IE popping up in background, can't seem to fix it

Question

bolzebop 0 Newbie Poster

13 Years Ago

Hello,
So I've been camping with this problem for a while now, IE just starts when I run my computer, but it just stays in the background(makes some weird noises aswell sometimes) and it kicks me out of any full screen application every 5-10 minutes. I've read quite some posts about the problem but I can't seem to find what's wrong. I have used mbam and stuff but that didn't work so.
I would be grateful if someone could help, here is my hijack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:34, on 23-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088433
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [LogitechSetup] C:\DOCUME~1\Nicholas\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe /skip_all_checks /p /start /restart /l:nld
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239617153472
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239641113515
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9243 bytes

windows-virus

3 Contributors
26 Replies
443 Views
2 Weeks Discussion Span
Latest Post 13 Years Ago Latest Post by crunchie

All 26 Replies

Rik_ 111 Nearly a Posting Maven

13 Years Ago

Your HJT log is showing quite a few problems. When you say Mbam didn't work could you be more specific? Do you mean it won't run or that it does run but hasn't fixed the problem?

crunchie 990 Most Valuable Poster

13 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Read me before posting a request for assistance

crunchie 990 Most Valuable Poster

13 Years Ago

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

crunchie 990 Most Valuable Poster

13 Years Ago

How are things now?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

crunchie 990 Most Valuable Poster

13 Years Ago

Ok. That looks good.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

bolzebop commented: awesome help until the end :) +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

bolzebop 0 Newbie Poster · Answer 1 · 2010-10-24T18:29:43+00:00

Well, I ran Mbam and it removed 2 infected files, but that didn't seem to fix the problem, My knowledge of computers is limited so I hope someone else could tell me what the problem is since it's really annoying me,
thank you for the reply

bolzebop 0 Newbie Poster · Answer 2 · 2010-10-24T18:34:11+00:00

Well I did crunchie but it didn't quite help me any further :)

Rik_ 111 Nearly a Posting Maven · Answer 3 · 2010-10-24T22:53:41+00:00

If you post ALL the logs asked for in the link provided by Crunchie then I'm sure he will be able to help you further!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2010-10-25T02:36:15+00:00

Well I did crunchie but it didn't quite help me any further :)

You may have run the tools, but only one of them actually removes what is found. The other two have to have eyes scanned over them, hence the request to post the logs.

bolzebop 0 Newbie Poster · Answer 5 · 2010-10-25T23:44:15+00:00

Alright, excuse me crunchie
I ran the tools again and saved all the logs, here they are

Mbam log (it's in dutch but I figured u would understand it without a problem so here it is)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4891

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25-10-2010 18:58:24
mbam-log-2010-10-25 (18-58-24).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 295072
Verstreken tijd: 1 uur/uren, 36 minuut/minuten, 22 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 5

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
C:\Documents and Settings\Nicholas\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Documents and Settings\Nicholas\Bureaublad\Civi4\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe (Trojan.Agent) -> No action taken.
C:\PC\Windows_XP_Professional_Service_Pack_1\Windows_XP_Professional_SP1_Keygen\xp_sp1\WindowsXP Product Key Viewer.exe (Hacktool.KeySteal) -> No action taken.
C:\Program Files\Bethesda Softworks\Oblivion\pztrain.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Darkstar One\Crack\Voyager.dll (Trojan.FakeAlert) -> No action taken.

GMERone.log

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-24 19:36:13
Windows 5.1.2600 Service Pack 2
Running: q514l74t.exe; Driver: C:\DOCUME~1\Nicholas\LOCALS~1\Temp\kfqcifoc.sys

---- System - GMER 1.0.15 ----

SSDT spjb.sys ZwEnumerateKey [0xF7401DA4]
SSDT spjb.sys ZwEnumerateValueKey [0xF7402132]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAE596B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAE5969C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAE596AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867DA1F8
Device \Driver\atapi \Device\Ide\IdePort0 867DA1F8
Device \Driver\atapi \Device\Ide\IdePort1 867DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 867DA1F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8676B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 857FF1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMERtwo.log
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-24 21:16:10
Windows 5.1.2600 Service Pack 2
Running: q514l74t.exe; Driver: C:\DOCUME~1\Nicholas\LOCALS~1\Temp\kfqcifoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAE589CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAE589B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAE58A142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAE58A06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAE589764]
SSDT spjb.sys ZwEnumerateKey [0xF7401DA4]
SSDT spjb.sys ZwEnumerateValueKey [0xF7402132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAE589C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAE5896A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAE589708]
SSDT spjb.sys ZwQueryKey [0xF740220A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAE589D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAE58A210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAE589D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAE589EC8]

INT 0x62 ? 867DABF8
INT 0x82 ? 867DABF8
INT 0x83 ? 8676FBF8
INT 0xB4 ? 8637BBF8
INT 0xB4 ? 8637BBF8
INT 0xB4 ? 8637BBF8
INT 0xB4 ? 8637BBF8
INT 0xB4 ? 8637BBF8
INT 0xB4 ? 8637BBF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAE596B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAE5969C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAE596AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8676B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 857FF1F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 8650D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8650D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8650D1F8
Device \Driver\usbuhci \Device\USBPDO-3 8650D1F8
Device \Driver\usbehci \Device\USBPDO-4 864F61F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 867DB1F8
Device \Driver\Cdrom \Device\CdRom0 865131F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867DA1F8
Device \Driver\atapi \Device\Ide\IdePort0 867DA1F8
Device \Driver\atapi \Device\Ide\IdePort1 867DA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 867DA1F8
Device \Driver\Cdrom \Device\CdRom1 865131F8
Device \Driver\Cdrom \Device\CdRom2 865131F8
Device \Driver\Cdrom \Device\CdRom3 865131F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 864AE500
Device \Driver\NetBT \Device\NetbiosSmb 864AE500
Device \Driver\sptd \Device\171473728 spjb.sys
Device \Driver\PCI_PNP4978 \Device\0000004e spjb.sys
Device \Driver\PCI_PNP4978 \Device\0000004e spjb.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8650D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8650D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 862C2500
Device \Driver\usbuhci \Device\USBFDO-2 8650D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 862C2500
Device \Driver\usbuhci \Device\USBFDO-3 8650D1F8
Device \Driver\Ftdisk \Device\FtControl 867DB1F8
Device \Driver\usbehci \Device\USBFDO-4 864F61F8
Device \Driver\a7jukrwk \Device\Scsi\a7jukrwk1Port3Path0Target2Lun0 8635D500
Device \Driver\viamraid \Device\Scsi\viamraid1 8676C1F8
Device \Driver\a7jukrwk \Device\Scsi\a7jukrwk1 8635D500
Device \Driver\a7jukrwk \Device\Scsi\a7jukrwk1Port3Path0Target3Lun0 8635D500
Device \Driver\a7jukrwk \Device\Scsi\a7jukrwk1Port3Path0Target0Lun0 8635D500
Device \FileSystem\Fastfat \Fat 857FF1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 864DD1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????? ???????5?????7?????????? ??? ?8???&???????????????????????? ???????5?????5??????? ???????????? ???????????????????Microsoft Kernel DRM-audiodecoder?????P??5???????????2??????????? ???????5???????????2? ????????????????????? ???????5?????5??????? ????????????*??????????????????????ste??????????0????????????????`???????????????????? ????????????????????? ???????????????????????#???? ?????????????5??????????????????*? ???????????? ???????5?????5?????)??????????X????????????????????0?????ssM?????5?&??UHCI.Dev????? ???????5???????????2? ????????????????????? ???????2????????????? ?????????????????f????>??5???x???????????????????5????????????????????X??5??????????????????? .??5??????????p???? ?????????????5??????????????????w?????????? ???????5???????????5????????*?d???????????usbui.dll,USBControllerPropPageProvider?????? ???????????????????????5???????h??usbport.inf?????7-1-2001??????? ????????????????????h?h?x?????????????????h?h?x??????????????????????v???????5??????????????? ???????5???????????5?????
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xD3 0x6F 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x45 0x4A 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x86 0xF7 0xA8 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5B 0x2F 0x1E 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x60 0x3F 0xE3 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCC 0xB1 0x4B 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0xBF 0xC6 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x45 0x4A 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x86 0xF7 0xA8 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5B 0x2F 0x1E 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x60 0x3F 0xE3 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCC 0xB1 0x4B 0x10 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings@

