TechSpot

Since a week or so my PC starts freezing

By Adilost
Jan 24, 2011
  1. (I Hope this is the correct forum, since all HiJackThis logs go here as I have read in the specific topic about this. But i also saw the topic for freezing, so my apologize if not right)


    Dear Members,

    First let my introduce myself and a little bit of my system.
    I go by the name Adilost, and I live in The Netherlands.

    I have recently signed up after I have read every related topic to my problem in this forum. I have tried several things as mentioned in some topics. But after not having success with anything I have tried, I'm clueless. Unfortunately for me, I don't now how to work with HiJackThis or the Process to execute some things. So I was hoping that somebody guide me with it. Maybe you have might came across the same in the past. I would really appreciate any kind of help. Guess I'm a noob when it comes to this sort of things.

    My PC Setup:
    Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz, 2199 Mhz
    Speed: 2.20GHz 1,99 GB

    System :
    Microsoft Windows XP Professional Version 2002
    Service Pack 3


    Here is the Deal:
    It has caught my attention that my PC freezes since a week or so.
    It also caught my attention that most of these “freeze” moments happen within 12 hours, or sometimes almost exactly 12 hours later. It sounds weird right?

    When this happens, I have to reboot my system.. Every time. It is very annoying. Sometimes it happens while I'm working on my PC on something, the other times I leave for diner, sport, and when I come back, No reaction from my PC.. Frozen.

    Things I have tried so far:
    First I have scanned my PC with a tool called Ccleaner to scan & clean/remove/repair broken of missing register files.

    I have updated and scanned my whole PC with AVG Anti-Virus 9. No results of any kind of Virus of so according to the Log file.

    I have set back my System to 2 January of 2011 using System Recovery, did a Ccleaner & AVG scan again. In both cases the results where clean again. Still the PC keeps Freezing. Then I started to install every Program one after one again who where installed between the 2nd of January to a few days ago. This also resulted to nothing.

    I have made & attached a HiJackThis log file as described in the “How to post your Hijackthis log-file as an ATTACHMENT” topic. Also if it might come in handy I have made a fast scan of my system using Malwarebytes Anti-Malware, you can find the log file also in the attachment.
    Hope I have gave you guys enough info on the subject. If not, please tell what you need to know & I’ll post it for you.


    Looking forward for any kind of help.

    Much love from Holland!
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Thank you Broni for the quick reply. I really appreciate it.

    I've checked the link you have posted in your reply & observed the rules attached to it. Since it is 04:18 in the morning here, it is gonna be the first thing I am gonna do when I'm back from work.

    I'll keep you posted..

    Cheers!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    No problem :)
     
  5. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    So finally I'm home & I have downloaded and followed the Instructions on how to use the programs on that page, and save the logs so that i can Copy & Paste them here..

    Here are the logs:
    ================================================================

    Malwarebytes Anti-Malware log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    25-1-2011 0:57:29
    mbam-log-2011-01-25 (00-57-29).txt

    Scantype: Snelle scan
    Objecten gescand: 123321
    Verstreken tijd: 9 minuut/minuten, 0 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-25 16:05:37
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y120L0 rev.YAR41BW0
    Running: mscnloxf.exe; Driver: C:\DOCUME~1\Mr.A\LOCALS~1\Temp\uwldrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340]

    Code BA7E3C9C ZwRequestPort
    Code BA7E3D3C ZwRequestWaitReplyPort
    Code BA7E3BFC ZwTraceEvent
    Code BA7E3C9B NtRequestPort
    Code BA7E3D3B NtRequestWaitReplyPort
    Code BA7E3BFB NtTraceEvent

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aicajms7 \Device\Scsi\aicajms71Port4Path0Target0Lun0 89B905F8
    Device \Driver\aicajms7 \Device\Scsi\aicajms71 89B905F8
    Device \FileSystem\Ntfs \Ntfs 89E3B1E8
    Device \FileSystem\Fastfat \Fat 89AFA1E8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    DDS logs: both DDS.txt and Attach.txt

    DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Mr.A at 16:10:08,53 on di 25-01-2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1321 [GMT 1:00]

    AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Mr.A\Bureaublad\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.nl/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [TaskTray]
    mRun: [RTHDCPL] RTHDCPL.EXE
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\firebo~1.lnk - c:\program files\presonus\1394audiodriver_firebox\FireBox.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: kuaiche.com\software
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282520467703
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mr.a\applic~1\mozilla\firefox\profiles\dypji23t.default\
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
    FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-22 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-22 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-22 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-22 243024]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-23 308136]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-16 304464]
    R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2008-11-21 3706880]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-1-21 40576]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-16 20952]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-23 1691480]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
    S3 MASONODFU;M-Audio Axiom Pro DFU Driver;c:\windows\system32\drivers\MAudioAxiomProDFU.sys [2010-8-24 23048]
    S3 MAUSBMS;Service for M-Audio Axiom Pro;c:\windows\system32\drivers\mausbop.sys [2010-8-24 145544]
    S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-5-2 5027328]

    =============== Created Last 30 ================

    2011-01-25 00:27:54 -------- d-----w- c:\docume~1\mr.a\locals~1\applic~1\Identities
    2011-01-25 00:02:37 388096 ----a-r- c:\docume~1\mr.a\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-25 00:02:34 -------- d-----w- c:\program files\Trend Micro
    2011-01-23 22:33:17 107864 ----a-w- c:\windows\system32\tsccvid.dll
    2011-01-23 22:32:24 -------- d-----w- c:\program files\common files\TechSmith Shared
    2011-01-23 22:30:18 -------- d-----w- c:\windows\system32\RTCOM
    2011-01-21 13:22:53 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
    2011-01-21 13:22:53 -------- d-----w- c:\program files\Virtual Audio Cable
    2011-01-21 13:19:20 -------- d-----w- c:\program files\Driver-Soft
    2011-01-21 13:02:45 -------- d--h--r- c:\documents and settings\mr.a\Onlangs geopend
    2011-01-21 12:24:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-21 12:24:15 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-20 02:36:38 -------- d-----w- c:\docume~1\mr.a\locals~1\applic~1\TechSmith
    2011-01-18 17:44:12 -------- d-----w- c:\docume~1\mr.a\applic~1\Toolbar4
    2011-01-10 20:10:38 -------- d-----w- c:\program files\Beat Kangz
    2010-12-31 00:58:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Waves Audio
    2010-12-30 23:58:44 -------- d-----w- c:\program files\Focusrite

    ==================== Find3M ====================

    2011-01-22 16:47:40 224 ----a-w- c:\windows\system32\msvcsv60.dll
    2010-12-13 14:06:33 18819 ----a-w- c:\windows\system32\privatedata.dll
    2010-11-29 18:18:34 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2010-11-23 02:07:04 69632 ----a-w- c:\windows\system32\FxShared.dll
    2010-11-23 02:07:04 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
    2010-11-18 18:15:46 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-05 05:02:51 81920 ------w- c:\windows\system32\ieencode.dll
    2010-11-05 05:02:51 670208 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 05:02:51 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-11-05 04:59:37 371712 ------w- c:\windows\system32\html.iec
    2010-10-28 13:09:50 290048 ----a-w- c:\windows\system32\atmfd.dll

    ============= FINISH: 16:11:00,03 ===============


    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22-8-2010 16:28:38
    System Uptime: 25-1-2011 15:48:32 (1 hours ago)

    Motherboard: Foxconn | | G31MX Series
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2199/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 114 GiB total, 50,559 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 932 GiB total, 162,095 GiB free.
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Realtek High Definition Audio
    Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_105B0DF7&REV_1001\4&51EF24C&0&0201
    Manufacturer: Realtek
    Name: Realtek High Definition Audio
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_105B0DF7&REV_1001\4&51EF24C&0&0201
    Service: IntcAzAudAddService

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_0DF7105B&REV_01\4&2AD917F4&0&00E1
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_0DF7105B&REV_01\4&2AD917F4&0&00E1
    Service: RTLE8023xp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394-netwerkkaart
    Device ID: V1394\NIC1394\300176920000000
    Manufacturer: Microsoft
    Name: 1394-netwerkkaart
    PNP Device ID: V1394\NIC1394\300176920000000
    Service: NIC1394

