000,000,945 | ---- | C] () -- C:\Users\Clint\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-05-21 17:30:38 | 000,000,921 | ---- | C] () -- C:\Users\Clint\Desktop\Windows Media Player.lnk
[2011-05-21 15:15:34 | 004,746,369 | ---- | C] () -- C:\Users\Clint\Documents\Fraser, What is critical.pdf
[2011-05-15 19:04:04 | 007,171,671 | ---- | C] () -- C:\Users\Clint\Documents\Habermas, public sphere chapter V.pdf
[2011-05-08 17:57:21 | 000,097,146 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.jpg
[2011-05-08 17:57:02 | 000,097,485 | ---- | C] () -- C:\Users\Clint\Documents\Hegel.sized.jpg
[2011-04-30 23:10:41 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-04-30 23:10:41 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-04-29 02:05:06 | 016,010,731 | ---- | C] () -- C:\Users\Clint\Documents\The structural transformation of the public sphere.pdf
[2010-11-27 00:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Clint\AppData\Local\prvlcl.dat
[2010-08-03 17:49:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010-08-03 17:49:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010-07-15 02:33:03 | 000,000,183 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-03-14 20:13:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-14 20:12:58 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-03-14 20:12:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-08-08 17:36:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-08-08 17:17:48 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009-08-08 17:15:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009-05-11 20:52:01 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2009-05-11 20:52:01 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-05-11 20:52:01 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009-03-22 16:13:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009-03-22 16:13:17 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009-03-22 16:13:17 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009-03-22 16:13:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009-03-14 21:50:30 | 000,000,680 | ---- | C] () -- C:\Users\Clint\AppData\Local\d3d9caps.dat
[2009-02-17 18:54:27 | 000,061,952 | ---- | C] () -- C:\Windows\SSEUninstaller.exe
[2009-01-22 01:11:13 | 000,138,512 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-01-22 01:11:05 | 000,201,440 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009-01-22 01:10:59 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008-12-03 16:46:57 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008-12-01 12:42:11 | 000,000,093 | ---- | C] () -- C:\Users\Clint\AppData\Local\fusioncache.dat
[2008-11-12 16:28:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-21 20:02:50 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008-10-21 20:02:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-10-18 18:14:43 | 000,157,696 | ---- | C] () -- C:\Users\Clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.dat
[2008-10-18 15:55:30 | 000,087,323 | ---- | C] () -- C:\Users\Clint\AppData\Roaming\nvModes.001
[2008-10-18 14:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008-09-20 02:25:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008-09-20 02:19:48 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008-09-20 02:19:37 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008-09-20 02:19:35 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008-09-20 02:10:31 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-04-16 13:26:40 | 000,739,564 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008-04-16 13:26:40 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008-04-16 13:26:40 | 000,158,518 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008-04-16 13:26:40 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2008-04-16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007-08-06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007-03-06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 003,748,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,652,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,127,648 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-03-09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
OTL Extras log:
OTL Extras logfile created on: 22-5-2011 12:31:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Clint\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 3,25 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 37,63 Gb Free Space | 35,27% Space Free | Partition Type: NTFS
Drive E: | 153,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 648,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LAPTOP_CLINT | User Name: Clint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\sysservice.exe" = C:\Windows\system32\sysservice.exe:*:Enabled:DNS client
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03550986-BB2A-4EA0-8401-E4CAEE4B675E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0524A412-CB74-4BE7-BA50-D48FF03CB0F8}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{1C2DDBB9-05D9-46EB-9CD6-A38EABBD3DBD}" = rport=139 | protocol=6 | dir=out | app=system |