DDS.txt log
DDS (Ver_10-10-21.02) - NTFSx86
Run by Nicholas at 19:12:15,07 on ma 25-10-2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1023.570 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Nicholas\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088433
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTog1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTog1.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTog1.dll
TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [LogitechSetup] c:\docume~1\nicholas\locals~1\temp\quickcam_11.1.0\setup.exe /skip_all_checks /p /start /restart /l:nld
uRun: [PlayNC Launcher]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239617153472
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239641113515
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nicholas\applic~1\mozilla\firefox\profiles\8fxojbhe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:nl:official|http://be.msn.com/default.aspx
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=2&q=
FF - plugin: c:\documents and settings\nicholas\application data\mozilla\firefox\profiles\8fxojbhe.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-13 165456]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-9-7 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
S0 wnasob;wnasob;c:\windows\system32\drivers\ltvbi.sys --> c:\windows\system32\drivers\ltvbi.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\nicholas\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\nicholas\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys --> c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-10-20 15:48:29 388096 ----a-r- c:\docume~1\nicholas\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-20 15:48:28 -------- d-----w- c:\program files\Trend Micro
2010-10-20 11:54:06 -------- d-----w- c:\docume~1\nicholas\applic~1\Malwarebytes
2010-10-20 11:53:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 11:53:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 11:53:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 11:53:58 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-10-17 13:03:05 -------- d-----w- c:\windows\usgwmt
2010-10-12 19:32:29 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Trymedia
2010-10-12 19:05:53 -------- d-----w- c:\program files\Sierra
2010-10-12 18:27:26 -------- d-----w- c:\program files\Games
2010-10-12 15:47:20 -------- d-----w- c:\program files\2K Games
2010-10-12 15:44:39 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-10-12 15:44:33 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-10-10 17:45:31 -------- d-----w- c:\program files\Darkstar One
2010-10-01 12:05:27 3700176 ----a-w- c:\windows\system32\GameMon.des
2010-09-29 13:54:24 -------- d-----w- C:\AeriaGames
2010-09-29 12:40:10 -------- d-----w- c:\program files\common files\Akamai
2010-09-27 17:32:37 -------- d-----w- c:\docume~1\nicholas\locals~1\applic~1\Identities

==================== Find3M ====================

2010-10-13 18:59:47 22328 ----a-w- c:\docume~1\nicholas\applic~1\PnkBstrK.sys
2010-10-13 18:59:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-13 18:59:29 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-19 13:13:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-18 20:04:51 1 ----a-w- c:\windows\system32\SI.bin
2010-07-22 01:21:26 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe

============= FINISH: 19:13:24,25 ===============

DDS attach.text

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13-4-2009 11:39:51
System Uptime: 25-10-2010 18:59:59 (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8V
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2002/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 12,923 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\3&267A616A&0&50
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\3&267A616A&0&50
Service:

==== System Restore Points ===================

RP562: 13-10-2010 20:45:22 - Installed Tom Clancy's Rainbow Six Vegas 2
RP563: 13-10-2010 20:58:06 - DirectX is geïnstalleerd.
RP564: 15-10-2010 22:26:25 - Controlepunt van systeem
RP565: 16-10-2010 1:18:56 - Software Distribution Service 3.0
RP566: 17-10-2010 18:57:30 - Controlepunt van systeem
RP567: 19-10-2010 18:51:14 - Controlepunt van systeem
RP568: 20-10-2010 17:48:27 - Installed HiJackThis
RP569: 20-10-2010 18:04:52 - Verwijderd Logitech Desktop Messenger

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 - Nederlands
Akamai NetSession Interface
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ASUS ATI Driver
ASUS Enhanced Display Driver
AT&T WorldNet Setup
ATI Catalyst Install Manager
ATI Control Panel
µTorrent
avast! Free Antivirus
Battlefield Heroes
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 8 (KB917734)
Beveiligingsupdate voor Windows Media Player 9 (KB911565)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917422)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921398)
Beveiligingsupdate voor Windows XP (KB921883)
Beveiligingsupdate voor Windows XP (KB922616)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB924191)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB944338-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958470)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB963027)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969897)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971032)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB971961)
Beveiligingsupdate voor Windows XP (KB972260)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974455)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB976325)
Beveiligingsupdate voor Windows XP (KB977165-v2)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB981350)
Beveiligingsupdate voor Windows XP (KB982381)
Bonjour
Borderlands
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Cheat Engine 5.6
Community Expansion Pack version 1.01b
Compatibility Pack for the 2007 Office system
DAEMON Tools Toolbar
Debut Video Capture Software
Diablo II
DogTown
Driver Detective
EAX(tm) Unified (SHELL)
Essentiële update voor Windows Media Player 11 (KB959772)
Fable - The Lost Chapters
FEAR
FIFA MANAGER 10
Free WMA to MP3 Converter 1.16
Futuremark SystemInfo
Hero Editor V1.03
Heroes of Might and Magic V Collector Edition
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
Impulse
iTunes
Java(TM) 6 Update 13
Jurassic Park Operation Genesis
King's Bounty. The Legend (Remove Only)
League of Legends
LimeWire 5.1.2
Logitech QuickCam
Logitech® Camera-stuurprogramma
Malwarebytes' Anti-Malware
Managed DirectX (0900)
MegaChecksum V1.3.0.0
MegaTrainer eXperience V1.0.0.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Editie 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mount&Blade Warband
Mozilla Firefox (3.5.14)
MSN Virus Cleaner
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
MVision
NCsoft Launcher
NVIDIA PhysX
Pando Media Booster
Platform
PlugY, The Survival Kit
PowerISO
Prince of Persia The Sands of Time
PunkBuster Services
QuickTime
Realtek AC'97 Audio
Risen
Risk WarZone Client
Sacred 2
Security Update for CAPICOM (KB931906)
Segoe UI
Skype web features
Skype™ 4.1
SoulSeek Client 156b
System Requirements Lab
System Requirements Lab CYRI
TES Construction Set
The Lord of the Rings FREE Trial
thriXXX WebLaunch
ToggleDU Toolbar
Tom Clancy's Rainbow Six Vegas 2
TQ Defiler.NET
TQVault
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB908531)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB911280)
Update voor Windows XP (KB925720)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
Update voor Windows XP (KB976749)
Update voor Windows XP (KB978207)
Update voor Windows XP (KB980182)
Vampire - The Masquerade Bloodlines
VDownloader 0.83
Virtual Pool 3 DL
WarZone Client v1.0.41
WebFldrs XP
Windows-stuurprogrammapakket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WolfTeam
X2 - The Threat

==== End Of File ===========================

thanks in advance:)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2010-10-26T02:46:47+00:00

Ah, keygens and cracks. you gotta luv 'em.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

==========

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

bolzebop 0 Newbie Poster · Answer 7 · 2010-10-28T23:27:52+00:00

I really appreciate the help crunchie ;)
Alright, it took a while for the kaspersky scan to complete so here are the results

OTL.txt

OTL logfile created on: 26-10-2010 20:47:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Nicholas\Mijn documenten\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 584,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