    ==== System Restore Points ===================

    RP143: 28-10-2010 10:27:45 - Controlepunt van systeem
    RP144: 29-10-2010 11:22:20 - Controlepunt van systeem
    RP145: 30-10-2010 12:22:19 - Controlepunt van systeem
    RP146: 31-10-2010 12:22:23 - Controlepunt van systeem
    RP147: 1-11-2010 16:01:18 - Controlepunt van systeem
    RP148: 2-11-2010 19:26:02 - Controlepunt van systeem
    RP149: 3-11-2010 19:30:27 - Controlepunt van systeem
    RP150: 4-11-2010 20:23:39 - Controlepunt van systeem
    RP151: 5-11-2010 21:12:40 - Controlepunt van systeem
    RP152: 6-11-2010 22:12:42 - Controlepunt van systeem
    RP153: 7-11-2010 23:04:59 - Controlepunt van systeem
    RP154: 9-11-2010 2:51:32 - Controlepunt van systeem
    RP155: 9-11-2010 23:34:19 - Software Distribution Service 3.0
    RP156: 10-11-2010 8:53:52 - Avg Update
    RP157: 10-11-2010 8:54:08 - Avg Update
    RP158: 11-11-2010 9:24:11 - Controlepunt van systeem
    RP159: 12-11-2010 10:24:12 - Controlepunt van systeem
    RP160: 13-11-2010 11:24:09 - Controlepunt van systeem
    RP161: 14-11-2010 12:25:08 - Controlepunt van systeem
    RP162: 15-11-2010 14:55:46 - Controlepunt van systeem
    RP163: 16-11-2010 18:59:47 - Controlepunt van systeem
    RP164: 17-11-2010 19:47:58 - Controlepunt van systeem
    RP165: 18-11-2010 20:12:33 - Controlepunt van systeem
    RP166: 19-11-2010 20:24:55 - Controlepunt van systeem
    RP167: 20-11-2010 20:25:57 - Controlepunt van systeem
    RP168: 21-11-2010 21:24:52 - Controlepunt van systeem
    RP169: 22-11-2010 22:24:53 - Controlepunt van systeem
    RP170: 22-11-2010 23:14:00 - Installed MacDrive 8
    RP171: 23-11-2010 2:45:48 - Removed MacDrive 8
    RP172: 24-11-2010 2:48:18 - Controlepunt van systeem
    RP173: 25-11-2010 4:19:51 - Controlepunt van systeem
    RP174: 25-11-2010 9:24:01 - Avg Update
    RP175: 25-11-2010 9:24:52 - Avg Update
    RP176: 26-11-2010 9:52:49 - Controlepunt van systeem
    RP177: 27-11-2010 10:52:42 - Controlepunt van systeem
    RP178: 28-11-2010 11:52:42 - Controlepunt van systeem
    RP179: 29-11-2010 12:22:40 - Controlepunt van systeem
    RP180: 30-11-2010 18:43:46 - Controlepunt van systeem
    RP181: 1-12-2010 19:21:00 - Controlepunt van systeem
    RP182: 3-12-2010 18:16:10 - Controlepunt van systeem
    RP183: 4-12-2010 18:53:57 - Controlepunt van systeem
    RP184: 5-12-2010 19:27:24 - Controlepunt van systeem
    RP185: 6-12-2010 20:18:18 - Controlepunt van systeem
    RP186: 7-12-2010 20:43:04 - Controlepunt van systeem
    RP187: 9-12-2010 2:44:48 - Controlepunt van systeem
    RP188: 10-12-2010 3:07:47 - Controlepunt van systeem
    RP189: 11-12-2010 4:37:33 - Controlepunt van systeem
    RP190: 12-12-2010 6:17:54 - Controlepunt van systeem
    RP191: 13-12-2010 6:43:02 - Controlepunt van systeem
    RP192: 14-12-2010 6:48:36 - Controlepunt van systeem
    RP193: 15-12-2010 7:48:34 - Controlepunt van systeem
    RP194: 15-12-2010 14:01:30 - Software Distribution Service 3.0
    RP195: 16-12-2010 21:02:18 - Controlepunt van systeem
    RP196: 17-12-2010 21:17:28 - Controlepunt van systeem
    RP197: 18-12-2010 22:16:21 - Controlepunt van systeem
    RP198: 20-12-2010 2:45:03 - Controlepunt van systeem
    RP199: 21-12-2010 5:21:05 - Controlepunt van systeem
    RP200: 22-12-2010 6:15:56 - Controlepunt van systeem
    RP201: 22-12-2010 23:34:35 - Installed Camtasia Studio 6
    RP202: 24-12-2010 6:02:37 - Controlepunt van systeem
    RP203: 25-12-2010 6:18:09 - Controlepunt van systeem
    RP204: 25-12-2010 15:43:48 - Herstelbewerking
    RP205: 26-12-2010 16:58:35 - Controlepunt van systeem
    RP206: 27-12-2010 17:33:16 - Controlepunt van systeem
    RP207: 28-12-2010 20:08:53 - Controlepunt van systeem
    RP208: 29-12-2010 20:27:32 - Controlepunt van systeem
    RP209: 30-12-2010 21:03:37 - Controlepunt van systeem
    RP210: 31-12-2010 14:07:00 - Software Distribution Service 3.0
    RP211: 1-1-2011 14:36:19 - Controlepunt van systeem
    RP212: 2-1-2011 19:58:50 - Controlepunt van systeem
    RP213: 4-1-2011 2:27:45 - Controlepunt van systeem
    RP214: 5-1-2011 2:32:56 - Controlepunt van systeem
    RP215: 5-1-2011 12:46:53 - Software Distribution Service 3.0
    RP216: 6-1-2011 19:36:21 - Controlepunt van systeem
    RP217: 7-1-2011 20:45:05 - Controlepunt van systeem
    RP218: 8-1-2011 21:38:12 - Controlepunt van systeem
    RP219: 9-1-2011 22:04:45 - Controlepunt van systeem
    RP220: 11-1-2011 8:49:44 - Controlepunt van systeem
    RP221: 12-1-2011 9:10:43 - Controlepunt van systeem
    RP222: 12-1-2011 11:57:55 - Software Distribution Service 3.0
    RP223: 13-1-2011 12:31:22 - Controlepunt van systeem
    RP224: 14-1-2011 14:03:15 - Controlepunt van systeem
    RP225: 15-1-2011 15:36:42 - Controlepunt van systeem
    RP226: 16-1-2011 18:33:21 - Controlepunt van systeem
    RP227: 17-1-2011 20:44:49 - Controlepunt van systeem
    RP228: 18-1-2011 21:08:36 - Controlepunt van systeem
    RP229: 19-1-2011 13:47:24 - 20 Jan 2K11
    RP230: 19-1-2011 13:55:43 - Installed Driver Whiz.
    RP231: 19-1-2011 14:25:31 - Removed Driver Whiz.
    RP232: 19-1-2011 14:34:15 - Before installing new drivers - 19-1-2011 14:34:11
    RP233: 19-1-2011 14:35:09 - Geïnstalleerd Realtek High Definition Audio Driver
    RP234: 19-1-2011 14:57:15 - Installed Camtasia Studio 6
    RP235: 20-1-2011 17:18:53 - Controlepunt van systeem
    RP236: 21-1-2011 13:20:18 - Herstelbewerking
    RP237: 21-1-2011 13:58:03 - Revo Uninstaller's restore point - Driver Genius Professional Edition
    RP238: 21-1-2011 14:07:26 - Software Distribution Service 3.0
    RP239: 21-1-2011 14:26:47 - Vrijdag Weekend Herstel Punt Index - Herstelt van 2 Januari 2011
    RP240: 22-1-2011 14:48:44 - Controlepunt van systeem
    RP241: 23-1-2011 19:27:10 - Controlepunt van systeem
    RP242: 23-1-2011 23:29:44 - Geïnstalleerd Realtek High Definition Audio Driver
    RP243: 23-1-2011 23:32:16 - Installed Camtasia Studio 6
    RP244: 25-1-2011 1:02:30 - Installed HiJackThis

    ==== Installed Programs ======================

    Addictive Drums 1.1
    Addictive Drums ADpak Retro
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Audition 3.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3.4 - Nederlands
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AmpegSVX
    AmpliTube X-GEAR
    Analog Factory HipHop 2.2.1
    Antares Autotune VST v5.09
    ANWIDA Soft Parametric Equalizer Pro 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ARC System
    Arturia Prophet V VSTi RTAS v1.2.1
    ASIO4ALL
    µTorrent
    AVG 9.0
    AVOX Evo VST
    Axiom Pro Cubase HyperControl
    AxiomPro
    BBE Sonic Sweet Bundle VST RTAS v1.0
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player (KB979402)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2124261)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2183461)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2290570)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2296199)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360131)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2416400)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2436673)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950760)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB953155)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB970483)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB971961)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB976323)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981349)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982381)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    Bonjour
    Brainworx BX Control VST RTAS v2.0
    Brainworx BX Digital VST RTAS v2.0.2
    Brainworx BX DynEQ Bundle VST RTAS v1.1
    Brainworx BX Hybrid VST RTAS v1.0.5
    Brainworx BX XL Mastering Limiter VST RTAS v1.0
    BS.Player PRO
    BuzComp
    BuzComp_KeyMaker
    Cakewalk Rapture Expansion Pack 1
    Cakewalk Rapture Expansion Pack 2
    Camel Audio Cameleon 5000 v1.7 VSTi
    Camtasia Studio 6
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP250 series MP Drivers
    Canon Utilities My Printer
    CCleaner (remove only)
    Codec Pack - All In 1 6.0.3.0
    Compadre Beatpuncher v1.1
    Connect
    Darbuka 1.0.0
    db audioware Sidechain Compressor VST v1.1.0
    Dimension Pro
    discoDSP Discovery Pro VSTi RTAS v5.3
    DivX Setup
    Driver Genius Professional Edition
    DriverGuide DriverScan
    eLicenser Control
    Elysia Alpha Compressor VST RTAS v1.0
    Elysia mpressor VST RTAS v1.0.2
    EVEREST Home Edition v2.20
    FabFilter Pro-C VST RTAS v1.1.2
    FabFilter Pro-Q VST RTAS v1.01
    FabFilter Simplon 1.12
    FabFilter TotalBundle VST RTAS v1.2
    FabFilter Twin VSTi RTAS v2.00
    FabFilter Volcano VST RTAS v2.03
    FilterBank v3.2
    FireBird+ v1.9
    FL Studio 9
    FLUX Spring Pack Bundle v1.0.4.14
    Focusrite Scarlett Plug-in Suite 1.1
    FOX LiveUpdate
    Gebruikersregistratie voor Canon MP250 series
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB981793)
    IL Download Manager
    IL Juice Pack
    IL Vocodex
    ImTOO MPEG Encoder Platinum
    inSSIDer
    Intel(R) C++ Redistributables for Windows* on IA-32
    Intel(R) Graphics Media Accelerator Driver
    Interlok driver setup x32
    ISOBuddy
    iTunes
    iWebcamera
    iZotope Alloy
    iZotope iDrum
    iZotope iDrum Factory Content
    iZotope Ozone 4
    Java Auto Updater
    Java(TM) 6 Update 21
    KeyToSound - Essential Compressor 1.0 r4
    KORG Legacy Collection - ANALOG EDITION 2007
    KORG Legacy Collection - DIGITAL EDITION
    kuler
    Latigo 1.0.0
    Live 8.2.1
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Maximus
    Melodyne 3.2
    Messenger Plus! Live
    MessengerDiscovery 2.5.95
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2000 SR-1 Premium
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Minimal System Instruments Moogi Analogue Filter VST v2.50
    Minimal System Instruments SSi Pro EQ VST v1.0
    Minimal System Instruments SSi Pro Expander&Gate VST v1.0
    Mo Phatt
    Mozilla Firefox (3.6.13)
    MSIstrip v2.00
    MSVCRT
    Native Instruments Abbey Road Modern Drums
    Native Instruments Battery 3
    Native Instruments Best of Reaktor Vol. 1
    Native Instruments Deep Transformations
    Native Instruments FM8
    Native Instruments Hardware Controller Support
    Native Instruments Kontakt 4
    Native Instruments Kore 2
    Native Instruments Kore v2.0.1.007 Updater - Patcher
    Native Instruments Maschine
    Native Instruments Maschine Driver
    Native Instruments Massive
    Native Instruments Massive Expansion Vol. 2
    Native Instruments Pro-53
    Native Instruments Service Center
    Native Instruments Urban Arsenal
    nebula3 CM
    NomadFactory Analog Mastering Tools VST RTAS v1.0
    NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3
    NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2
    NomadFactory Blue Tubes Effects Pack VST RTAS v3.2
    NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2
    NomadFactory Essential Studio Suite VST RTAS v1.5
    NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3
    NomadFactory Liquid Bundle VST RTAS v2.4
    NomadFactory Program Equalizer EQP-4 VST RTAS v1.3
    NomadFactory Retrology M-Tone EQ VST RTAS v1.0
    NomadFactory Studio Channel SC-226 VST RTAS v1.3
    NVIDIA Drivers
    PCM Native Reverb VST Plug-in
    PDF Settings CS4
    Photoshop Camera Raw
    PoiZone
    PowerISO
    PreSonus FireBox driver v5.13.0.0
    Proteus VX
    PSP Audioware Neon HR VST RTAS v1.5.1
    PSP Audioware Xenon v1.0
    PSP EasyVerb 1.5.4
    PSP MasterComp 1.5.4
    PSP MasterQ 1.5.2
    PSP MixPack2 2.0.3
    PSP Nitro 1.1.2
    PSP sQuad 1.1.1
    PSP StereoPack 1.9.0
    PSP VintageWarmer2 2.3.1 32bit
    Punch VST v1.05
    QuickTime
    RAM Saver 9.12 Professional
    Rapture 1.1
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Reason 4.0
    reFX Nexus VSTi RTAS v2.2.0
    RegCure
    Revo Uninstaller 1.89
    rgc:audio z3ta+ 1.5
    SafeCast Shared Components
    Sandboxie 3.46
    Sawer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    Softube FET Compressor VST RTAS v1.0.3
    Softube Passive-Active Pack VST RTAS v1.0.2
    Softube Tonelux Tilt VST RTAS v1.0
    Softube Tube-Tech CL 1B VST RTAS v1.0.3
    Softube Tube-Tech PE 1C VST RTAS v1.0.1
    Softube Valley People Dyna-mite VST RTAS v1.0.3
    Sonnox Oxford Inflator Native VST v1.5.1
    Sonnox Oxford Limiter Native VST v1.1.1
    Sonnox Oxford R3 Dynamics Native VST v1.3.1
    Sonnox Oxford R3 EQ Native VST v1.6.1
    Sonnox Oxford Reverb Native VST v1.0
    Sonnox Oxford TransMod Native VST v1.3.1
    SPL Analog Code DrumXchanger VST RTAS v1.0
    SPL Analog Code Vitalizer MK2-T VST RTAS v1.1
    Steinberg Cubase 5
    Steinberg Drum Loop Expansion 01
    Steinberg Freefilter v1.2
    Steinberg Groove Agent ONE Content
    Steinberg Groove Agent VSTi DXi v2.0
    Steinberg HALionOne
    Steinberg HALionOne Additional Content Set 01
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg Hypersonic VSTi DXi v2.0
    Steinberg LoopMash Content
    Steinberg REVerence Content 01
    Steinberg The Grand VSTi DXi v2.1.0
    Steinberg Virtual Bassist VSTi DXi v1.0
    Stillwell Audio Plugins Bundle VST v1.52
    Suite Shared Configuration CS4
    System Requirements Lab for Intel
    Sytrus
    T-RackS 3 Deluxe
    Tone2 Gladiator VSTi v2.2
    Toxic Biohazard
    TT Dynamic Range Meter 1.0
    UltraComp VST v1.05
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB2467659)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB961503)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    URS Plug-In Bundle Complete VST RTAS v1.0
    VC80CRTRedist - 8.0.50727.4053
    Virtual Audio Cable 4.9
    Virtuoso
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.3
    Waldorf Largo
    Wave Arts Master Restoration
    Wave Arts Power Suite
    Wave Arts Tube Saturator
    WaveLab 6
    Waves Complete VST RTAS TDM v7.1.16
    Wavpack4Wavelab6
    Way out Ware TimewARP2600 VSTi RTAS v1.4.1
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows XP Service Pack 3
    WinPcap 4.1.2
    WinRAR archiver
    XviD4PSP 5.0