"{26AF7982-8992-47C4-9641-3AB9CD3E8242}" = lport=138 | protocol=17 | dir=in | app=system |
"{27C36912-564A-40BA-B833-782EE7FA291E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{34E3D622-DC91-4DB9-90D3-81D7DD0CCBF4}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{683F4085-03BA-4BB4-90A2-55C2E1F29024}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FF07B6E-FF75-47AE-84C9-A37B95D3FB39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C05A0F5C-91F1-4BF8-87EA-4ED4EEF0AD32}" = lport=445 | protocol=6 | dir=in | app=system |
"{C44BDE9E-D3F5-46AA-92EE-C6F74644BF24}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C8977CE2-5925-45B4-A633-B036B3676592}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CE669F14-F98B-45BF-B561-22CE2E5BB9ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E7203A3B-CECE-46F8-BFB8-16DE364C5EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{EABB8C26-E20D-4865-9FDF-F8797AEA8F14}" = lport=139 | protocol=6 | dir=in | app=system |
"{EDB0A78C-B301-48F9-9287-CC79A44016D7}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F34186B5-35B6-4154-9251-C7C7572DA234}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7CFE0F7-32BD-4FF9-B0AD-320D7B4D468C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC190160-297D-40BE-9776-2B6DAC90CE4C}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E3B68-53E0-485C-AF10-52E0915CF477}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{15659E20-71F3-4663-AFA3-25F1A6653380}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1B3957AC-598E-4C39-9140-79A20368B886}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FA0D09A-270A-4012-816B-E27D131FCBAD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2C05B0B2-448C-477B-92F6-AA06EB0E3790}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F7054A8-B571-44A4-878A-B447FE8CCAA7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{36C9229F-2229-4038-91EF-8850DBAB714A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3C4DC441-C99B-439F-BE42-367DFBE9F236}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{41C55FF4-FC2B-4A26-82A8-06E4122037E9}" = protocol=6 | dir=in | app=c:\users\clint\appdata\local\asam.exe |
"{4A2DC845-D768-46FE-9519-F280098B1D4A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5487752C-4FD4-4C67-97BD-5B651D1E1403}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{5F355BF0-0933-4D77-ACB6-B1307DFCADB3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5F7EE90E-A673-47C5-994A-C902CC0CAADA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{636CF605-9ABE-43C3-BC96-2990AEF4A571}" = protocol=17 | dir=in | app=c:\users\clint\documents\vixy.net\vixy.exe |
"{6629E95A-ED02-469F-90DD-1D964101D78D}" = protocol=6 | dir=in | app=c:\users\clint\documents\vixy.net\vixy.exe |
"{6675BF05-4538-43DD-AC96-0BF03A7D3374}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6844A6A8-1F0E-42A6-9EF4-D6D557FBC735}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{74656566-A754-40C1-A4D0-7A0A33578B45}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7C94638E-75BD-4FC5-81B3-E51388457083}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{800EEEF9-A5BD-461C-9DF4-95A02844C136}" = protocol=17 | dir=in | app=c:\users\clint\appdata\local\asam.exe |
"{8BECFAFE-75A5-46B1-A509-1D1302DFDA4E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{8D7F5E85-A3EF-4179-8E2E-4C9D6F19C7E3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8F917AD5-A9C8-47F2-BCA8-F9E40D5932E0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{AFA4E4C8-6963-4C3E-9110-E294B05D5A9B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BD53F9AD-8469-46C2-ABF4-68A6B4CDF1B4}" = protocol=6 | dir=in | app=c:\windows\system32\sysservice.exe |
"{C2DD2BAC-F632-439F-89B0-DE48E7DBFDF7}" = protocol=58 | dir=out |
[email protected],-28546 |
"{CC3F2ACF-93C9-4D48-A7EF-9813B36D1A7B}" = protocol=1 | dir=in |
[email protected],-28543 |
"{D796CB59-6937-4AA3-881D-58A08311E1FF}" = protocol=17 | dir=in | app=c:\windows\system32\sysservice.exe |
"{DC9EDD98-2070-4DA0-86F5-7FC127341D0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E8F1AA20-4EB2-4015-AF68-CD60EECCE38E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EB558756-2DCB-4216-B32D-401999BBF79E}" = protocol=58 | dir=in |
[email protected],-28545 |
"{F0099E6E-C473-4261-8DC4-6253A4F73EF1}" = protocol=1 | dir=out |
[email protected],-28544 |
"{F57128EA-19F9-4255-AB02-6B74830F1D42}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FA4B32A7-38CD-46ED-9878-F5489F38B248}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FB4B3579-2ACC-4985-877B-A414849476E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FBA25EB7-7339-4CCF-B2CF-D3040FACA553}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{0BE84227-0F63-4422-A56F-A630953DB9A4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0F9114E8-7032-42E6-89DD-E6DAE347F55F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4DDF5966-F7C6-42E0-B97C-9A5FCAB7F8AE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{571A69C9-7C70-4358-B7EF-A0A9B9E09369}C:\windows\system\smsc.exe" = protocol=6 | dir=in | app=c:\windows\system\smsc.exe |