========== Processes (SafeList) ==========

PRC - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-27 04:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007-07-25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007-07-25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007-07-25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-06-29 04:55:10 | 000,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2004-08-04 10:03:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
MOD - [2007-07-20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004-08-04 10:01:49 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-09-29 14:40:17 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010-08-15 18:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-07-20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\ltvbi.sys -- (wnasob)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\AeriaGames\WolfTeam\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nicholas\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-03-03 06:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-02-23 19:05:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-02-23 19:05:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-11-03 12:28:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-07-27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007-07-20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2007-07-20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2007-07-19 02:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007-07-19 02:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-07-19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-07-19 02:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007-07-18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006-07-01 22:56:04 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-12-09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-06-29 04:55:24 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2005-06-14 05:09:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005-05-13 14:16:12 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005-01-04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-08-04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
DRV - [2001-10-18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088433
IE - HKCU\..\URLSearchHook: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ToggleDU Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.be/firefox?client=firefox-a&rls=org.mozilla:nl:official|http://be.msn.com/default.aspx"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-21 22:06:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-21 22:06:24 | 000,000,000 | ---D | M]

[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-26 19:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions
[2009-09-02 21:32:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-18 18:55:02 | 000,000,000 | ---D | M] (ToggleDU Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}
[2009-10-08 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\battlefieldheroespatcher@ea.com
[2010-10-15 20:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\toolbar@ask.com
[2009-02-18 20:58:16 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\conduit.xml
[2009-11-03 12:28:57 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\daemon-search.xml
[2010-10-26 19:46:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-08-09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010-09-11 20:52:12 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-09-11 20:52:13 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-09-11 20:52:13 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-09-11 20:52:13 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-09-11 20:52:13 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-11-15 15:54:11 | 000,000,100 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleDU Toolbar) - {3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LogitechSetup] C:\DOCUME~1\Nicholas\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239617153472 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239641113515 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-13 11:37:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010-10-20 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-20 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes
[2010-10-20 13:53:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-10-20 13:53:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010-10-17 15:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\usgwmt
[2010-10-13 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2010-10-13 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\rainbox
[2010-10-12 21:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
[2010-10-12 21:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documenten\Monolith Productions
[2010-10-12 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010-10-12 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Mijn documenten\Battlefield 2142
[2010-10-12 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2010-10-12 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010-10-12 17:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-10-12 17:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010-10-10 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\PPF
[2010-10-10 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Darkstar One
[2010-10-01 14:05:27 | 003,700,176 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010-09-29 15:54:24 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2010-09-29 14:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-09-27 19:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-26 20:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-26 18:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-26 18:57:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-10-25 17:08:49 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-24 16:15:56 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-23 20:45:19 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-21 22:05:26 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 13:54:02 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2010-10-13 20:59:29 | 002,337,865 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-10-13 20:57:58 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:02 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-10-12 17:44:37 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010-09-29 15:58:06 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\WolfTeam.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-24 16:15:56 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-21 22:05:26 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 17:48:28 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-20 13:54:02 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-17 15:03:39 | 000,010,885 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\BReWErS.nfo
[2010-10-13 20:57:58 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 21:25:03 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-09-29 15:58:06 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\WolfTeam.lnk
[2010-08-21 18:30:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010-08-21 18:30:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010-07-26 17:28:31 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010-06-17 13:10:14 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010-01-26 19:09:55 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010-01-24 00:07:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010-01-24 00:01:12 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2010-01-23 21:01:40 | 000,671,744 | ---- | C] () -- C:\WINDOWS\System32\spk.dll
[2010-01-22 21:54:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-24 15:48:32 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-12-24 15:48:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-13 19:59:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\fusioncache.dat
[2009-09-10 15:24:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2009-09-10 14:52:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-09-10 14:52:55 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-09-10 14:52:55 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-09-10 14:14:32 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2009-05-09 19:43:48 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-05-09 19:39:14 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009-05-09 19:37:24 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installer.log
[2009-04-18 18:54:12 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-15 14:47:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-04-13 13:24:02 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-04-13 13:07:08 | 000,004,606 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-04-13 13:07:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-04-13 13:01:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009-04-13 13:01:08 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009-04-13 12:26:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-07-18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005-12-09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2003-04-07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010-09-01 13:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009-11-03 12:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010-02-28 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2009-04-13 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2010-09-08 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2009-12-24 15:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpieleEntwicklungsKombinat
[2010-02-25 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive
[2009-09-01 19:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Stardock
[2010-07-21 05:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010-08-16 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010-10-13 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2009-05-07 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-09-01 19:43:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F8999601-BE77-433E-A70A-B7766E47AE73}
[2009-09-10 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\DAEMON Tools Lite
[2010-10-25 18:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Desktopicon
[2010-02-10 11:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\GetRightToGo
[2009-11-19 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Leadertech
[2010-10-12 17:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LimeWire
[2010-09-08 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LolClient
[2010-08-10 17:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mount&Blade Warband
[2010-06-17 13:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\OpenCandy
[2010-03-22 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SpieleEntwicklungsKombinat
[2010-02-26 19:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Sports Interactive
[2009-09-01 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Stardock
[2010-09-12 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SystemRequirementsLab
[2010-07-04 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Tropico 3
[2009-09-13 20:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Turbine
[2010-10-13 21:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\uTorrent
[2010-07-21 05:11:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutSevenDays.job
[2010-07-21 05:11:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2010-10-26 20:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\agp440.sys
[2004-08-04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004-08-04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009-04-13 14:10:22 | 012,112,118 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-04-13 14:10:22 | 012,112,118 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002-08-29 10:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\atapi.sys
[2001-09-07 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004-08-04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2002-09-09 23:07:14 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=7593FA76DAFDBD9511A9A2B1465FF8C2 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\eventlog.dll
[2004-08-04 10:03:09 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004-08-04 10:03:09 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2002-09-09 23:07:56 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=87BD1441F4DB1951A80365E236D7568E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004-08-04 10:03:17 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004-08-04 10:03:17 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\system32\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\scecli.dll
[2004-08-04 10:03:20 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004-08-04 10:03:20 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\system32\scecli.dll
[2002-09-09 23:08:04 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=5BD3F85CFA1073712E4911BB5751AD86 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2005-06-29 04:55:34 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-03-03 05:40:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2004-08-04 10:03:14 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001-09-07 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004-08-04 10:03:19 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004-08-04 10:03:19 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004-08-04 10:03:19 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004-08-04 10:03:19 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004-08-04 10:03:20 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004-08-04 10:03:22 | 000,714,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004-08-04 10:03:22 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004-08-04 10:03:25 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009-04-13 13:22:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-04-13 13:22:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-04-13 13:22:02 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2009-04-13 13:23:40 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini
[2009-04-13 11:43:31 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E6D38BF2

< End of report >

bolzebop 0 Newbie Poster · Answer 8 · 2010-10-28T23:28:07+00:00

I really appreciate the help crunchie ;)
Alright, it took a while for the kaspersky scan to complete so here are the results

OTL.txt

OTL logfile created on: 26-10-2010 20:47:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Nicholas\Mijn documenten\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 584,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

========== Processes (SafeList) ==========

PRC - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-27 04:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007-07-25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007-07-25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007-07-25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-06-29 04:55:10 | 000,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2004-08-04 10:03:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
MOD - [2007-07-20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004-08-04 10:01:49 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-09-29 14:40:17 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010-08-15 18:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-07-20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\ltvbi.sys -- (wnasob)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\AeriaGames\WolfTeam\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nicholas\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-03-03 06:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-02-23 19:05:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-02-23 19:05:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-11-03 12:28:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-07-27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007-07-20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2007-07-20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2007-07-19 02:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007-07-19 02:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-07-19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-07-19 02:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007-07-18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006-07-01 22:56:04 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-12-09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-06-29 04:55:24 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2005-06-14 05:09:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005-05-13 14:16:12 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005-01-04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-08-04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
DRV - [2001-10-18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088433
IE - HKCU\..\URLSearchHook: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ToggleDU Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.be/firefox?client=firefox-a&rls=org.mozilla:nl:official|http://be.msn.com/default.aspx"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-21 22:06:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-21 22:06:24 | 000,000,000 | ---D | M]