    ==== End Of File ===========================


    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:15:01, on 25-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\Crusty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: FireBox Control Panel.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://software.kuaiche.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282520467703
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

    --
    End of file - 7255 bytes
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    All looks clean, so far.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Hi Broni, your instructions are amazing :) I would never figured it out all by myself.
    Thanks for your effort so far..

    So if i am correct i have to remove my AVG before i use the ComboFix app right?
    Also, in your post above at ** Note 2 it says you recommend removing AVG by using a tool called AppRemover. I think i have a similar program installed already called Revo Uninstaller. Can i use this program to remove it? Or has it to be AppRemover specifically?

    After your reply i will follow the new instructions like mentioned and post the new log files.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes, you have to uninstall AVG.
    Revo will do.
     
  9. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Oke here is what i did..

    First I have downloaded the needed apps as you mentioned.
    Than I closed all running applications in Windows (FF Browser, Programs, Msn, Etc)

    From here I have disconnected my Internet. Then I started to Remove AVG 9 using Revo-Uninstaller. After the Uninstall process it required to reboot my System of course, once booted up again i ran MBRCheck.exe


    The report file for this log includes:


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 136):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9EBD000 sptd.sys
    0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xB9EA5000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB9E76000 ACPI.sys
    0xB9E65000 pci.sys
    0xBA0A8000 ohci1394.sys
    0xBA0B8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xBA0C8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9E46000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9E20000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9E08000 atapi.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xB9DE8000 fltmgr.sys
    0xB9DD6000 sr.sys
    0xBA118000 PxHelp20.sys
    0xB9DB8000 TPkd.sys
    0xB9DA1000 KSecDD.sys
    0xB9D14000 Ntfs.sys
    0xB9CE7000 NDIS.sys
    0xB9CCD000 Mup.sys
    0xBA2F8000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xB9472000 \SystemRoot\System32\DRIVERS\igxpmp32.sys
    0xB945E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xB9436000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA428000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xB9412000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xBA430000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xB93EF000 \SystemRoot\System32\Drivers\pae_1394.sys
    0xBA438000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xBA308000 \SystemRoot\System32\DRIVERS\serial.sys
    0xB9C81000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xBA440000 \SystemRoot\System32\DRIVERS\irsir.sys
    0xB9C7D000 \SystemRoot\System32\DRIVERS\irenum.sys
    0xB93DB000 \SystemRoot\System32\DRIVERS\parport.sys
    0xBA318000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xBA448000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xBA450000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xBA148000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xBA158000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xBA168000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xB93B8000 \SystemRoot\System32\DRIVERS\ks.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB9350000 \SystemRoot\System32\Drivers\apitkuv5.SYS
    0xBA178000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
    0xB932C000 \SystemRoot\system32\DRIVERS\portcls.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\drmk.sys
    0xBA732000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xBA340000 \SystemRoot\System32\DRIVERS\rasirda.sys
    0xBA368000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xBA198000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xB9621000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xB9315000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xBA1A8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xBA1B8000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xB9264000 \SystemRoot\System32\DRIVERS\psched.sys
    0xBA1C8000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xBA370000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xBA378000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xB9234000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xBA1D8000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xB9217000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0xBA5D8000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xB91B9000 \SystemRoot\System32\DRIVERS\update.sys
    0xBA588000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA228000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xBA5EE000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xBA388000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xBA5F8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA799000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5FA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
    0xBA5FC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9C69000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xA9036000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xA8FDD000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xA8FB5000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xBA248000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xA8F8F000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xA8F6D000 \SystemRoot\System32\drivers\afd.sys
    0xBA258000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xBA278000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0xA8EF2000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xA8E5A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xBA288000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA2B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBA3D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA2C8000 \SystemRoot\System32\Drivers\pae_avs.sys
    0xA8DA2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA634000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA8EEA000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA408000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA764000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF059000 \SystemRoot\System32\igxpdv32.DLL
    0xBF2E9000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA8CB2000 \??\C:\WINDOWS\system32\drivers\mbam.sys
    0xA8B2B000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
    0xA8B15000 \SystemRoot\System32\DRIVERS\irda.sys
    0xA8C46000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xA8980000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xBA62A000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA8947000 \SystemRoot\System32\Drivers\adfs.SYS
    0xA8A81000 \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
    0xA87D7000 \SystemRoot\System32\DRIVERS\srv.sys
    0xBA3D8000 \SystemRoot\system32\drivers\npf.sys
    0xA84F2000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA8627000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA5E4000 \SystemRoot\system32\drivers\splitter.sys
    0xA84CF000 \SystemRoot\system32\drivers\aec.sys
    0xA8617000 \SystemRoot\system32\drivers\swmidi.sys
    0xA87A7000 \SystemRoot\system32\drivers\DMusic.sys
    0xA8404000 \SystemRoot\system32\drivers\kmixer.sys
    0xBA6F9000 \SystemRoot\system32\drivers\drmkaud.sys
    0xA8073000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA8DCA000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    576 C:\WINDOWS\system32\smss.exe
    632 csrss.exe
    656 C:\WINDOWS\system32\winlogon.exe
    700 C:\WINDOWS\system32\services.exe
    712 C:\WINDOWS\system32\lsass.exe
    916 C:\WINDOWS\system32\svchost.exe
    980 svchost.exe
    1020 C:\Program Files\Sandboxie\SbieSvc.exe
    1040 C:\WINDOWS\system32\svchost.exe
    1156 svchost.exe
    1216 svchost.exe
    1380 C:\WINDOWS\system32\spoolsv.exe
    1452 svchost.exe
    1484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1500 C:\Program Files\Bonjour\mDNSResponder.exe
    1528 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    1584 C:\WINDOWS\system32\inetsrv\inetinfo.exe
    1600 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    1612 C:\Program Files\Java\jre6\bin\jqs.exe
    1636 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1688 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    1760 C:\WINDOWS\system32\svchost.exe
    216 C:\WINDOWS\system32\wuauclt.exe
    1164 C:\WINDOWS\system32\wscntfy.exe
    1728 C:\WINDOWS\explorer.exe
    1912 alg.exe
    2168 wmiprvse.exe
    2304 C:\Program Files\Winamp\winampa.exe
    2328 C:\WINDOWS\system32\hkcmd.exe
    2336 C:\WINDOWS\system32\igfxpers.exe
    2348 C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
    2364 C:\WINDOWS\system32\igfxsrvc.exe
    2396 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    2436 C:\Program Files\Sandboxie\SbieCtrl.exe
    2488 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2672 C:\Program Files\Messenger\msmsgs.exe
    2776 C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
    908 C:\Program Files\iWebcamera\iWebcameraApp.exe
    3584 C:\Documents and Settings\Mr.A\Bureaublad\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: Maxtor6Y120L0, Rev: YAR41BW0
    PhysicalDrive1 Model Number: WD10EAVS External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    114 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6
    931 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

    Done!


    =================================================================


    After that I ran ComboFix. It installed Recovery Console & started scanning.

    The Log for this file includes:


    ComboFix 11-01-24.02 - Mr.A 25-01-2011 19:23:47.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1537 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mr.A\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\windows\system32\Cache
    c:\windows\system32\msvcsv60.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))
    .

    2011-01-25 00:27 . 2011-01-25 00:27 -------- d-----w- c:\documents and settings\Mr.A\Local Settings\Application Data\Identities
    2011-01-25 00:02 . 2011-01-25 00:02 388096 ----a-r- c:\documents and settings\Mr.A\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-25 00:02 . 2011-01-25 00:02 -------- d-----w- c:\program files\Trend Micro
    2011-01-23 22:33 . 2009-08-19 04:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
    2011-01-23 22:33 . 2011-01-23 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
    2011-01-23 22:32 . 2011-01-23 22:32 -------- d-----w- c:\program files\Common Files\TechSmith Shared
    2011-01-23 22:30 . 2011-01-23 22:30 -------- d-----w- c:\windows\system32\RTCOM
    2011-01-21 13:22 . 2011-01-21 13:23 -------- d-----w- c:\program files\Virtual Audio Cable
    2011-01-21 13:22 . 2011-01-21 13:22 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
    2011-01-21 13:19 . 2011-01-21 13:19 -------- d-----w- c:\program files\Driver-Soft
    2011-01-21 13:02 . 2011-01-25 18:24 -------- d--h--r- c:\documents and settings\Mr.A\Onlangs geopend
    2011-01-21 12:24 . 2011-01-21 12:24 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-20 02:36 . 2011-01-20 02:36 -------- d-----w- c:\documents and settings\Mr.A\Local Settings\Application Data\TechSmith
    2011-01-18 17:44 . 2011-01-18 17:44 -------- d-----w- c:\documents and settings\Mr.A\Application Data\Toolbar4
    2011-01-10 20:10 . 2011-01-10 20:10 -------- d-----w- c:\program files\Beat Kangz
    2010-12-31 00:58 . 2010-12-31 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Waves Audio
    2010-12-30 23:58 . 2010-12-30 23:58 -------- d-----w- c:\program files\Focusrite

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 18:18 . 2010-11-29 18:18 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2010-11-23 02:07 . 2010-11-23 02:07 69632 ----a-w- c:\windows\system32\FxShared.dll
    2010-11-23 02:07 . 2010-11-23 02:07 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
    2010-11-18 18:15 . 2010-08-22 14:25 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2003-04-08 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-05 05:02 . 2010-08-22 15:28 81920 ------w- c:\windows\system32\ieencode.dll
    2010-11-05 05:02 . 2003-04-08 12:00 670208 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 05:02 . 2003-04-08 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-11-05 04:59 . 2010-08-22 15:28 371712 ------w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2003-04-08 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:09 . 2003-04-08 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    .