"TCP Query User{5883735A-E601-4FD7-A957-58CBEF4FF5DE}C:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe |
"TCP Query User{87BE6355-1EB6-453D-959E-3584C4BDE2F1}C:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe |
"TCP Query User{8C5F915B-F9FB-4374-8C9A-77F21E0C5770}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A9D7D225-2EF1-456B-94A1-7BA0EEFBCE35}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{C0954CE6-DD3F-4127-A8CA-1B04CD0112B0}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"TCP Query User{D57DD6B7-C371-4A70-88EA-53685C446F06}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{E10B3088-CB92-4A0C-902E-F75F7D58EE20}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F8D2D33A-5DB6-4A33-AD53-FF8A46E5A4B5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FD19A38C-5EE1-47E0-A84F-35564CFB2A78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FDA293BD-739F-4FA4-BB24-EE7E1A83F5F0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1A8BB06C-B06D-4856-B71B-C664A2A152E2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2A19340D-8A88-4CFF-B812-B51E1CB76152}C:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clintkrim\team fortress 2\hl2.exe |
"UDP Query User{35297A79-9C3F-4DD7-9A06-2CFD5FA6F451}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{42384852-2602-46A4-8DD9-552BF90DC5DC}C:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clintkrim\counter-strike source\hl2.exe |
"UDP Query User{4CACFF36-E70B-4A84-B3EF-86F54F7EFBA1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{52F05E39-0F4E-424E-B51A-68FEAF90096A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{54F0A0C3-21A2-4782-8FED-12FAAE9B0234}C:\windows\system\smsc.exe" = protocol=17 | dir=in | app=c:\windows\system\smsc.exe |
"UDP Query User{7FB6106E-AA1B-412F-B5A7-74C5C7B54196}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8868DCDE-3BF3-4EF2-86E2-9A1D78BF712B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{88BEA8EF-41AF-419B-A82D-74FE0DBC61FC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8BE994AA-49C3-44C4-A74C-DA10B92BA632}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{AC47C98A-7930-4D08-A55D-D3C7814ECA58}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{AD5B563E-FEE9-4157-861D-9D0C23E673A3}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"UDP Query User{B2986937-D963-4C6F-82C7-C58F75957B37}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{12259703-CC6E-4690-A62E-995C281C4A56}" = Woordenboek Latijn-Nederlands
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}" = Sony Vegas 6.0
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8BF6957D-9288-41A3-88B6-D5902FBC51EF}" = Uru - To D'ni Expansion Pack
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1477E-810A-4185-BD9E-1A803498EFB3}" = OpenOffice.org 3.0
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}" = Sony Media Manager 2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast" = avast! Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drum Tab Printer" = Drum Tab Printer
"DVDGenie" = DVD Genie (remove only)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.1.3.1
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"GameOfLife" = Game of Life
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009
"iFinger 2.0" = iFinger 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Na klar! Leerlingen-cd-rom 5 vwo" = Na klar! Leerlingen-cd-rom 5 vwo
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"Orb" = Winamp Remote
"PROHYBRIDR" = 2007 Microsoft Office system
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Last Express" = The Last Express
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 1-5-2011 8:27:43 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 2-5-2011 4:32:37 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 4-5-2011 4:24:56 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 6-5-2011 6:27:52 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 7-5-2011 6:33:06 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 8-5-2011 7:11:11 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 9-5-2011 11:19:21 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 10-5-2011 4:21:34 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 11-5-2011 18:31:29 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
Error - 13-5-2011 5:57:52 | Computer Name = Laptop_Clint | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21-5-2011 21:43:51 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 21-5-2011 22:09:42 | Computer Name = Laptop_Clint | Source = Dhcp | ID = 1001
Description = Deze computer heeft geen adres toegewezen gekregen van het netwerk
(door de DHCP-server) voor de netwerkkaart met netwerkadres 0022432768AC. De volgende
fout is opgetreden: %%1223. De computer zal doorgaan om zelf een adres van de server
met netwerkadressen (DHCP-server) proberen te verkrijgen.