[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-26 19:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions
[2009-09-02 21:32:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-18 18:55:02 | 000,000,000 | ---D | M] (ToggleDU Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}
[2009-10-08 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\battlefieldheroespatcher@ea.com
[2010-10-15 20:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\toolbar@ask.com
[2009-02-18 20:58:16 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\conduit.xml
[2009-11-03 12:28:57 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\daemon-search.xml
[2010-10-26 19:46:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-08-09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010-09-11 20:52:12 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-09-11 20:52:13 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-09-11 20:52:13 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-09-11 20:52:13 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-09-11 20:52:13 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-11-15 15:54:11 | 000,000,100 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleDU Toolbar) - {3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LogitechSetup] C:\DOCUME~1\Nicholas\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239617153472 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239641113515 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-13 11:37:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010-10-20 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-20 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes
[2010-10-20 13:53:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-10-20 13:53:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010-10-17 15:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\usgwmt
[2010-10-13 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2010-10-13 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\rainbox
[2010-10-12 21:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
[2010-10-12 21:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documenten\Monolith Productions
[2010-10-12 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010-10-12 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Mijn documenten\Battlefield 2142
[2010-10-12 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2010-10-12 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010-10-12 17:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-10-12 17:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010-10-10 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\PPF
[2010-10-10 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Darkstar One
[2010-10-01 14:05:27 | 003,700,176 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010-09-29 15:54:24 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2010-09-29 14:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-09-27 19:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-26 20:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-26 18:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-26 18:57:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-10-25 17:08:49 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-24 16:15:56 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-23 20:45:19 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-21 22:05:26 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 13:54:02 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2010-10-13 20:59:29 | 002,337,865 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-10-13 20:57:58 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:02 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-10-12 17:44:37 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010-09-29 15:58:06 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\WolfTeam.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-24 16:15:56 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-21 22:05:26 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 17:48:28 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-20 13:54:02 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-17 15:03:39 | 000,010,885 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\BReWErS.nfo
[2010-10-13 20:57:58 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 21:25:03 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-09-29 15:58:06 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\WolfTeam.lnk
[2010-08-21 18:30:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010-08-21 18:30:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010-07-26 17:28:31 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010-06-17 13:10:14 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010-01-26 19:09:55 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010-01-24 00:07:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010-01-24 00:01:12 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2010-01-23 21:01:40 | 000,671,744 | ---- | C] () -- C:\WINDOWS\System32\spk.dll
[2010-01-22 21:54:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-24 15:48:32 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-12-24 15:48:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-13 19:59:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\fusioncache.dat
[2009-09-10 15:24:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2009-09-10 14:52:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-09-10 14:52:55 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-09-10 14:52:55 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-09-10 14:14:32 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2009-05-09 19:43:48 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-05-09 19:39:14 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009-05-09 19:37:24 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installer.log
[2009-04-18 18:54:12 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-15 14:47:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-04-13 13:24:02 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-04-13 13:07:08 | 000,004,606 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-04-13 13:07:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-04-13 13:01:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009-04-13 13:01:08 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009-04-13 12:26:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-07-18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005-12-09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2003-04-07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010-09-01 13:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009-11-03 12:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010-02-28 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2009-04-13 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2010-09-08 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2009-12-24 15:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpieleEntwicklungsKombinat
[2010-02-25 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive
[2009-09-01 19:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Stardock
[2010-07-21 05:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010-08-16 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010-10-13 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2009-05-07 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-09-01 19:43:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F8999601-BE77-433E-A70A-B7766E47AE73}
[2009-09-10 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\DAEMON Tools Lite
[2010-10-25 18:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Desktopicon
[2010-02-10 11:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\GetRightToGo
[2009-11-19 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Leadertech
[2010-10-12 17:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LimeWire
[2010-09-08 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LolClient
[2010-08-10 17:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mount&Blade Warband
[2010-06-17 13:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\OpenCandy
[2010-03-22 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SpieleEntwicklungsKombinat
[2010-02-26 19:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Sports Interactive
[2009-09-01 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Stardock
[2010-09-12 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SystemRequirementsLab
[2010-07-04 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Tropico 3
[2009-09-13 20:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Turbine
[2010-10-13 21:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\uTorrent
[2010-07-21 05:11:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutSevenDays.job
[2010-07-21 05:11:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2010-10-26 20:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\agp440.sys
[2004-08-04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004-08-04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009-04-13 14:10:22 | 012,112,118 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009-04-13 14:10:22 | 012,112,118 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2009-04-18 12:54:22 | 022,286,121 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002-08-29 10:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\atapi.sys
[2001-09-07 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004-08-04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2002-09-09 23:07:14 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=7593FA76DAFDBD9511A9A2B1465FF8C2 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\eventlog.dll
[2008-04-14 19:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\eventlog.dll
[2004-08-04 10:03:09 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004-08-04 10:03:09 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 20:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2002-09-09 23:07:56 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=87BD1441F4DB1951A80365E236D7568E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004-08-04 10:03:17 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004-08-04 10:03:17 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\system32\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\netlogon.dll
[2008-04-14 19:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\scecli.dll
[2008-04-14 19:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\SoftwareDistribution\Download\4390075a50157b74d7a953e917743f62\scecli.dll
[2004-08-04 10:03:20 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004-08-04 10:03:20 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\system32\scecli.dll
[2002-09-09 23:08:04 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=5BD3F85CFA1073712E4911BB5751AD86 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2005-06-29 04:55:34 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-03-03 05:40:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2004-08-04 10:03:14 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001-09-07 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004-08-04 10:03:19 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004-08-04 10:03:19 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004-08-04 10:03:19 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004-08-04 10:03:19 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004-08-04 10:03:20 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004-08-04 10:03:22 | 000,714,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004-08-04 10:03:22 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004-08-04 10:03:25 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009-04-13 13:22:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-04-13 13:22:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-04-13 13:22:02 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2009-04-13 13:23:40 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini
[2009-04-13 11:43:31 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E6D38BF2