    ------- Sigcheck -------

    [-] 2010-08-24 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2010-08-24 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-10-19 3872080]
    "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-29 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-29 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-29 142360]
    "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-06-17 356864]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    FireBox Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FireBox\FireBox.exe [2010-8-23 1084800]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Mr.A^Menu Start^Programma's^Opstarten^MagicDisc.lnk]
    path=c:\documents and settings\Mr.A\Menu Start\Programma's\Opstarten\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CS4ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-10-19 15:14 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask]
    2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMSaverPro]
    2009-10-12 06:27 199200 ----a-w- c:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Steinberg\\Cubase 5\\Cubase5.exe"=
    "c:\\Program Files\\Steinberg\\WaveLab 6\\WaveLab-app.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\iWebcamera\\iWebcameraApp.exe"=
    "c:\\Program Files\\wLite\\wLite.exe"=
    "c:\\Program Files\\wLite\\wService.exe"=
    "c:\\Program Files\\FXpansion\\Guru\\Guru.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "60007:TCP"= 60007:TCP:UTorrent 60007
    "60007:UDP"= 60007:UDP:UTorrent 60007

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24-8-2010 0:46 685816]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-11-2010 17:38 304464]
    R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [21-11-2008 19:37 3706880]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-6-2010 18:07 35088]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [21-1-2011 14:22 40576]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-11-2010 17:38 20952]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23-1-2011 23:29 1691480]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18-12-2009 9:58 11336]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
    S3 MASONODFU;M-Audio Axiom Pro DFU Driver;c:\windows\system32\drivers\MAudioAxiomProDFU.sys [24-8-2010 0:42 23048]
    S3 MAUSBMS;Service for M-Audio Axiom Pro;c:\windows\system32\drivers\mausbop.sys [24-8-2010 0:42 145544]
    S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2-5-2010 22:34 5027328]
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

    2011-01-25 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]

    2010-08-31 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://google.nl/
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: kuaiche.com\software
    FF - ProfilePath - c:\documents and settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
    FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-25 19:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    Voltooingstijd: 2011-01-25 19:28:48
    ComboFix-quarantined-files.txt 2011-01-25 18:28

    Pre-Run: 54.072.471.552 bytes beschikbaar
    Post-Run: 54.059.257.856 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 9A126FFC3F46BA9E7BD9C26F993BE3B2


    =================================================================


    So after both Log's been generated I have installed AVG again & rebooted my PC.
    As it started up, it caught my attention that there is a triangle with an "!" in it now inside the AVG icon in the task bar. When double click on it, it opens the main menu of AVG where it says that my updates are out of date while i already had updated right after the re-installation. And when i click on update now, it says something like "No specific updates where found at this time"

    But that is not why i have started this topic so i don't want to go into that. Just thought I'll let you know.

    Maybe I do not have the privilege to make a suggestion, but I'm just thinking along the process. Is it not possible that this Freezing has maybe something to do with my Cooler (system) or maybe Mother-Board or something in BIOS?

    Generally my PC is on all the time.. Although I have had replaced the Cooler a several months ago with a much more powerful one.

    Just a thought..
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    In this forum, we're just checking, if your computer is clean.
    When we're done and the computer is still having issue, then I'll send you to another forum.

    We're not done with Combofix yet, so you'll have to uninstall AVG again.
    I suggest, you leave it out and you switch to one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    I don't recommend AVG anymore.

    ========================================================================

    Uninstall RegCure.

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =========================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  11. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Yes I'm very clear about that :)

    Oke, you're the Experienced one here, so i will remove AVG again using Revo-Uninstaller and install one of the recommended ones :grinthumb

    Also i will Uninstall RegCure as you recommended.
    After that i will take the steps as you have mentioned in your new reply..

    I'll keep you posted :)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Cool beans :)
     
  13. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Oke, so i have un-installed AVG 9 with Revo Un-installer from my system, after the process a reboot was necessary. Once started up again, i have un-installed RegCure.

    After this was un-installed I disabled my Internet and Malwarebytes Anti-Malware.
    Then i dragged the CFScript.txt with the content i had copied from the codebox before on ComboFix. It started doing his routine again. After it was done, the new log included the following:

    ================================================================
    ComboFix 11-01-24.02 - Mr.A 26-01-2011 0:19.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1540 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mr.A\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Mr.A\Bureaublad\CFScript.txt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    --------------- FCopy ---------------

    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))
    .

    2011-01-25 00:27 . 2011-01-25 00:27 -------- d-----w- c:\documents and settings\Mr.A\Local Settings\Application Data\Identities
    2011-01-25 00:02 . 2011-01-25 00:02 388096 ----a-r- c:\documents and settings\Mr.A\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-25 00:02 . 2011-01-25 00:02 -------- d-----w- c:\program files\Trend Micro
    2011-01-23 22:33 . 2009-08-19 04:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
    2011-01-23 22:33 . 2011-01-23 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
    2011-01-23 22:32 . 2011-01-23 22:32 -------- d-----w- c:\program files\Common Files\TechSmith Shared
    2011-01-23 22:30 . 2011-01-23 22:30 -------- d-----w- c:\windows\system32\RTCOM
    2011-01-21 13:22 . 2011-01-21 13:23 -------- d-----w- c:\program files\Virtual Audio Cable
    2011-01-21 13:22 . 2011-01-21 13:22 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
    2011-01-21 13:19 . 2011-01-21 13:19 -------- d-----w- c:\program files\Driver-Soft
    2011-01-21 13:02 . 2011-01-25 21:50 -------- d--h--r- c:\documents and settings\Mr.A\Onlangs geopend
    2011-01-21 12:24 . 2011-01-21 12:24 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-20 02:36 . 2011-01-20 02:36 -------- d-----w- c:\documents and settings\Mr.A\Local Settings\Application Data\TechSmith
    2011-01-18 17:44 . 2011-01-18 17:44 -------- d-----w- c:\documents and settings\Mr.A\Application Data\Toolbar4
    2011-01-10 20:10 . 2011-01-10 20:10 -------- d-----w- c:\program files\Beat Kangz
    2010-12-31 00:58 . 2010-12-31 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Waves Audio
    2010-12-30 23:58 . 2010-12-30 23:58 -------- d-----w- c:\program files\Focusrite

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 18:18 . 2010-11-29 18:18 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
    2010-11-23 02:07 . 2010-11-23 02:07 69632 ----a-w- c:\windows\system32\FxShared.dll
    2010-11-23 02:07 . 2010-11-23 02:07 69632 ----a-w- c:\windows\system32\com.fxpansion.fxshared.dll
    2010-11-18 18:15 . 2010-08-22 14:25 86016 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2003-04-08 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-05 05:02 . 2010-08-22 15:28 81920 ------w- c:\windows\system32\ieencode.dll
    2010-11-05 05:02 . 2003-04-08 12:00 670208 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 05:02 . 2003-04-08 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-11-05 04:59 . 2010-08-22 15:28 371712 ------w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2003-04-08 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:09 . 2003-04-08 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-01-25_18.16.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-25 23:10 . 2011-01-25 23:10 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
    + 2011-01-02 18:58 . 2011-01-25 23:11 224627 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-10-19 3872080]
    "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-29 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-29 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-29 142360]
    "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-06-17 356864]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    FireBox Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FireBox\FireBox.exe [2010-8-23 1084800]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Mr.A^Menu Start^Programma's^Opstarten^MagicDisc.lnk]
    path=c:\documents and settings\Mr.A\Menu Start\Programma's\Opstarten\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CS4ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-10-19 15:14 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask]
    2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMSaverPro]
    2009-10-12 06:27 199200 ----a-w- c:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader_sl]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Steinberg\\Cubase 5\\Cubase5.exe"=
    "c:\\Program Files\\Steinberg\\WaveLab 6\\WaveLab-app.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\iWebcamera\\iWebcameraApp.exe"=
    "c:\\Program Files\\FXpansion\\Guru\\Guru.exe"=
    "c:\\Program Files\\wLite\\wLite.exe"=
    "c:\\Program Files\\wLite\\wService.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "60007:TCP"= 60007:TCP:UTorrent 60007
    "60007:UDP"= 60007:UDP:UTorrent 60007

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24-8-2010 0:46 685816]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-11-2010 17:38 304464]
    R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [21-11-2008 19:37 3706880]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-6-2010 18:07 35088]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [21-1-2011 14:22 40576]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-11-2010 17:38 20952]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23-1-2011 23:29 1691480]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18-12-2009 9:58 11336]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
    S3 MASONODFU;M-Audio Axiom Pro DFU Driver;c:\windows\system32\drivers\MAudioAxiomProDFU.sys [24-8-2010 0:42 23048]
    S3 MAUSBMS;Service for M-Audio Axiom Pro;c:\windows\system32\drivers\mausbop.sys [24-8-2010 0:42 145544]
    S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2-5-2010 22:34 5027328]
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://google.nl/
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: kuaiche.com\software
    FF - ProfilePath - c:\documents and settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
    FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-26 00:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(828)
    c:\windows\system32\CLBCATQ.DLL
    .
    Voltooingstijd: 2011-01-26 00:31:03
    ComboFix-quarantined-files.txt 2011-01-25 23:31
    ComboFix2.txt 2011-01-25 18:28

    Pre-Run: 54.161.870.848 bytes beschikbaar
    Post-Run: 54.370.000.896 bytes beschikbaar

    - - End Of File - - 87463E5D3ED2A41E8C82AD0063D45C04
    ================================================================


    A reboot was not needed. So before connecting to the internet again i did install avast! because i do not dare to go online without any Anti-Virus program.

    After the installation i rebooted the system and connected to the internet again so that i can post my post :)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Well done :)

    Let's keep checking...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Executed the instructions as told.. Copied & pasted the code and Clicked on Quick Scan.

    While scanning it poped up an error saying: Access violation at address 00401A13 in module 'OTL.exe'. Read of address 00216000

    After clicking OK i saw the following tekst in the left corner. Creating restore point. DO NOT INTERRUPT...

    This happends to be quite a long time now. It is still going on i did not exited it or anything, i can minimize it though.

    I thought i first level with you on what to do before taking action..
     