Error - 21-5-2011 22:31:10 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7034
Description =
Error - 22-5-2011 0:37:41 | Computer Name = Laptop_Clint | Source = HTTP | ID = 15016
Description =
Error - 22-5-2011 0:38:24 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7000
Description =
Error - 22-5-2011 0:40:24 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 22-5-2011 6:19:42 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7034
Description =
Error - 22-5-2011 6:23:44 | Computer Name = Laptop_Clint | Source = HTTP | ID = 15016
Description =
Error - 22-5-2011 6:24:17 | Computer Name = Laptop_Clint | Source = Service Control Manager | ID = 7000
Description =
Error - 22-5-2011 6:24:37 | Computer Name = Laptop_Clint | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Malwarebytes' log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6639
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
22-5-2011 14:43:56
mbam-log-2011-05-22 (14-43-56).txt
Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 362771
Verstreken tijd: 1 uur/uren, 51 minuut/minuten, 34 seconde(n)
Geheugenprocessen geďnfecteerd: 0
Geheugenmodulen geďnfecteerd: 0
Registersleutels geďnfecteerd: 2
Registerwaarden geďnfecteerd: 1
Registerdata geďnfecteerd: 1
Mappen geďnfecteerd: 3
Bestanden geďnfecteerd: 19
Geheugenprocessen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geďnfecteerd:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registerwaarden geďnfecteerd:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.
Registerdata geďnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Clint\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Mappen geďnfecteerd:
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Bestanden geďnfecteerd:
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\uninstall.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\05222011_121940\c_recycle.bin\recycle.bin.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\Desktop\armanager.lnk (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\files (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\armanager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Combofix-log (this one seems to be in dutch, my native language, if you need a translation, I will provide one):
ComboFix 11-05-21.03 - Clint 22-05-2011 14:58:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2943.1794 [GMT 2:00]
Gestart vanuit: c:\users\Clint\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk
c:\windows\system32\8cb6910.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))
.
.
2011-05-22 13:12 . 2011-05-22 13:19 -------- d-----w- c:\users\Clint\AppData\Local\temp
2011-05-22 13:12 . 2011-05-22 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 10:47 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 10:47 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 10:19 . 2011-05-22 10:19 -------- d-----w- C:\_OTL
2011-05-21 15:55 . 2011-05-18 10:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F48247E-AE52-4F5E-9237-2F05A4C94314}\mpengine.dll
2011-05-21 15:20 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 15:20 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 15:20 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 15:20 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 15:20 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 15:20 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 15:19 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 15:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 15:17 . 2011-05-21 15:17 -------- d-----w- c:\programdata\AVAST Software
2011-05-21 15:17 . 2011-05-21 15:17 -------- d-----w- c:\program files\AVAST Software
2011-05-11 22:43 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 21:10 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-30 21:10 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-30 21:10 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-30 21:10 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-30 21:10 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-30 21:10 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-30 21:10 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 21:10 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-28 23:45 . 2011-03-21 06:22 1680272 ----a-w- c:\program files\Mozilla Firefox\plugins\npdjvu.dll
2011-04-28 23:45 . 2011-04-28 23:45 -------- d-----w- c:\program files\Caminova
2011-04-26 20:03 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 20:03 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 12:48 . 2008-09-20 00:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-03-10 16:12 . 2011-04-13 22:19 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12 . 2011-04-13 22:19 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00 . 2011-04-13 22:19 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56 . 2011-04-26 20:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-26 20:03 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-26 20:03 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-26 20:03 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53 . 2011-04-13 22:19 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49 . 2011-04-13 22:19 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52 . 2011-04-13 22:20 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52 . 2011-04-13 22:20 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51 . 2011-04-13 22:19 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51 . 2011-04-13 22:19 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:57 . 2011-04-30 21:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-12 4710400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-09-20 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-20 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.asus.com/entryflash.htm
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\yitub4n8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Bestandsassociaties -------
.
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKU-Default-Run-4Y3Y0C3AUYVV4Y9GCYBOPHFEUNNFBI - c:\recycle.bin\Recycle.Bin.exe
AddRemove-DVDGenie - c:\program files\DVD Genie\uninst-dvdgenie.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-22 15:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
c:\users\Clint\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
.
Scan succesvol afgerond
verborgen bestanden: 2
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(2452)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2011-05-22 15:31:24 - machine werd herstart
ComboFix-quarantined-files.txt 2011-05-22 13:31
.