< End of report >

bolzebop 0 Newbie Poster · Answer 9 · 2010-10-28T23:29:26+00:00

Extras OTL

OTL Extras logfile created on: 26-10-2010 20:47:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Nicholas\Mijn documenten\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 584,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56963:TCP" = 56963:TCP:*:Enabled:Pando Media Booster
"56963:UDP" = 56963:UDP:*:Enabled:Pando Media Booster
"56539:TCP" = 56539:TCP:*:Enabled:Pando Media Booster
"56539:UDP" = 56539:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56963:TCP" = 56963:TCP:*:Enabled:Pando Media Booster
"56963:UDP" = 56963:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"56539:TCP" = 56539:TCP:*:Enabled:Pando Media Booster
"56539:UDP" = 56539:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6957:TCP" = 6957:TCP:*:Enabled:League of Legends Launcher
"6957:UDP" = 6957:UDP:*:Enabled:League of Legends Launcher
"6887:TCP" = 6887:TCP:*:Enabled:League of Legends Launcher
"6887:UDP" = 6887:UDP:*:Enabled:League of Legends Launcher
"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher
"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Stardock Games\Demigod Demo\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod Demo\bin\Demigod.exe:*:Enabled:Demigod -- File not found
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- File not found
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights -- File not found
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- File not found
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010 -- File not found
"C:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2gs.exe" = C:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)
"C:\Program Files\Deep Silver\Sacred 2 - Gold\system\sacred2.exe" = C:\Program Files\Deep Silver\Sacred 2 - Gold\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe" = C:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe:*:Enabled:Virtual Pool 3 DL -- (Celeris Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\League of Legends\Air\LolClient.exe" = C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Program Files\League of Legends\Game\League of Legends.exe" = C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\AeriaGames\WolfTeam\Wolfteam.bin" = C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Disabled:WolfTeam -- (Softnyx Co., Ltd.)
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\FEARMP.exe" = C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\UBISOFT\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe" = C:\Program Files\UBISOFT\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 -- ()
"C:\Program Files\UBISOFT\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe" = C:\Program Files\UBISOFT\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update -- (Ubisoft)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02A3343C-028E-62D3-E193-AC15E8508B64}" = Catalyst Control Center Graphics Light
"{063BD2FA-85DE-0A14-F266-7BD869F719BA}" = Catalyst Control Center Graphics Full New
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2894C259-B270-EFAA-3131-491B261E894A}" = ccc-utility
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3377D2DE-B0F7-413E-97FE-E3E692DD7CDC}" = TQ Defiler.NET
"{349EEF84-59E0-5B35-182D-50948D7DB592}" = ccc-core-static
"{350C97BD-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A6B1116-E9C1-4480-41B5-35290C1EFD3B}" = ccc-core-preinstall
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{5E19D0AA-D95B-456C-ADE9-B046D86EAA24}" = TQVault
"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C80DAB-4C40-ACD2-E645-FD3E1F05EA90}" = CCC Help English
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7DCB3E4A-E5EA-4324-ADB2-75BBFEFB44FB}" = X2 - The Threat
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118215540}" = DogTown
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90415EA5-3856-4402-B566-53160813421B}" = ASUS ATI Driver
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1043-7B44-A91000000001}" = Adobe Reader 9.1 - Nederlands
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DAE507C4-7E9E-B204-531C-A9306522D7A9}" = Catalyst Control Center Graphics Full Existing
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DD58AC0F-CE28-B5EA-72C4-08CE056A77EA}" = Catalyst Control Center HydraVision Full
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E87F76E5-F375-47A7-BD5A-26D1947EF83E}" = MSN Virus Cleaner
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0949359-3DA7-52EF-50E6-FDD6B9491E2D}" = Catalyst Control Center Graphics Previews Common
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}" = Catalyst Control Center InstallProxy
"{F67CCC08-C544-A440-A47A-D60A25118CD1}" = Catalyst Control Center Core Implementation
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"36418363BC8B6DC0D6BCA230BAAC842B59CA68EB" = Windows-stuurprogrammapakket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AT&T WorldNet Software" = AT&T WorldNet Setup
"avast5" = avast! Free Antivirus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Debut" = Debut Video Capture Software
"Diablo II" = Diablo II
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"FIFA MANAGER 10" = FIFA MANAGER 10
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Impulse" = Impulse
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaChecksum_is1" = MegaChecksum V1.3.0.0
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-stuurprogramma
"Risk WarZone Client" = Risk WarZone Client
"Soulseek" = SoulSeek Client 156b
"ST6UNST #1" = Hero Editor V1.03
"thriXXX WebLaunch" = thriXXX WebLaunch
"ToggleDU Toolbar" = ToggleDU Toolbar
"uTorrent" = µTorrent
"WarZone Client v1.0.41" = WarZone Client v1.0.41
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WolfTeam" = WolfTeam
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24-3-2010 11:54:16 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 11:54:16 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:01:03 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:10:15 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:10:55 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:31:14 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:40:24 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

Error - 24-3-2010 12:50:20 | Computer Name = HOME-QVUPDU8AK0 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 20-10-2010 14:50:16 | Computer Name = HOME-QVUPDU8AK0 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: firefox.exe, versie: 1.9.1.3909, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 24-10-2010 13:28:36 | Computer Name = HOME-QVUPDU8AK0 | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mrt.exe, versie: 3.12.4202.0, vastgelopen
module: user32.dll, versie: 5.1.2600.2622, vastgelopen op: 0x0000e4aa.

Error - 24-10-2010 13:28:43 | Computer Name = HOME-QVUPDU8AK0 | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: drwtsn32.exe, versie: 5.1.2600.0, vastgelopen
module: dbghelp.dll, versie: 5.1.2600.2180, vastgelopen op: 0x0001295d.

Error - 24-10-2010 13:29:01 | Computer Name = HOME-QVUPDU8AK0 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: MRT.exe, versie: 3.12.4202.0, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

[ System Events ]
Error - 17-10-2010 13:32:03 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 000000ea, parameter1: 859ffbc0, parameter2: 865e2a08, parameter3:
85db73c8, parameter4: 00000001.

Error - 17-10-2010 13:32:30 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 10000050, parameter1: e7aeb3b4, parameter2: 00000000, parameter3:
bf0bcc36, parameter4: 00000001.

Error - 19-10-2010 11:17:28 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 10000050, parameter1: e8082134, parameter2: 00000000, parameter3:
bf0bcc36, parameter4: 00000001.

Error - 20-10-2010 8:04:26 | Computer Name = HOME-QVUPDU8AK0 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Error - 20-10-2010 11:21:39 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 10000050, parameter1: e70853b4, parameter2: 00000000, parameter3:
bf0bcc36, parameter4: 00000001.

Error - 21-10-2010 12:00:41 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 0000004e, parameter1: 00000099, parameter2: 00028f52, parameter3:
00000003, parameter4: 00000000.

Error - 21-10-2010 15:02:02 | Computer Name = HOME-QVUPDU8AK0 | Source = System Error | ID = 1003
Description = Foutcode; 1000000a, parameter1: 00000028, parameter2: 00000002, parameter3:
00000000, parameter4: 8051ebcb.

Error - 24-10-2010 14:18:47 | Computer Name = HOME-QVUPDU8AK0 | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort0 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 24-10-2010 14:19:13 | Computer Name = HOME-QVUPDU8AK0 | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort0 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 25-10-2010 12:59:26 | Computer Name = HOME-QVUPDU8AK0 | Source = DCOM | ID = 10010
Description = De server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

< End of report >

bolzebop 0 Newbie Poster · Answer 10 · 2010-10-28T23:32:55+00:00

Seems like the extras OTL file made some smileys in it hehe, this is the kaspersky scan report

Wednesday, October 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 27, 2010 08:04:05
Records in database: 4179228

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Objects scanned 122001
Threats found 9
Infected objects found 18
Suspicious objects found 0
Scan duration 09:08:53

File name Threat Threats count
C:\Documents and Settings\Nicholas\Application Data\Sun\Java\Deployment\cache\6.0\22\3d6841d6-20141cc4 Infected: Exploit.Java.CVE-2010-0094.a 2

C:\Documents and Settings\Nicholas\Application Data\Sun\Java\Deployment\cache\6.0\22\3d6841d6-20141cc4 Infected: Trojan-Downloader.JS.Agent.fns 1

C:\Documents and Settings\Nicholas\Bureaublad\bw2backup\Trainerr.exe Infected: Trojan-Proxy.Win32.Agent.dcc 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\fabletrn7.zip Infected: Trojan-Proxy.Win32.Agent.dcc 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\loader.exe Infected: Trojan-Clicker.Win32.Cycler.aklj 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\s2iceblood2652promo-ch-1.zip Infected: Trojan.Win32.Buzus.dkmz 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\s2iceblood2652promo-ch.zip Infected: Trojan.Win32.Buzus.dkmz 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\Sacred2IceAndBloodv2.65.2Trainer.zip Infected: Trojan.Win32.Buzus.dkmz 1