  16. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    I think that was my bad.. Forgot to Disable AntiMalware & Avast. So after still no reaction from OTL i closed it, disabled both programs, and did a scan with the copied code again.. This time it did make 2 log files:


    OTL.txt


    OTL logfile created on: 26-1-2011 14:43:13 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mr.A\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 114,48 Gb Total Space | 50,49 Gb Free Space | 44,10% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 162,67 Gb Free Space | 17,46% Space Free | Partition Type: NTFS

    Computer Name: ADILOST | User Name: Mr.A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-01-26 13:22:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr.A\Bureaublad\OTL.exe
    PRC - [2011-01-13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-12-15 14:10:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010-12-15 14:10:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010-08-25 15:34:44 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    PRC - [2010-07-04 10:49:16 | 000,398,568 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
    PRC - [2010-07-04 10:49:14 | 000,075,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
    PRC - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010-04-29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010-02-03 10:16:56 | 001,084,800 | ---- | M] (PreSonus Audio Electronics) -- C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe
    PRC - [2009-02-25 22:27:30 | 001,433,952 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
    PRC - [2009-02-25 22:26:00 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009-02-10 08:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2008-11-21 19:37:28 | 003,706,880 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    PRC - [2008-06-17 10:26:18 | 000,356,864 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
    PRC - [2008-04-14 18:03:01 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
    PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-01-26 13:22:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr.A\Bureaublad\OTL.exe
    MOD - [2011-01-13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010-08-23 17:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-08-25 15:34:44 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
    SRV - [2010-08-24 13:51:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010-07-04 10:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
    SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010-05-02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
    SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009-02-10 08:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008-11-21 19:37:28 | 003,706,880 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
    SRV - [2008-04-14 18:03:01 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008-04-14 18:03:01 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SMTP (Simple Mail Transfer Protocol)
    SRV - [2008-04-14 18:03:01 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-01-21 14:22:53 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
    DRV - [2011-01-13 09:41:29 | 000,357,968 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011-01-13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011-01-13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011-01-13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011-01-13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011-01-13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011-01-13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-08-25 15:34:41 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
    DRV - [2010-08-24 00:46:20 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010-07-28 18:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010-07-06 10:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010-07-04 10:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
    DRV - [2010-06-25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010-02-03 10:16:50 | 000,137,088 | ---- | M] (Archwave AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pae_1394.sys -- (pae_1394)
    DRV - [2010-02-03 10:16:50 | 000,052,608 | ---- | M] (Archwave AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pae_avs.sys -- (pae_avs)
    DRV - [2010-01-14 03:18:36 | 001,730,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009-12-18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009-12-02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009-07-27 03:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009-02-24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008-08-27 04:32:36 | 000,023,048 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioAxiomProDFU.sys -- (MASONODFU)
    DRV - [2008-08-27 04:32:32 | 000,145,544 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausbop.sys -- (MAUSBMS)
    DRV - [2008-08-14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008-04-13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
    DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006-02-24 23:27:02 | 000,343,904 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
    DRV - [2001-08-17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    IE - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
    FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-15 14:10:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-15 14:10:25 | 000,000,000 | ---D | M]

    [2010-08-23 00:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Extensions
    [2011-01-25 16:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\extensions
    [2010-08-24 01:27:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011-01-21 13:21:59 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    [2010-10-10 22:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010-10-29 15:23:21 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Mr.A\Application Data\Mozilla\Firefox\Profiles\dypji23t.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2011-01-25 16:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010-08-23 03:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010-08-23 03:27:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-08-23 03:27:45 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010-10-29 15:22:23 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
    [2010-10-29 15:22:23 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
    [2010-10-29 15:22:23 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
    [2010-10-29 15:22:23 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
    [2010-10-29 15:22:23 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

    O1 HOSTS File: ([2011-01-25 19:16:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
    O4 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FireBox\FireBox.exe (PreSonus Audio Electronics)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1645522239-1580436667-839522115-1003\..Trusted Domains: kuaiche.com ([software] http in Vertrouwde websites)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282520467703 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Mr.A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mr.A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-08-22 15:26:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54901231209938944)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-01-26 13:22:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr.A\Bureaublad\OTL.exe
    [2011-01-26 00:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\avast! Free Antivirus
    [2011-01-26 00:34:57 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011-01-26 00:34:56 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011-01-26 00:34:55 | 000,357,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011-01-26 00:34:55 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011-01-26 00:34:54 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011-01-26 00:34:53 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011-01-26 00:34:53 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011-01-26 00:34:53 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011-01-26 00:34:34 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011-01-26 00:34:33 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011-01-26 00:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011-01-26 00:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011-01-26 00:32:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011-01-26 00:18:03 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011-01-25 19:22:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-01-25 19:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-01-25 19:05:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-01-25 19:05:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-01-25 19:05:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011-01-25 19:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011-01-25 19:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-01-25 01:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr.A\Local Settings\Application Data\Identities
    [2011-01-25 01:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011-01-25 01:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr.A\Menu Start\Programma's\HiJackThis
    [2011-01-24 15:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Groove Agent 2
    [2011-01-23 23:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2011-01-23 23:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Camtasia Studio 6
    [2011-01-23 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
    [2011-01-23 23:30:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
    [2011-01-23 23:29:56 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
    [2011-01-23 23:29:54 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
    [2011-01-23 23:29:44 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
    [2011-01-23 23:29:44 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
    [2011-01-23 23:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2011-01-21 14:22:53 | 000,040,576 | ---- | C] (Eugene V. Muzychenko) -- C:\WINDOWS\System32\drivers\vrtaucbl.sys
    [2011-01-21 14:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
    [2011-01-21 14:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Virtual Audio Cable
    [2011-01-21 14:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Driver Genius Professional Edition
    [2011-01-21 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2011-01-21 14:02:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mr.A\Onlangs geopend
    [2011-01-20 03:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr.A\Local Settings\Application Data\TechSmith
    [2011-01-19 13:07:23 | 000,000,000 | ---D | C] -- F:\Mijn Documenten\DriverGenius
    [2011-01-18 18:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr.A\Application Data\Toolbar4
    [2011-01-18 13:38:43 | 000,000,000 | ---D | C] -- F:\Mijn Documenten\Nieuwe map
    [2011-01-17 02:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\WinSCP
    [2011-01-15 19:46:03 | 000,000,000 | ---D | C] -- F:\Mijn Documenten\Midi Files
    [2011-01-10 21:13:10 | 000,000,000 | ---D | C] -- F:\Mijn Documenten\Beat Kangz
    [2011-01-10 21:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Beat Kangz
    [2010-12-31 01:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Waves Audio
    [2010-12-31 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Focusrite
    [2010-12-31 00:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr.A\Menu Start\Programma's\Focusrite

    ========== Files - Modified Within 30 Days ==========

    [2011-01-26 13:22:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr.A\Bureaublad\OTL.exe
    [2011-01-26 12:48:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-01-26 12:48:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-01-26 00:43:12 | 000,002,632 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
    [2011-01-26 00:34:54 | 000,002,894 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011-01-25 19:22:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011-01-25 19:16:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-01-25 17:36:19 | 004,160,093 | R--- | M] () -- C:\Documents and Settings\Mr.A\Bureaublad\ComboFix.exe
    [2011-01-25 17:34:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mr.A\Bureaublad\MBRCheck.exe
    [2011-01-23 23:34:23 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Mr.A\Bureaublad\Sound Configuration.lnk
    [2011-01-23 23:32:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011-01-23 23:18:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Mr.A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-01-22 17:47:40 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
    [2011-01-22 17:47:40 | 000,000,224 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
    [2011-01-21 14:22:53 | 000,040,576 | ---- | M] (Eugene V. Muzychenko) -- C:\WINDOWS\System32\drivers\vrtaucbl.sys
    [2011-01-19 20:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011-01-19 16:39:54 | 151,023,436 | ---- | M] () -- F:\Mijn Documenten\clip0006.avi
    [2011-01-19 14:40:31 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
    [2011-01-19 14:40:30 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
    [2011-01-17 02:34:18 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Mr.A\Application Data\winscp.rnd
    [2011-01-16 15:59:32 | 000,555,650 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2011-01-16 15:59:32 | 000,483,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-01-16 15:59:32 | 000,108,064 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2011-01-16 15:59:32 | 000,086,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-01-13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011-01-13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011-01-13 09:41:29 | 000,357,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011-01-13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011-01-13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011-01-13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011-01-13 09:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011-01-13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011-01-13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011-01-13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010-12-30 14:14:27 | 004,074,273 | ---- | M] () -- C:\WINDOWS\System32\TmpA174434109

    ========== Files Created - No Company Name ==========

    [2011-01-25 19:22:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011-01-25 19:22:45 | 000,261,936 | RHS- | C] () -- C:\cmldr
    [2011-01-25 19:05:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-01-25 19:05:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-01-25 19:05:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-01-25 19:05:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-01-25 19:05:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-01-25 17:35:43 | 004,160,093 | R--- | C] () -- C:\Documents and Settings\Mr.A\Bureaublad\ComboFix.exe
    [2011-01-25 17:35:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mr.A\Bureaublad\MBRCheck.exe
    [2011-01-23 23:34:23 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Mr.A\Bureaublad\Sound Configuration.lnk
    [2011-01-19 16:39:23 | 151,023,436 | ---- | C] () -- F:\Mijn Documenten\clip0006.avi
    [2011-01-19 14:40:30 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
    [2011-01-19 14:40:27 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
    [2011-01-17 02:30:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\winscp.rnd
    [2010-12-30 14:14:26 | 004,074,273 | ---- | C] () -- C:\WINDOWS\System32\TmpA174434109
    [2010-11-23 03:07:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
    [2010-11-23 03:07:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
    [2010-09-20 23:13:20 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjpj.ini
    [2010-09-17 11:40:31 | 000,594,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010-09-03 15:36:54 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjol.ini
    [2010-09-03 15:36:54 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjfl.ini
    [2010-09-03 15:36:08 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjef.ini
    [2010-09-03 15:35:56 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjda.ini
    [2010-09-03 15:35:45 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjcc.ini
    [2010-09-03 15:35:32 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjpc.ini
    [2010-09-03 15:35:32 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjjd.ini
    [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjma.ini
    [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjke.ini
    [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjgb.ini
    [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjbe.ini
    [2010-09-03 15:01:58 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjlk.ini
    [2010-09-03 14:52:55 | 003,661,824 | ---- | C] () -- C:\WINDOWS\System32\mkl_wavearts.dll
    [2010-08-26 05:41:05 | 004,431,872 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
    [2010-08-26 05:41:05 | 004,337,664 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
    [2010-08-26 05:38:19 | 006,500,352 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
    [2010-08-26 05:38:19 | 006,496,256 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
    [2010-08-26 05:37:10 | 006,791,168 | ---- | C] () -- C:\WINDOWS\System32\PSP Xenon.dll
    [2010-08-26 05:36:18 | 000,678,912 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoController.dll
    [2010-08-26 05:36:18 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoAnalyser.dll
    [2010-08-26 05:36:18 | 000,591,872 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoEnhancer.dll
    [2010-08-26 05:36:18 | 000,580,608 | ---- | C] () -- C:\WINDOWS\System32\PSP PseudoStereo.dll
    [2010-08-26 05:33:48 | 003,191,296 | ---- | C] () -- C:\WINDOWS\System32\PSP Nitro.dll
    [2010-08-26 05:32:04 | 004,332,032 | ---- | C] () -- C:\WINDOWS\System32\PSP MixBass2.dll
    [2010-08-26 05:30:02 | 004,218,880 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
    [2010-08-26 05:26:58 | 002,874,368 | ---- | C] () -- C:\WINDOWS\System32\PSP EasyVerb.dll
    [2010-08-25 13:54:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
    [2010-08-25 00:31:09 | 000,002,632 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
    [2010-08-24 22:18:01 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
    [2010-08-24 16:00:00 | 000,018,819 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
    [2010-08-24 00:46:20 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010-08-23 23:04:22 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Mr.A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-08-23 22:57:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
    [2010-08-23 19:28:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
    [2010-08-23 15:33:53 | 000,024,294 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2010-08-23 15:33:53 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2010-08-23 15:33:34 | 000,060,360 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2010-08-23 15:33:33 | 000,014,997 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2010-08-23 15:33:31 | 000,017,921 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2010-08-23 05:37:31 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2010-08-23 01:05:09 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2010-08-22 23:20:53 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010-08-22 23:20:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010-08-22 23:20:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2010-08-22 17:17:04 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010-08-22 16:11:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010-08-22 16:05:00 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
    [2010-08-08 19:18:19 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
    [2010-06-25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2009-10-06 16:00:00 | 001,210,208 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandAutopanpresets.xml
    [2009-10-06 16:00:00 | 000,919,437 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandVibratopresets.xml
    [2009-10-06 16:00:00 | 000,886,643 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandRingModulatorpresets.xml
    [2009-10-06 16:00:00 | 000,857,792 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandPhaserpresets.xml
    [2009-10-06 16:00:00 | 000,614,095 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandTremolopresets.xml
    [2009-10-06 16:00:00 | 000,461,724 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandDelaypresets.xml
    [2009-10-06 16:00:00 | 000,335,546 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MReverbpresets.xml
    [2009-10-06 16:00:00 | 000,244,500 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandWaveShaperpresets.xml
    [2009-10-06 16:00:00 | 000,172,324 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MAnalyzerpresets.xml
    [2009-10-06 16:00:00 | 000,140,966 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandDynamicspresets.xml
    [2009-10-06 16:00:00 | 000,050,760 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MSpectralDynamicspresets.xml
    [2009-10-06 16:00:00 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MDynamicspresets.xml
    [2009-10-06 16:00:00 | 000,022,238 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MMultiBandLimiterpresets.xml
    [2009-10-06 16:00:00 | 000,010,486 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MEqualizerLinearPhasepresets.xml
    [2009-10-06 16:00:00 | 000,007,954 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MEqualizerpresets.xml
    [2009-10-06 16:00:00 | 000,006,753 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MCompressorpresets.xml
    [2009-10-06 16:00:00 | 000,005,160 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MWaveShaperpresets.xml
    [2009-10-06 16:00:00 | 000,004,150 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MStereoProcessorpresets.xml
    [2009-10-06 16:00:00 | 000,002,841 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MRingModulatorpresets.xml
    [2009-10-06 16:00:00 | 000,002,615 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MPhaserpresets.xml
    [2009-10-06 16:00:00 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MStereoExpanderpresets.xml
    [2009-10-06 16:00:00 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MUltraMaximizerpresets.xml
    [2009-10-06 16:00:00 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MVibratopresets.xml
    [2009-10-06 16:00:00 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MTremolopresets.xml
    [2009-10-06 16:00:00 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MAutopanpresets.xml
    [2009-10-06 16:00:00 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Mr.A\Application Data\MLimiterpresets.xml
    [2009-03-03 16:00:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\VTM4CoreA.dll
    [2006-08-16 14:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
    [2006-07-03 23:21:32 | 001,397,548 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
    [2005-10-14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005-10-14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
    [2005-10-14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2005-10-14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2005-10-14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2005-10-14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2005-10-14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2005-10-14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [1999-01-22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
     