Pre-Run: 3.311.173.632 bytes beschikbaar
Post-Run: 2.705.727.488 bytes beschikbaar
.
- - End Of File - - C708E5C141C94294B8D71ECB5A7E151C
TDSSKiller log:
2011/05/22 15:38:56.0908 5988 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 15:38:56.0990 5988 ================================================================================
2011/05/22 15:38:56.0990 5988 SystemInfo:
2011/05/22 15:38:56.0990 5988
2011/05/22 15:38:56.0990 5988 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/22 15:38:56.0990 5988 Product type: Workstation
2011/05/22 15:38:56.0990 5988 ComputerName: LAPTOP_CLINT
2011/05/22 15:38:56.0992 5988 UserName: Clint
2011/05/22 15:38:56.0992 5988 Windows directory: C:\Windows
2011/05/22 15:38:56.0992 5988 System windows directory: C:\Windows
2011/05/22 15:38:56.0992 5988 Processor architecture: Intel x86
2011/05/22 15:38:56.0992 5988 Number of processors: 2
2011/05/22 15:38:56.0992 5988 Page size: 0x1000
2011/05/22 15:38:56.0992 5988 Boot type: Normal boot
2011/05/22 15:38:56.0992 5988 ================================================================================
2011/05/22 15:38:57.0575 5988 Initialize success
2011/05/22 15:39:10.0779 6080 ================================================================================
2011/05/22 15:39:10.0779 6080 Scan started
2011/05/22 15:39:10.0779 6080 Mode: Manual;
2011/05/22 15:39:10.0779 6080 ================================================================================
2011/05/22 15:39:11.0812 6080 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/22 15:39:12.0373 6080 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/22 15:39:12.0550 6080 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/22 15:39:12.0620 6080 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/22 15:39:12.0712 6080 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/22 15:39:13.0064 6080 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/22 15:39:13.0368 6080 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/22 15:39:13.0492 6080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/22 15:39:13.0685 6080 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/22 15:39:13.0937 6080 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/22 15:39:14.0195 6080 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/22 15:39:14.0424 6080 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/22 15:39:14.0671 6080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/22 15:39:15.0018 6080 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/22 15:39:15.0314 6080 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/22 15:39:15.0839 6080 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/05/22 15:39:15.0973 6080 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/05/22 15:39:16.0303 6080 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/22 15:39:16.0468 6080 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/22 15:39:16.0587 6080 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/22 15:39:16.0755 6080 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/22 15:39:17.0015 6080 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/22 15:39:17.0264 6080 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/22 15:39:17.0552 6080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 15:39:17.0635 6080 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/22 15:39:17.0935 6080 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
2011/05/22 15:39:18.0304 6080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/22 15:39:18.0531 6080 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/22 15:39:18.0656 6080 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 15:39:18.0720 6080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/22 15:39:18.0799 6080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/22 15:39:18.0893 6080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/22 15:39:18.0982 6080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/22 15:39:19.0024 6080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/22 15:39:19.0104 6080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/22 15:39:19.0184 6080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/22 15:39:19.0337 6080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 15:39:19.0403 6080 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/22 15:39:19.0453 6080 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/22 15:39:19.0534 6080 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/22 15:39:19.0651 6080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/22 15:39:19.0685 6080 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/22 15:39:19.0723 6080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/22 15:39:19.0781 6080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/22 15:39:19.0824 6080 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/22 15:39:20.0060 6080 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 15:39:20.0417 6080 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/22 15:39:20.0916 6080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 15:39:21.0389 6080 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 15:39:21.0552 6080 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/22 15:39:21.0643 6080 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/22 15:39:21.0948 6080 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/22 15:39:22.0274 6080 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/22 15:39:22.0445 6080 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/22 15:39:22.0488 6080 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 15:39:22.0532 6080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 15:39:22.0586 6080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 15:39:22.0620 6080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 15:39:22.0760 6080 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 15:39:22.0801 6080 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 15:39:22.0902 6080 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 15:39:22.0989 6080 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/22 15:39:23.0156 6080 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/22 15:39:23.0481 6080 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 15:39:23.0576 6080 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/22 15:39:23.0637 6080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/22 15:39:23.0694 6080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/22 15:39:23.0733 6080 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/22 15:39:24.0016 6080 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/22 15:39:24.0372 6080 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 15:39:24.0653 6080 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/22 15:39:24.0928 6080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/22 15:39:25.0095 6080 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/22 15:39:25.0462 6080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/22 15:39:26.0071 6080 IntcAzAudAddService (dfe2efd0d7f301214db3d999512783a7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/22 15:39:26.0505 6080 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/22 15:39:26.0547 6080 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 