C:\Documents and Settings\Nicholas\Local Settings\Temp\smss.exe Infected: Trojan-Clicker.Win32.Cycler.aklj 1

C:\Documents and Settings\NK\Application Data\Sun\Java\Deployment\cache\6.0\20\6cf41414-485ce8f9 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\NK\Application Data\Sun\Java\Deployment\cache\6.0\41\5de526a9-245b1081 Infected: Exploit.Java.ByteVerify 1

C:\Documents and Settings\NK\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-1d17a724 Infected: Exploit.Java.ByteVerify 1

C:\Documents and Settings\NK\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-325bf7f1 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\PC\magical_keyfinder.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2

C:\Program Files\EA SPORTS\FIFA MANAGER 10\Crack\Manager10.exe Infected: not-a-virus:PSWTool.Win32.NetPass.yp 1

C:\Program Files\EA SPORTS\FIFA MANAGER 10\Manager10.exe Infected: not-a-virus:PSWTool.Win32.NetPass.yp 1

bolzebop 0 Newbie Poster · Answer 11 · 2010-10-28T23:39:02+00:00

I shared this computer with my little brotter for a while , it seems a lot of his 'game' stuff seems to be infected, that could be the main problem then?

Rik_ 111 Nearly a Posting Maven · Answer 12 · 2010-10-28T23:43:40+00:00

Yup, seems his illegal cracking of games is the main cause!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2010-10-29T15:36:11+00:00

Click Start > Control Panel.
Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.
Click Delete Files.
The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.

Delete Files
View Applications
View Applets
Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.

=================================

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

=================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\PC\magical_keyfinder.zip
C:\Documents and Settings\Nicholas\Bureaublad\bw2backup
C:\Program Files\EA SPORTS\FIFA MANAGER 10\Crack\Manager10.exe
C:\Program Files\EA SPORTS\FIFA MANAGER 10\Manager10.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [LogitechSetup] C:\DOCUME~1\Nicholas\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
[2010-10-12 21:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

bolzebop 0 Newbie Poster · Answer 14 · 2010-10-29T21:38:47+00:00

A good day to you crunchie,

here's the JavaRa log
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 29 17:11:38 2010

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_16

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_18

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Nicholas\Application Data\Sun\Java\jre1.6.0_20

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_13

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_13

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_13

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_13

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_13

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_13

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 29 17:11:56 2010

------------------------------------

Finished reporting.

And here's the 'Run Fix' log

All processes killed
========== FILES ==========
C:\PC\magical_keyfinder.zip moved successfully.
C:\Documents and Settings\Nicholas\Bureaublad\bw2backup folder moved successfully.
C:\Program Files\EA SPORTS\FIFA MANAGER 10\Crack\Manager10.exe moved successfully.
C:\Program Files\EA SPORTS\FIFA MANAGER 10\Manager10.exe moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechVideo[inspector not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechSetup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia\licenses folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia\data folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 41044 bytes

User: LocalService

User: LocalService.NT AUTHORITY
->Flash cache emptied: 1735 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 405 bytes

User: Nicholas
->Flash cache emptied: 681976 bytes

User: NK
->Flash cache emptied: 166550 bytes

Total Flash Files Cleaned = 1,00 mb

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 48901672 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Nicholas
->Temp folder emptied: 2512711816 bytes
->Temporary Internet Files folder emptied: 1782701 bytes
->Java cache emptied: 438335 bytes
->FireFox cache emptied: 73071408 bytes
->Flash cache emptied: 0 bytes

User: NK
->Temp folder emptied: 172396204 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2253760 bytes
->FireFox cache emptied: 60359850 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2664591 bytes
%systemroot%\System32 .tmp files removed: 3771165 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9124855 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64763486 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 231326 bytes
RecycleBin emptied: 215989043 bytes

Total Files Cleaned = 3.022,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10292010_171935

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Nicholas\Local Settings\Temp\Perflib_Perfdata_dec.dat not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_778.dat not found!

Registry entries deleted on Reboot...

bolzebop 0 Newbie Poster · Answer 15 · 2010-10-29T21:39:33+00:00

forgot the last quickscan log :)

OTL logfile created on: 29-10-2010 17:31:23 - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Nicholas\Mijn documenten\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 421,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

========== Processes (SafeList) ==========

PRC - [2010-10-28 22:24:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-07-27 04:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007-07-25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007-07-25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007-07-25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-06-29 04:55:10 | 000,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2004-08-04 10:03:28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-10-26 20:46:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\OTL.exe
MOD - [2007-07-20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2004-08-04 10:01:49 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-09-29 14:40:17 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010-08-15 18:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-07-20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007-07-20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007-07-20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005-04-28 12:52:36 | 000,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\ltvbi.sys -- (wnasob)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\AeriaGames\WolfTeam\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nicholas\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-03-03 06:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-02-23 19:05:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-02-23 19:05:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-11-03 12:28:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-07-27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007-07-20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2007-07-20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2007-07-19 02:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007-07-19 02:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-07-19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-07-19 02:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007-07-18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006-07-01 22:56:04 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-12-09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-06-29 04:55:24 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2005-06-14 05:09:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005-05-13 14:16:12 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005-01-04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-08-04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
DRV - [2001-10-18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088433
IE - HKCU\..\URLSearchHook: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ToggleDU Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.be/firefox?client=firefox-a&rls=org.mozilla:nl:official|http://be.msn.com/default.aspx"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-28 22:24:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 17:18:26 | 000,000,000 | ---D | M]

[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions
[2009-04-15 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-29 17:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions
[2009-09-02 21:32:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-18 18:55:02 | 000,000,000 | ---D | M] (ToggleDU Toolbar) -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}
[2009-10-08 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\battlefieldheroespatcher@ea.com
[2010-10-15 20:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\toolbar@ask.com
[2009-02-18 20:58:16 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\conduit.xml
[2009-11-03 12:28:57 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\searchplugins\daemon-search.xml
[2010-10-29 17:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-29 17:18:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-10-29 17:18:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006-08-09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010-09-11 20:52:12 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-09-11 20:52:13 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-09-11 20:52:13 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-09-11 20:52:13 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-09-11 20:52:13 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010-10-29 17:23:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleDU Toolbar) - {3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - C:\Program Files\ToggleDU\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239617153472 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239641113515 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicholas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-13 11:37:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-29 17:19:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-10-29 17:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010-10-29 17:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-10-29 17:17:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-10-20 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-20 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes
[2010-10-20 13:53:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-10-20 13:53:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-10-20 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010-10-17 15:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\usgwmt
[2010-10-13 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2010-10-13 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\rainbox
[2010-10-12 21:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documenten\Monolith Productions
[2010-10-12 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2010-10-12 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Mijn documenten\Battlefield 2142
[2010-10-12 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2010-10-12 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010-10-12 17:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-10-10 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Bureaublad\PPF
[2010-10-10 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Darkstar One
[2010-10-01 14:05:27 | 003,700,176 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des