  17. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    ========== LOP Check ==========

    [2010-12-13 14:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2011-01-26 00:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010-08-24 01:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arturia
    [2010-08-26 23:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
    [2010-10-02 14:08:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010-10-02 14:12:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
    [2010-11-19 13:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2010-08-28 15:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
    [2010-08-24 00:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2010-08-24 22:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
    [2010-10-15 13:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
    [2010-08-24 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\M-Audio
    [2010-11-09 17:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2010-08-23 22:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2
    [2010-08-24 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTexturedStyles
    [2010-08-24 17:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
    [2010-11-24 23:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010-08-24 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    [2010-08-25 17:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SideKickReg
    [2010-08-24 01:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
    [2010-08-24 22:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
    [2011-01-23 23:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010-08-27 14:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
    [2010-08-24 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
    [2010-12-31 02:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Waves Audio
    [2010-10-21 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcamXP 5
    [2010-08-24 17:43:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{09B301EE-C58B-408E-8D5D-E17495536D3E}
    [2010-08-23 22:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-08-24 17:42:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
    [2010-12-16 23:17:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4FF14FF4-C333-4311-BC51-88781D14A5AF}
    [2010-08-24 16:37:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A518DCBE-06AD-461B-8F2E-C53AA3525C15}
    [2010-08-27 16:10:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
    [2010-08-24 16:34:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
    [2010-08-24 16:32:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
    [2010-08-24 17:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EADDDB9C-2F20-4408-9D14-618D2AF3ADB4}
    [2010-08-24 17:56:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FD243B4D-4229-4F4A-8F06-0C6A82929EE8}
    [2010-12-13 16:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Ableton
    [2010-08-24 23:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Antares
    [2010-08-24 01:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Audio Ease
    [2010-10-21 02:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\BITS
    [2010-08-25 15:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Blue Cat Audio
    [2010-08-24 12:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\BSplayer PRO
    [2010-12-20 23:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Celemony Software GmbH
    [2010-08-24 00:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\DAEMON Tools Pro
    [2010-12-30 14:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\FabFilter
    [2010-08-23 22:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\FlashGet
    [2010-08-23 22:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\FlashGetBHO
    [2010-11-23 03:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\FXpansion
    [2010-08-27 02:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\iZotope
    [2010-10-15 14:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\KORG
    [2010-08-27 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Lexicon PCM Native
    [2010-11-25 03:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MAnalyzer
    [2010-09-24 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MAutoEqualizer
    [2010-09-04 02:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MStereoExpander
    [2010-09-23 22:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MStereoProcessor
    [2010-09-24 15:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MUltraMaximizer
    [2010-12-13 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MeldaProduction MWaveShaper
    [2011-01-24 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MessengerDiscovery 2
    [2010-08-25 01:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\MSPS
    [2010-11-24 23:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\PACE Anti-Piracy
    [2010-08-24 15:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Propellerhead Software
    [2010-10-14 13:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Proteus VX
    [2010-10-06 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\SPL Plug-Ins
    [2010-08-27 14:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Steinberg
    [2010-08-23 03:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\SystemRequirementsLab
    [2011-01-18 18:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Toolbar4
    [2010-08-24 14:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Uniblue
    [2010-11-22 01:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\uTorrent
    [2010-10-08 11:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Voxengo
    [2011-01-19 22:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\VST3 Presets
    [2010-08-26 17:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Waldorf
    [2010-12-31 02:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr.A\Application Data\Waves Audio

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-08-22 15:26:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-09-02 22:34:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011-01-25 19:22:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2003-04-08 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
    [2010-08-22 15:26:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007-11-07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007-11-07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007-11-07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007-11-07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007-11-07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007-11-07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007-11-07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007-11-07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007-11-07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007-11-07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007-11-07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007-11-07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007-11-07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010-08-22 15:26:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010-08-22 15:26:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010-08-22 16:26:44 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010-08-23 02:00:39 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2011-01-26 12:48:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010-08-23 13:51:30 | 000,005,748 | ---- | M] () -- C:\pltemp.ini
    [2008-04-30 23:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
    [2007-11-07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007-11-07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007-11-07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010-08-22 15:26:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009-03-17 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
    [2009-03-17 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
    [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011-01-13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010-08-22 17:14:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010-08-22 17:14:37 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010-08-22 17:14:37 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010-08-22 15:30:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mr.A\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
    [2010-08-23 02:22:40 | 000,000,189 | -HS- | M] () -- C:\Documents and Settings\Mr.A\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011-01-26 14:36:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Mr.A\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008-04-14 18:03:17 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2010-08-25 02:12:00 | 000,735,984 | ---- | M] (tzuk) -- C:\WINDOWS\Installer\SandboxieInstall32.exe
    [10 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 18:02:23 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2003-04-08 13:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002-08-20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002-04-11 11:00:02 | 000,000,898 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008-05-02 15:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002-08-20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003-04-08 13:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003-04-08 13:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003-04-08 13:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002-08-20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-07-17 10:35:48 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1257 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:cZAAyo3VetYfXrm5B3tw
    @Alternate Data Stream - 1242 bytes -> C:\Documents and Settings\Mr.A\Cookies\4nIcFQGyou7m:cwQNeMVQDblPSunGe3X
    @Alternate Data Stream - 1214 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:fXeY28poQMWPDaKRZ
    @Alternate Data Stream - 1205 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dgDiPp650oCYkoGTsnGhu42
    @Alternate Data Stream - 1122 bytes -> C:\Documents and Settings\Mr.A\Cookies:RpvRPoYZRH6rjYzclCkaHhyU6R

    < End of report >
     
  18. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Extras.txt

    OTL Extras logfile created on: 26-1-2011 14:43:13 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mr.A\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 114,48 Gb Total Space | 50,49 Gb Free Space | 44,10% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 162,67 Gb Free Space | 17,46% Space Free | Partition Type: NTFS