15:39:26.0595 6080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 15:39:26.0830 6080 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/22 15:39:27.0097 6080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/22 15:39:27.0284 6080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/22 15:39:27.0603 6080 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/22 15:39:27.0956 6080 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/22 15:39:28.0201 6080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/22 15:39:28.0259 6080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/22 15:39:28.0316 6080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/22 15:39:28.0377 6080 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/22 15:39:28.0433 6080 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/22 15:39:28.0660 6080 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 15:39:28.0929 6080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 15:39:29.0021 6080 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/22 15:39:29.0065 6080 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/22 15:39:29.0108 6080 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/22 15:39:29.0153 6080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/22 15:39:29.0370 6080 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/22 15:39:29.0536 6080 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/22 15:39:29.0645 6080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/22 15:39:29.0766 6080 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/22 15:39:29.0886 6080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 15:39:30.0089 6080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/22 15:39:30.0357 6080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 15:39:30.0495 6080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 15:39:30.0555 6080 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/22 15:39:30.0954 6080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 15:39:31.0153 6080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/22 15:39:31.0296 6080 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 15:39:31.0586 6080 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 15:39:31.0799 6080 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 15:39:31.0855 6080 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 15:39:32.0038 6080 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/22 15:39:32.0089 6080 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/22 15:39:32.0332 6080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 15:39:32.0464 6080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/22 15:39:32.0533 6080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 15:39:32.0595 6080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 15:39:32.0680 6080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 15:39:32.0722 6080 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 15:39:32.0797 6080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/22 15:39:33.0072 6080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 15:39:33.0304 6080 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/05/22 15:39:33.0465 6080 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/22 15:39:33.0583 6080 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 15:39:33.0681 6080 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/05/22 15:39:34.0056 6080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 15:39:34.0277 6080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 15:39:34.0338 6080 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 15:39:34.0375 6080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 15:39:34.0430 6080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 15:39:34.0498 6080 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 15:39:34.0629 6080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/22 15:39:34.0691 6080 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 15:39:34.0777 6080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 15:39:34.0905 6080 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 15:39:35.0009 6080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/22 15:39:35.0078 6080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/22 15:39:35.0275 6080 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/22 15:39:36.0888 6080 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/22 15:39:37.0328 6080 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 15:39:37.0362 6080 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/22 15:39:37.0542 6080 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 15:39:37.0599 6080 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/22 15:39:37.0726 6080 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/22 15:39:38.0040 6080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/22 15:39:38.0183 6080 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 15:39:38.0281 6080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/22 15:39:38.0538 6080 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/22 15:39:38.0744 6080 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/22 15:39:38.0849 6080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/22 15:39:39.0074 6080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/22 15:39:39.0323 6080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 15:39:39.0358 6080 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/22 15:39:39.0623 6080 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 15:39:39.0711 6080 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/22 15:39:39.0828 6080 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/22 15:39:39.0896 6080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/22 15:39:39.0958 6080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 15:39:40.0007 6080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 15:39:40.0204 6080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 15:39:40.0464 6080 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 15:39:40.0958 6080 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 15:39:41.0144 6080 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 15:39:41.0189 6080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 15:39:41.0289 6080 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/22 15:39:41.0588 6080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 15:39:41.0980 6080 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 15:39:42.0353 6080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 15:39:42.0480 6080 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/22 15:39:42.0645 6080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/22 15:39:42.0871 6080 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/22 15:39:42.0927 6080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/22 15:39:42.0997 6080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/22 15:39:43.0055 6080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/22 15:39:43.0091 6080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/22 15:39:43.0303 6080 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/22 15:39:43.0514 6080 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/22 15:39:43.0570 