========== Files - Modified Within 30 Days ==========

[2010-10-29 17:31:35 | 000,001,253 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\FIFA MANAGER 10.lnk
[2010-10-29 17:25:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-29 17:25:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-10-29 17:23:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-10-28 22:01:23 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\FYSa.xls
[2010-10-28 22:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-28 22:00:20 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\FYS.xls
[2010-10-28 17:32:06 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-27 23:59:49 | 000,006,540 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\scan.html
[2010-10-27 13:26:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-10-24 16:15:56 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-23 20:45:19 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-21 22:05:26 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 13:54:02 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-10-13 20:59:47 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2010-10-13 20:59:29 | 002,337,865 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-10-13 20:57:58 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:02 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-10-12 17:44:37 | 000,000,223 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010-10-28 22:01:23 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\FYSa.xls
[2010-10-28 22:00:20 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\FYS.xls
[2010-10-27 23:59:49 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\scan.html
[2010-10-24 16:15:56 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\q514l74t.exe
[2010-10-24 16:15:30 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\dds.scr
[2010-10-21 22:05:26 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Nicholas\Mijn documenten\Denken ze dat we met ons kindje gaan gooien.doc
[2010-10-20 17:48:28 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\HiJackThis.lnk
[2010-10-20 13:54:02 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-10-17 15:03:39 | 000,010,885 | ---- | C] () -- C:\Documents and Settings\Nicholas\Bureaublad\BReWErS.nfo
[2010-10-13 20:57:58 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Tom Clancy's Rainbow Six Vegas 2.lnk
[2010-10-12 21:26:01 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Single Player.lnk
[2010-10-12 21:25:03 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\F.E.A.R. Multiplayer.lnk
[2010-10-12 18:04:24 | 000,002,058 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Borderlands.lnk
[2010-08-21 18:30:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010-08-21 18:30:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010-07-26 17:28:31 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010-06-17 13:10:14 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010-01-26 19:09:55 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010-01-24 00:07:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010-01-24 00:01:12 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2010-01-23 21:01:40 | 000,671,744 | ---- | C] () -- C:\WINDOWS\System32\spk.dll
[2010-01-22 21:54:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-24 15:48:32 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-12-24 15:48:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-13 19:59:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\fusioncache.dat
[2009-09-10 15:24:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2009-09-10 14:52:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-09-10 14:52:55 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-09-10 14:52:55 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-09-10 14:14:32 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-26 18:35:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Nicholas\Application Data\PnkBstrK.sys
[2009-05-09 19:43:48 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-05-09 19:39:14 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009-05-09 19:37:24 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installer.log
[2009-04-18 18:54:12 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-15 14:47:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-04-13 13:24:02 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-04-13 13:07:08 | 000,004,606 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-04-13 13:07:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-04-13 13:01:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009-04-13 13:01:08 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009-04-13 12:26:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-07-18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005-12-09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2003-04-07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010-09-01 13:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009-11-03 12:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010-02-28 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2009-04-13 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2010-09-08 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2009-12-24 15:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpieleEntwicklungsKombinat
[2010-02-25 15:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive
[2009-09-01 19:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Stardock
[2010-07-21 05:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010-08-16 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010-10-13 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2009-05-07 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-09-01 19:43:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{F8999601-BE77-433E-A70A-B7766E47AE73}
[2009-09-10 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\DAEMON Tools Lite
[2010-10-25 18:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Desktopicon
[2010-02-10 11:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\GetRightToGo
[2009-11-19 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Leadertech
[2010-10-12 17:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LimeWire
[2010-09-08 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\LolClient
[2010-08-10 17:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Mount&Blade Warband
[2010-06-17 13:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\OpenCandy
[2010-03-22 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SpieleEntwicklungsKombinat
[2010-02-26 19:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Sports Interactive
[2009-09-01 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Stardock
[2010-09-12 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\SystemRequirementsLab
[2010-07-04 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Tropico 3
[2009-09-13 20:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\Turbine
[2010-10-13 21:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\uTorrent
[2010-07-21 05:11:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutSevenDays.job
[2010-07-21 05:11:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2010-10-28 22:01:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009-04-13 13:23:40 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini
[2009-04-13 11:43:31 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\Nicholas\Application Data\deskto?.ini) -- C:\Documents and Settings\Nicholas\Application Data\desktoࡰ.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E6D38BF2

< End of report >

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 16 · 2010-10-30T10:54:22+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

How are things? Logs look good.

bolzebop 0 Newbie Poster · Answer 17 · 2010-10-30T20:27:58+00:00

Well the problem is still persisting, so I wouldn't have a clue what that could be

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 18 · 2010-10-31T05:20:37+00:00

Have you thought about updating IE?

Can you just give me an update of the exact problem you are still having please.

bolzebop 0 Newbie Poster · Answer 19 · 2010-11-03T00:44:47+00:00

Well I mainly use mozilla firefox actually, never used IE on this computer, but the exact problem is that IE starts running when I start my computer, and quite often it gives me random pop ups, which kick me of anything I'm doing back to the desktop

bolzebop 0 Newbie Poster · Answer 20 · 2010-11-05T01:49:52+00:00

Alright thank you, here's the CF log

ComboFix 10-11-03.04 - Nicholas 04-11-2010 20:33:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1023.687 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Nicholas\Mijn documenten\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nicholas\Application Data\Desktopicon
c:\documents and settings\Nicholas\Application Data\Desktopicon\config.ini
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-04 to 2010-11-04 ))))))))))))))))))))))))))))))
.

2010-11-03 19:46 . 2010-11-03 19:46 -------- d-----w- c:\program files\YouTube Downloader
2010-10-29 16:30 . 2010-10-29 16:30 -------- d-----w- c:\program files\2K Games
2010-10-29 15:19 . 2010-10-29 15:19 -------- d-----w- C:\_OTL
2010-10-29 15:18 . 2010-10-29 15:18 -------- d-----w- c:\program files\Common Files\Java
2010-10-29 15:18 . 2010-10-29 15:18 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-29 15:18 . 2010-10-29 15:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-20 15:48 . 2010-10-20 15:48 388096 ----a-r- c:\documents and settings\Nicholas\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-20 15:48 . 2010-10-20 15:48 -------- d-----w- c:\program files\Trend Micro
2010-10-20 11:54 . 2010-10-20 11:54 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Malwarebytes
2010-10-20 11:53 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 11:53 . 2010-10-20 11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 11:53 . 2010-10-20 11:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-20 11:53 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 19:00 . 2010-10-13 19:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ubisoft
2010-10-12 19:05 . 2010-10-12 19:05 -------- d-----w- c:\program files\Sierra
2010-10-12 18:27 . 2010-10-13 15:10 -------- d-----w- c:\program files\Games
2010-10-12 15:44 . 2010-10-12 15:44 -------- d-----w- c:\program files\DIFX
2010-10-12 15:44 . 2006-07-01 20:56 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-10-10 17:45 . 2010-10-12 15:04 -------- d-----w- c:\program files\Darkstar One

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 15:18 . 2009-04-15 16:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-13 18:59 . 2009-06-26 16:35 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-13 18:59 . 2009-06-26 16:35 22328 ----a-w- c:\documents and settings\Nicholas\Application Data\PnkBstrK.sys
2010-10-13 18:59 . 2009-06-26 16:34 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-13 18:59 . 2009-06-26 16:34 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-19 13:13 . 2010-02-10 17:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-15 16:19 . 2010-10-01 12:05 3700176 ----a-w- c:\windows\system32\GameMon.des
2010-07-22 01:21 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTog1.dll" [2010-09-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
2010-09-08 16:09 2735200 ----a-w- c:\program files\ToggleDU\tbTog1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTog1.dll" [2010-09-08 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}"= "c:\program files\ToggleDU\tbTog1.dll" [2010-09-08 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 344064]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-29 589824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Gold\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Gold\\system\\sacred2.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Celeris\\Virtual Pool 3 DL\\vp3.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\UBISOFT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\UBISOFT\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56963:TCP"= 56963:TCP:Pando Media Booster
"56963:UDP"= 56963:UDP:Pando Media Booster
"56539:TCP"= 56539:TCP:Pando Media Booster
"56539:UDP"= 56539:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-9-2009 13:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13-4-2009 18:26 165456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-9-2009 17:26 17744]
S0 wnasob;wnasob;c:\windows\system32\drivers\ltvbi.sys --> c:\windows\system32\drivers\ltvbi.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Nicholas\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Nicholas\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys --> c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map