    Computer Name: ADILOST | User Name: Mr.A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "60007:TCP" = 60007:TCP:*:Enabled:UTorrent 60007
    "60007:UDP" = 60007:UDP:*:Enabled:UTorrent 60007
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Steinberg\Cubase 5\Cubase5.exe" = C:\Program Files\Steinberg\Cubase 5\Cubase5.exe:*:Enabled:Cubase -- (Steinberg Media Technologies)
    "C:\Program Files\Steinberg\WaveLab 6\WaveLab-app.exe" = C:\Program Files\Steinberg\WaveLab 6\WaveLab-app.exe:*:Enabled:WaveLab -- (Steinberg Media Technologies)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iWebcamera\iWebcameraApp.exe" = C:\Program Files\iWebcamera\iWebcameraApp.exe:*:Enabled:iWebcameraApp -- (drahtwerk)
    "C:\Program Files\FXpansion\Guru\Guru.exe" = C:\Program Files\FXpansion\Guru\Guru.exe:*:Enabled:Stand-Alone (stub loader) -- (FXpansion Audio UK Ltd.)
    "C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Disabled:webcamXP -- (Moonware Studios)
    "C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Disabled:webcamXP Service -- (Moonware Studios)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{04FCFB2F-FEC3-4D9A-81FB-A18858CF52DB}_is1" = RAM Saver 9.12 Professional
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Hardware Controller Support
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
    "{1C53D51A-7F4F-435A-B292-A2395DFAF090}" = BuzComp_KeyMaker
    "{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel(R) C++ Redistributables for Windows* on IA-32
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
    "{21E77392-C30A-4AA2-8CA7-5728316939D6}" = AmpliTube X-GEAR
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
    "{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{439A2DFC-DC12-4A8A-AAA3-D9CA68D778CD}" = Virtuoso
    "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
    "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
    "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
    "{5354D5F2-342D-43DD-A361-B65BF7AABE1D}" = nebula3 CM
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F9D5D04-C756-4B4A-9ADF-37F7D8EB1E87}" = ARC System
    "{620FE3A6-F576-4ECC-9734-FA2DCFA4FF82}" = KORG Legacy Collection - ANALOG EDITION 2007
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65AA5B18-A330-4F35-BCDF-EA85EC888906}" = AVOX Evo VST
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{69E5920C-C84E-4F77-A776-71C1FEFBDED4}" = Axiom Pro Cubase HyperControl
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
    "{8066D0CB-C217-4673-BAFA-ED420F483CE9}" = BuzComp
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AB5668B8-1428-460F-AE02-999A598D6883}" = Wavpack4Wavelab6
    "{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
    "{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.4 - Nederlands
    "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
    "{B08ACC56-7772-4C92-8052-774079E8927A}" = Mo Phatt
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4691C58-2A6A-4AFA-960E-AEB767639E44}" = PCM Native Reverb VST Plug-in
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
    "{D0E565B0-03A0-40D9-A514-000634AA58C6}" = KORG Legacy Collection - DIGITAL EDITION
    "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
    "{D69D39FC-DCC0-43F4-9524-043EE9F1C329}" = Native Instruments Abbey Road Modern Drums
    "{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
    "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
    "{DC7544D8-F401-4E25-A242-209F9225330E}" = AxiomPro
    "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
    "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
    "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
    "Addictive Drums Inno Setup_is1" = Addictive Drums 1.1
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
    "Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
    "Antares Autotune VST_is1" = Antares Autotune VST v5.09
    "ANWIDA Soft Parametric Equalizer Pro 3.0" = ANWIDA Soft Parametric Equalizer Pro 3.0
    "Arturia Prophet V VSTi RTAS_is1" = Arturia Prophet V VSTi RTAS v1.2.1
    "ASIO4ALL" = ASIO4ALL
    "avast5" = avast! Pro Antivirus
    "BBE Sonic Sweet Bundle VST RTAS_is1" = BBE Sonic Sweet Bundle VST RTAS v1.0
    "Brainworx BX Control VST RTAS_is1" = Brainworx BX Control VST RTAS v2.0
    "Brainworx BX Digital VST RTAS_is1" = Brainworx BX Digital VST RTAS v2.0.2
    "Brainworx BX DynEQ Bundle VST RTAS_is1" = Brainworx BX DynEQ Bundle VST RTAS v1.1
    "Brainworx BX Hybrid VST RTAS_is1" = Brainworx BX Hybrid VST RTAS v1.0.5
    "Brainworx BX XL Mastering Limiter_is1" = Brainworx BX XL Mastering Limiter VST RTAS v1.0
    "BSPlayerp" = BS.Player PRO
    "Cakewalk Dimension Pro_is1" = Dimension Pro
    "Cakewalk Rapture Expansion Pack 1" = Cakewalk Rapture Expansion Pack 1
    "Cakewalk Rapture Expansion Pack 2" = Cakewalk Rapture Expansion Pack 2
    "Cakewalk Rapture_is1" = Rapture 1.1
    "Camel Audio Cameleon 5000 v1.7 VSTi" = Camel Audio Cameleon 5000 v1.7 VSTi
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CCleaner" = CCleaner (remove only)
    "CdaC13Ba" = SafeCast Shared Components
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Compadre Beatpuncher_is1" = Compadre Beatpuncher v1.1
    "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
    "Darbuka_is1" = Darbuka 1.0.0
    "db audioware Sidechain Compressor VST v1.1.0" = db audioware Sidechain Compressor VST v1.1.0
    "discoDSP Discovery Pro_is1" = discoDSP Discovery Pro VSTi RTAS v5.3
    "DivX Setup.divx.com" = DivX Setup
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "DriverGuide DriverScan" = DriverGuide DriverScan
    "eLicenser Control" = eLicenser Control
    "Elysia mpressor VST RTAS_is1" = Elysia mpressor VST RTAS v1.0.2
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.1.2
    "FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.01
    "FabFilter Simplon 1.12" = FabFilter Simplon 1.12
    "FabFilter TotalBundle x86_is1" = FabFilter TotalBundle VST RTAS v1.2
    "FabFilter Twin VSTi RTAS_is1" = FabFilter Twin VSTi RTAS v2.00
    "FabFilter Volcano VST RTAS_is1" = FabFilter Volcano VST RTAS v2.03
    "FL Studio 9" = FL Studio 9
    "FLUX Spring Pack Bundle_is1" = FLUX Spring Pack Bundle v1.0.4.14
    "Gebruikersregistratie voor Canon MP250 series" = Gebruikersregistratie voor Canon MP250 series
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IL Download Manager" = IL Download Manager
    "IL Juice Pack" = IL Juice Pack
    "IL Vocodex" = IL Vocodex
    "ImTOO MPEG Encoder Platinum" = ImTOO MPEG Encoder Platinum
    "ISOBuddy" = ISOBuddy
    "iZotope Alloy_is1" = iZotope Alloy
    "iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content
    "iZotope iDrum_is1" = iZotope iDrum
    "iZotope Ozone 4_is1" = iZotope Ozone 4
    "KeyToSound - Essential Compressor_is1" = KeyToSound - Essential Compressor 1.0 r4
    "Latigo_is1" = Latigo 1.0.0
    "Live 8.2.1" = Live 8.2.1
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Maximus" = Maximus
    "Messenger Plus! Live" = Messenger Plus! Live
    "MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Minimal System Instruments Moogi VST v2.50_is1" = Minimal System Instruments Moogi Analogue Filter VST v2.50
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSIstrip v2.00" = MSIstrip v2.00
    "Native Instruments Abbey Road Modern Drums" = Native Instruments Abbey Road Modern Drums
    "Native Instruments Battery 3" = Native Instruments Battery 3
    "Native Instruments Best of Reaktor Vol. 1" = Native Instruments Best of Reaktor Vol. 1
    "Native Instruments Deep Transformations" = Native Instruments Deep Transformations
    "Native Instruments FM8" = Native Instruments FM8
    "Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
    "Native Instruments Kontakt 4" = Native Instruments Kontakt 4
    "Native Instruments Kore 2" = Native Instruments Kore 2
    "Native Instruments Kore v2.0.1.007 Updater - Patcher" = Native Instruments Kore v2.0.1.007 Updater - Patcher
    "Native Instruments Maschine" = Native Instruments Maschine
    "Native Instruments Maschine Driver" = Native Instruments Maschine Driver
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Massive Expansion Vol. 2" = Native Instruments Massive Expansion Vol. 2
    "Native Instruments Pro-53" = Native Instruments Pro-53
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Urban Arsenal" = Native Instruments Urban Arsenal
    "NomadFactory Analog Mastering Tools VST RTAS_is1" = NomadFactory Analog Mastering Tools VST RTAS v1.0
    "NomadFactory Blue Tubes Analog TrackBox VST RTAS_is1" = NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3
    "NomadFactory Blue Tubes Dynamics Pack VST RTAS_is1" = NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2
    "NomadFactory Blue Tubes Effects Pack VST RTAS_is1" = NomadFactory Blue Tubes Effects Pack VST RTAS v3.2
    "NomadFactory Blue Tubes Equalizers Pack VST RTAS_is1" = NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2
    "NomadFactory Essential Studio Suite VST RTAS_is1" = NomadFactory Essential Studio Suite VST RTAS v1.5
    "NomadFactory Limiting Amplifier LM-662 VST RTAS_is1" = NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3
    "NomadFactory Liquid Bundle VST RTAS_is1" = NomadFactory Liquid Bundle VST RTAS v2.4
    "NomadFactory Program Equalizer EQP-4 VST RTAS_is1" = NomadFactory Program Equalizer EQP-4 VST RTAS v1.3
    "NomadFactory Retrology M-Tone EQ VST RTAS_is1" = NomadFactory Retrology M-Tone EQ VST RTAS v1.0
    "NomadFactory Studio Channel SC-226 VST RTAS_is1" = NomadFactory Studio Channel SC-226 VST RTAS v1.3
    "NVIDIA Drivers" = NVIDIA Drivers
    "PCM Native Reverb VST Plug-in" = PCM Native Reverb VST Plug-in
    "PoiZone" = PoiZone
    "PowerISO" = PowerISO
    "PreSonus FireBox driver v5.13.0.0" = PreSonus FireBox driver v5.13.0.0
    "Proteus VX" = Proteus VX
    "PSP Audioware Neon HR VST RTAS_is1" = PSP Audioware Neon HR VST RTAS v1.5.1
    "PSP Audioware Xenon_is1" = PSP Audioware Xenon v1.0
    "PSP EasyVerb 1.5.4" = PSP EasyVerb 1.5.4
    "PSP MasterComp 1.5.4" = PSP MasterComp 1.5.4
    "PSP MasterQ 1.5.2" = PSP MasterQ 1.5.2
    "PSP MixPack2 2.0.3" = PSP MixPack2 2.0.3
    "PSP Nitro 1.1.2" = PSP Nitro 1.1.2
    "PSP sQuad 1.1.1" = PSP sQuad 1.1.1
    "PSP StereoPack 1.9.0" = PSP StereoPack 1.9.0
    "PSP VintageWarmer2 2.3.1 32bit" = PSP VintageWarmer2 2.3.1 32bit
    "Punch VST v1.05" = Punch VST v1.05
    "Reason4_is1" = Reason 4.0
    "reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "Sandboxie" = Sandboxie 3.46
    "Sawer" = Sawer
    "Softube FET Compressor VST RTAS_is1" = Softube FET Compressor VST RTAS v1.0.3
    "Softube Passive-Active Pack VST RTAS_is1" = Softube Passive-Active Pack VST RTAS v1.0.2
    "Softube Tonelux Tilt_is1" = Softube Tonelux Tilt VST RTAS v1.0
    "Softube Tube-Tech CL 1B VST RTAS_is1" = Softube Tube-Tech CL 1B VST RTAS v1.0.3
    "Softube Tube-Tech PE 1C_is1" = Softube Tube-Tech PE 1C VST RTAS v1.0.1
    "Softube Valley People Dyna-mite_is1" = Softube Valley People Dyna-mite VST RTAS v1.0.3
    "Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
    "Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
    "Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
    "Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
    "Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
    "Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
    "SPL Analog Code DrumXchanger VST RTAS_is1" = SPL Analog Code DrumXchanger VST RTAS v1.0
    "SPL Analog Code Vitalizer MK2-T VST RTAS_is1" = SPL Analog Code Vitalizer MK2-T VST RTAS v1.1
    "SSi Pro EQ VST v1.0_is1" = Minimal System Instruments SSi Pro EQ VST v1.0
    "SSi Pro Expander&Gate VST v1.0_is1" = Minimal System Instruments SSi Pro Expander&Gate VST v1.0
    "Steinberg Freefilter v1.2" = Steinberg Freefilter v1.2
    "Steinberg Groove Agent VSTi DXi_is1" = Steinberg Groove Agent VSTi DXi v2.0
    "Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
    "Steinberg The Grand VSTi DXi_is1" = Steinberg The Grand VSTi DXi v2.1.0
    "Steinberg Virtual Bassist VSTi DXi_is1" = Steinberg Virtual Bassist VSTi DXi v1.0
    "Stillwell Audio Plugins Bundle VST v1.52" = Stillwell Audio Plugins Bundle VST v1.52
    "Sytrus" = Sytrus
    "Tone2 FilterBank3_is1" = FilterBank v3.2
    "Tone2 FireBird+_is1" = FireBird+ v1.9
    "Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
    "Toxic Biohazard" = Toxic Biohazard
    "TT Dynamic Range Meter_is1" = TT Dynamic Range Meter 1.0
    "UltraComp VST v1.05" = UltraComp VST v1.05
    "URS Plug-In Bundle Complete VST RTAS_is1" = URS Plug-In Bundle Complete VST RTAS v1.0
    "uTorrent" = µTorrent
    "Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
    "VLC media player" = VLC media player 1.1.3
    "Waldorf Largo" = Waldorf Largo
    "Wave Arts Master Restoration" = Wave Arts Master Restoration
    "Wave Arts Power Suite" = Wave Arts Power Suite
    "Wave Arts Tube Saturator" = Wave Arts Tube Saturator
    "WaveLabPro" = WaveLab 6
    "Waves Complete v7_is1" = Waves Complete VST RTAS TDM v7.1.16
    "Way out Ware TimewARP2600 VSTi RTAS_is1" = Way out Ware TimewARP2600 VSTi RTAS v1.4.1
    "Winamp" = Winamp
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "XviD4PSP5" = XviD4PSP 5.0
    "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Elysia Alpha Compressor_is1" = Elysia Alpha Compressor VST RTAS v1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 19-1-2011 10:18:32 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: camrecorder.exe, versie: 6.0.3.928, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00011780.