6080 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/22 15:39:43.0612 6080 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/22 15:39:43.0681 6080 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/22 15:39:43.0752 6080 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/22 15:39:43.0805 6080 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/22 15:39:43.0993 6080 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 15:39:44.0379 6080 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/22 15:39:45.0048 6080 SNP2UVC (e7230cdcc9e7b7559147cf7bc24a1d1d) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/22 15:39:45.0508 6080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/22 15:39:46.0139 6080 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/22 15:39:46.0139 6080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/22 15:39:46.0172 6080 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 15:39:46.0436 6080 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 15:39:46.0745 6080 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 15:39:46.0868 6080 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 15:39:46.0950 6080 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/05/22 15:39:46.0994 6080 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/05/22 15:39:47.0271 6080 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/05/22 15:39:47.0471 6080 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/05/22 15:39:47.0570 6080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/22 15:39:47.0670 6080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/22 15:39:47.0733 6080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/22 15:39:47.0985 6080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/22 15:39:48.0295 6080 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/22 15:39:48.0646 6080 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 15:39:49.0056 6080 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 15:39:49.0406 6080 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 15:39:49.0685 6080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 15:39:50.0079 6080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 15:39:50.0481 6080 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 15:39:50.0988 6080 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/22 15:39:51.0350 6080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 15:39:51.0467 6080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/22 15:39:51.0702 6080 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 15:39:51.0779 6080 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/22 15:39:51.0854 6080 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 15:39:52.0237 6080 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/22 15:39:52.0454 6080 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/22 15:39:52.0506 6080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/22 15:39:52.0584 6080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/22 15:39:52.0666 6080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/22 15:39:52.0776 6080 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/22 15:39:52.0865 6080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/22 15:39:53.0049 6080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/22 15:39:53.0392 6080 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/22 15:39:53.0500 6080 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/22 15:39:53.0635 6080 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/22 15:39:53.0832 6080 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/22 15:39:54.0146 6080 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/22 15:39:54.0387 6080 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/22 15:39:54.0677 6080 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/22 15:39:54.0740 6080 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 15:39:54.0803 6080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/22 15:39:54.0843 6080 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/22 15:39:55.0219 6080 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/22 15:39:55.0496 6080 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/22 15:39:56.0060 6080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/22 15:39:56.0454 6080 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 15:39:56.0711 6080 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/22 15:39:57.0076 6080 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/22 15:39:57.0451 6080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/22 15:39:57.0679 6080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 15:39:57.0744 6080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 15:39:58.0260 6080 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/22 15:39:58.0553 6080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 15:39:59.0054 6080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/22 15:39:59.0271 6080 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/22 15:39:59.0439 6080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 15:39:59.0678 6080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 15:39:59.0865 6080 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/22 15:40:00.0020 6080 ================================================================================
2011/05/22 15:40:00.0020 6080 Scan finished
2011/05/22 15:40:00.0020 6080 ================================================================================
2011/05/22 15:40:00.0041 6072 Detected object count: 1
2011/05/22 15:40:32.0955 6072 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/22 15:40:32.0999 6072 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/22 15:40:33.0020 6072 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/05/22 15:40:33.0020 6072 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/22 15:40:52.0885 5928 Deinitialize success
aswMBR log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 15:46:33
-----------------------------
15:46:33.511 OS Version: Windows 6.0.6001 Service Pack 1
15:46:33.511 Number of processors: 2 586 0x6802
15:46:33.514 ComputerName: LAPTOP_CLINT UserName: Clint
15:46:40.812 Initialize success
15:47:05.142 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:47:05.147 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
15:47:07.189 Disk 0 MBR read successfully
15:47:07.192 Disk 0 MBR scan
15:47:07.196 Disk 0 unknown MBR code
15:47:09.211 Disk 0 scanning sectors +488392065
15:47:09.279 Disk 0 scanning C:\Windows\system32\drivers
15:47:15.769 Service scanning
15:47:17.668 Disk 0 trace - called modules:
15:47:17.699 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
15:47:17.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b9e410]
15:47:17.709 3 CLASSPNP.SYS[8a5a6745] -> nt!IofCallDriver -> [0x854289c8]
15:47:17.714 5 acpi.sys[8072a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84abd030]
15:47:17.720 Scan finished successfully
15:47:58.476 Disk 0 MBR has been saved successfully to "C:\Users\Clint\Documents\malwarelogs\MBR.dat"
15:47:58.486 The log file has been saved successfully to "C:\Users\Clint\Documents\malwarelogs\aswMBR.txt"
Also, the scanlog of the boot-time scan revealed no virussen, malware, etc.
Sign In
Create Account