2010-07-21 c:\windows\Tasks\debutSevenDays.job
- c:\program files\NCH Software\Debut\debut.exe [2010-07-21 03:11]

2010-07-21 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-07-21 03:11]

2010-11-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088433
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox?client=firefox-a&rls=org.mozilla:nl:official|http://be.msn.com/default.aspx
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\8fxojbhe.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1 - c:\neverwinternights\NWN\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 20:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-583907252-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:57,48,a1,39,da,a0,e9,d1,83,67,a8,22,16,d2,c8,49,3b,1d,8c,0c,63,a8,f3,
13,78,f5,ff,1d,22,46,0c,83,85,85,8a,b5,f1,59,7b,27,58,09,7d,0b,e4,6d,7a,96,\
"??"=hex:42,5a,d7,3d,e7,07,3a,1c,79,04,6e,41,04,ba,85,8c

[HKEY_USERS\S-1-5-21-583907252-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:54,44,6d,83,b8,e3,b3,2f,75,ec,4d,e1,05,fd,e6,b9,58,59,1b,cd,5f,
d4,f3,29,1e,ba,de,a1,05,73,64,e7,39,b1,9d,04,43,fb,26,d1,53,a0,f8,65,7e,5f,\
"rkeysecu"=hex:82,21,fe,29,96,f3,9c,4e,65,0d,f8,7b,56,0a,d3,c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•Ñw*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@DACL=(02 0010)
@Denied: (Full) (Everyone)
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,
00,00,57,2b,ee,aa,ed,37,50,4b,b3,4c,02,2b,49,6d,f5,25,04,00,00,00,04,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Voltooingstijd: 2010-11-04 20:43:36
ComboFix-quarantined-files.txt 2010-11-04 19:43

Pre-Run: 12.701.773.824 bytes beschikbaar
Post-Run: 12.705.652.736 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 6E261F26391EF794B53749440AF4CD86

bolzebop 0 Newbie Poster · Answer 21 · 2010-11-07T20:09:25+00:00

I think the problem is solved now.:)
MBRcheck.txt

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xF7ADC000 \WINDOWS\system32\KDCOM.DLL
0xF79EC000 \WINDOWS\system32\BOOTVID.dll
0xF73E8000 spso.sys
0xF7ADE000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73D0000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF73A1000 ACPI.sys
0xF7390000 pci.sys
0xF75DC000 isapnp.sys
0xF7AE0000 viaidexp.sys
0xF785C000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF75EC000 MountMgr.sys
0xF7371000 ftdisk.sys
0xF7AE2000 dmload.sys
0xF734B000 dmio.sys
0xF7864000 PartMgr.sys
0xF75FC000 VolSnap.sys
0xF7333000 atapi.sys
0xF760C000 viamraid.sys
0xF761C000 disk.sys
0xF762C000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7314000 fltmgr.sys
0xF7302000 sr.sys
0xF72EB000 KSecDD.sys
0xF72D8000 WudfPf.sys
0xF724B000 Ntfs.sys
0xF721E000 NDIS.sys
0xF786C000 viaagp1.sys
0xF7203000 Mup.sys
0xF6477000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF6463000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7964000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF76BC000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76CC000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6440000 \SystemRoot\System32\DRIVERS\ks.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF796C000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF641D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7974000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF76EC000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF797C000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7984000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF6409000 \SystemRoot\System32\DRIVERS\parport.sys
0xF63D5000 \SystemRoot\System32\DRIVERS\serial.sys
0xF71BF000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF5FE6000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5FC2000 \SystemRoot\system32\drivers\portcls.sys
0xF770C000 \SystemRoot\system32\drivers\drmk.sys
0xF5F89000 \SystemRoot\System32\Drivers\akcj8g6s.SYS
0xF771C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7C16000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF77CC000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF6B6E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF5F72000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF77DC000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF77EC000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF789C000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF5F61000 \SystemRoot\System32\DRIVERS\psched.sys
0xF77FC000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF78A4000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF78AC000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF5F30000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF780C000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF78B4000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7B46000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5EFC000 \SystemRoot\System32\DRIVERS\update.sys
0xF7A90000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF783C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF765C000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7B5C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF78EC000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7B6E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B70000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78FC000 \SystemRoot\System32\drivers\vga.sys
0xF7B72000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B74000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7904000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF790C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF71C7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAE77D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAE725000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF69A2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAE6FD000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAE6DB000 \SystemRoot\System32\drivers\afd.sys
0xF6992000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF6972000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xAE660000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAE5F1000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF6952000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE5A8000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF6942000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAE581000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7934000 \SystemRoot\system32\drivers\atkkbnt.sys
0xF793C000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF766C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE6D7000 \SystemRoot\system32\DRIVERS\lvuvcflt.sys
0xF7944000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xAE377000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0xF767C000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xADF69000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xADD95000 \SystemRoot\system32\DRIVERS\lvpopflt.sys
0xF768C000 \SystemRoot\system32\drivers\usbaudio.sys
0xADB93000 \SystemRoot\system32\DRIVERS\LVcKap.sys
0xAE69B000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF76AC000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF794C000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xAE697000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xADB06000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B90000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE6CF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF795C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C48000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\atkdisp.dll
0xBF04A000 \SystemRoot\System32\ati2dvag.dll
0xBF098000 \SystemRoot\System32\ati2cqag.dll
0xBF134000 \SystemRoot\System32\atikvmag.dll
0xBF1CE000 \SystemRoot\System32\atiok3x2.dll
0xBF233000 \SystemRoot\System32\ati3duag.dll
0xBF5A6000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAE6CB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAB7A5000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAB60E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB261000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB5EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xAAEED000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B94000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAAEAA000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xAB134000 \??\C:\WINDOWS\system32\drivers\EIO.sys
0xF79DC000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xAAD63000 \SystemRoot\System32\DRIVERS\srv.sys
0xAAB83000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xF78E4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAA7AA000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 50):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
648 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
892 C:\WINDOWS\system32\ati2evxx.exe
912 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1248 C:\WINDOWS\system32\ati2evxx.exe
1316 svchost.exe
1432 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1604 C:\WINDOWS\explorer.exe
1656 C:\WINDOWS\soundman.exe
1752 C:\Program Files\VIA\RAID\raid_tool.exe
1776 C:\Program Files\iTunes\iTunesHelper.exe
1788 C:\Program Files\PowerISO\PWRISOVM.EXE
1812 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
1820 C:\Program Files\Logitech\QuickCam\Quickcam.exe
1828 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1840 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1852 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1860 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1876 C:\Program Files\DAEMON Tools Lite\DTLite.exe
152 C:\WINDOWS\system32\spoolsv.exe
212 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1232 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1308 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1152 C:\WINDOWS\ATKKBService.exe
1524 C:\Program Files\Bonjour\mDNSResponder.exe
1168 C:\Program Files\Java\jre6\bin\jqs.exe
2056 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2148 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2320 C:\WINDOWS\system32\PnkBstrA.exe
2356 C:\WINDOWS\system32\PnkBstrB.exe
2444 C:\WINDOWS\system32\svchost.exe
2796 C:\Program Files\iPod\bin\iPodService.exe
3028 alg.exe
3148 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
3664 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4032 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2316 C:\WINDOWS\system32\wuauclt.exe
2500 C:\Program Files\Mozilla Firefox\firefox.exe
3740 C:\Documents and Settings\Nicholas\Mijn documenten\Downloads\MBRCheck.exe
3288 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500AAJB-22WGA0, Rev: 00.02C01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

IE popping up in background, can't seem to fix it

Recommended Answers Collapse Answers

All 26 Replies

Recommended Answers