    Error - 19-1-2011 10:21:54 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: camrecorder.exe, versie: 6.0.3.928, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00011780.

    Error - 19-1-2011 22:58:05 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: divxupdate.exe, versie: 1.0.1.10, vastgelopen
    module: msvcp80.dll, versie: 8.0.50727.4053, vastgelopen op: 0x000100b5.

    Error - 20-1-2011 8:20:42 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 20-1-2011 10:40:09 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: winamp.exe, versie: 5.5.5.2405, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00010f20.

    Error - 21-1-2011 8:20:21 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 8:29:11 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 8:34:10 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 224: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 9:27:50 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 240: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 26-1-2011 9:36:22 | Computer Name = ADILOST | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: AvastUI.exe, versie: 5.1.889.0, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    [ System Events ]
    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De SMTP (Simple Mail Transfer Protocol)-service is onverwacht beëindigd.
    Dit is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De World Wide Web-publicatie-service is onverwacht beëindigd. Dit
    is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
    keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De MBAMService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De NIHardwareService-service is onverwacht beëindigd. Dit is nu 1
    keer gebeurd.

    Error - 25-1-2011 11:09:30 | Computer Name = ADILOST | Source = MRxSmb | ID = 8003
    Description = De masterbrowser heeft een servermelding ontvangen van computer SX551E61CAD
    die
    meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{71BFA0BC-9BBE-43.
    De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

    Error - 25-1-2011 14:07:02 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De C-DillaCdaC11BA-service is onverwacht beëindigd. Dit is nu 1 keer
    gebeurd.

    Error - 25-1-2011 19:18:01 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De C-DillaCdaC11BA-service is onverwacht beëindigd. Dit is nu 1 keer
    gebeurd.

    Error - 26-1-2011 7:30:24 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: COM-service voor IMAPI cd-branders.

    Error - 26-1-2011 7:30:24 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7000
    Description = De COM-service voor IMAPI cd-branders-service kan vanwege de volgende
    fout niet worden gestart: %%1053


    < End of report >


    Extras.txt

    OTL Extras logfile created on: 26-1-2011 14:43:13 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mr.A\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 114,48 Gb Total Space | 50,49 Gb Free Space | 44,10% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 162,67 Gb Free Space | 17,46% Space Free | Partition Type: NTFS

    Computer Name: ADILOST | User Name: Mr.A | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "60007:TCP" = 60007:TCP:*:Enabled:UTorrent 60007
    "60007:UDP" = 60007:UDP:*:Enabled:UTorrent 60007
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
     
  19. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Steinberg\Cubase 5\Cubase5.exe" = C:\Program Files\Steinberg\Cubase 5\Cubase5.exe:*:Enabled:Cubase -- (Steinberg Media Technologies)
    "C:\Program Files\Steinberg\WaveLab 6\WaveLab-app.exe" = C:\Program Files\Steinberg\WaveLab 6\WaveLab-app.exe:*:Enabled:WaveLab -- (Steinberg Media Technologies)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iWebcamera\iWebcameraApp.exe" = C:\Program Files\iWebcamera\iWebcameraApp.exe:*:Enabled:iWebcameraApp -- (drahtwerk)
    "C:\Program Files\FXpansion\Guru\Guru.exe" = C:\Program Files\FXpansion\Guru\Guru.exe:*:Enabled:Stand-Alone (stub loader) -- (FXpansion Audio UK Ltd.)
    "C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Disabled:webcamXP -- (Moonware Studios)
    "C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Disabled:webcamXP Service -- (Moonware Studios)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{04FCFB2F-FEC3-4D9A-81FB-A18858CF52DB}_is1" = RAM Saver 9.12 Professional
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Hardware Controller Support
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
    "{1C53D51A-7F4F-435A-B292-A2395DFAF090}" = BuzComp_KeyMaker
    "{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel(R) C++ Redistributables for Windows* on IA-32
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
    "{21E77392-C30A-4AA2-8CA7-5728316939D6}" = AmpliTube X-GEAR
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
    "{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{439A2DFC-DC12-4A8A-AAA3-D9CA68D778CD}" = Virtuoso
    "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
    "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
    "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
    "{5354D5F2-342D-43DD-A361-B65BF7AABE1D}" = nebula3 CM
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F9D5D04-C756-4B4A-9ADF-37F7D8EB1E87}" = ARC System
    "{620FE3A6-F576-4ECC-9734-FA2DCFA4FF82}" = KORG Legacy Collection - ANALOG EDITION 2007
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65AA5B18-A330-4F35-BCDF-EA85EC888906}" = AVOX Evo VST
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{69E5920C-C84E-4F77-A776-71C1FEFBDED4}" = Axiom Pro Cubase HyperControl
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
    "{8066D0CB-C217-4673-BAFA-ED420F483CE9}" = BuzComp
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AB5668B8-1428-460F-AE02-999A598D6883}" = Wavpack4Wavelab6
    "{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
    "{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.4 - Nederlands
    "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
    "{B08ACC56-7772-4C92-8052-774079E8927A}" = Mo Phatt
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4691C58-2A6A-4AFA-960E-AEB767639E44}" = PCM Native Reverb VST Plug-in
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
    "{D0E565B0-03A0-40D9-A514-000634AA58C6}" = KORG Legacy Collection - DIGITAL EDITION
    "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
    "{D69D39FC-DCC0-43F4-9524-043EE9F1C329}" = Native Instruments Abbey Road Modern Drums
    "{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
    "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
    "{DC7544D8-F401-4E25-A242-209F9225330E}" = AxiomPro
    "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
    "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
    "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
    "Addictive Drums Inno Setup_is1" = Addictive Drums 1.1
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
    "Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Analog Factory HipHop_is1" = Analog Factory HipHop 2.2.1
    "Antares Autotune VST_is1" = Antares Autotune VST v5.09
    "ANWIDA Soft Parametric Equalizer Pro 3.0" = ANWIDA Soft Parametric Equalizer Pro 3.0
    "Arturia Prophet V VSTi RTAS_is1" = Arturia Prophet V VSTi RTAS v1.2.1
    "ASIO4ALL" = ASIO4ALL
    "avast5" = avast! Pro Antivirus
    "BBE Sonic Sweet Bundle VST RTAS_is1" = BBE Sonic Sweet Bundle VST RTAS v1.0
    "Brainworx BX Control VST RTAS_is1" = Brainworx BX Control VST RTAS v2.0
    "Brainworx BX Digital VST RTAS_is1" = Brainworx BX Digital VST RTAS v2.0.2
    "Brainworx BX DynEQ Bundle VST RTAS_is1" = Brainworx BX DynEQ Bundle VST RTAS v1.1
    "Brainworx BX Hybrid VST RTAS_is1" = Brainworx BX Hybrid VST RTAS v1.0.5
    "Brainworx BX XL Mastering Limiter_is1" = Brainworx BX XL Mastering Limiter VST RTAS v1.0
    "BSPlayerp" = BS.Player PRO
    "Cakewalk Dimension Pro_is1" = Dimension Pro
    "Cakewalk Rapture Expansion Pack 1" = Cakewalk Rapture Expansion Pack 1
    "Cakewalk Rapture Expansion Pack 2" = Cakewalk Rapture Expansion Pack 2
    "Cakewalk Rapture_is1" = Rapture 1.1
    "Camel Audio Cameleon 5000 v1.7 VSTi" = Camel Audio Cameleon 5000 v1.7 VSTi
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CCleaner" = CCleaner (remove only)
    "CdaC13Ba" = SafeCast Shared Components
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Compadre Beatpuncher_is1" = Compadre Beatpuncher v1.1
    "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
    "Darbuka_is1" = Darbuka 1.0.0
    "db audioware Sidechain Compressor VST v1.1.0" = db audioware Sidechain Compressor VST v1.1.0
    "discoDSP Discovery Pro_is1" = discoDSP Discovery Pro VSTi RTAS v5.3
    "DivX Setup.divx.com" = DivX Setup
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "DriverGuide DriverScan" = DriverGuide DriverScan
    "eLicenser Control" = eLicenser Control
    "Elysia mpressor VST RTAS_is1" = Elysia mpressor VST RTAS v1.0.2
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.1.2
    "FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.01
    "FabFilter Simplon 1.12" = FabFilter Simplon 1.12
    "FabFilter TotalBundle x86_is1" = FabFilter TotalBundle VST RTAS v1.2
    "FabFilter Twin VSTi RTAS_is1" = FabFilter Twin VSTi RTAS v2.00
    "FabFilter Volcano VST RTAS_is1" = FabFilter Volcano VST RTAS v2.03
    "FL Studio 9" = FL Studio 9
    "FLUX Spring Pack Bundle_is1" = FLUX Spring Pack Bundle v1.0.4.14
    "Gebruikersregistratie voor Canon MP250 series" = Gebruikersregistratie voor Canon MP250 series
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IL Download Manager" = IL Download Manager
    "IL Juice Pack" = IL Juice Pack
    "IL Vocodex" = IL Vocodex
    "ImTOO MPEG Encoder Platinum" = ImTOO MPEG Encoder Platinum
    "ISOBuddy" = ISOBuddy
    "iZotope Alloy_is1" = iZotope Alloy
    "iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content
    "iZotope iDrum_is1" = iZotope iDrum
    "iZotope Ozone 4_is1" = iZotope Ozone 4
    "KeyToSound - Essential Compressor_is1" = KeyToSound - Essential Compressor 1.0 r4
    "Latigo_is1" = Latigo 1.0.0
    "Live 8.2.1" = Live 8.2.1
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Maximus" = Maximus
    "Messenger Plus! Live" = Messenger Plus! Live
    "MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Minimal System Instruments Moogi VST v2.50_is1" = Minimal System Instruments Moogi Analogue Filter VST v2.50
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSIstrip v2.00" = MSIstrip v2.00
    "Native Instruments Abbey Road Modern Drums" = Native Instruments Abbey Road Modern Drums
    "Native Instruments Battery 3" = Native Instruments Battery 3
    "Native Instruments Best of Reaktor Vol. 1" = Native Instruments Best of Reaktor Vol. 1
    "Native Instruments Deep Transformations" = Native Instruments Deep Transformations
    "Native Instruments FM8" = Native Instruments FM8
    "Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
    "Native Instruments Kontakt 4" = Native Instruments Kontakt 4
    "Native Instruments Kore 2" = Native Instruments Kore 2
    "Native Instruments Kore v2.0.1.007 Updater - Patcher" = Native Instruments Kore v2.0.1.007 Updater - Patcher
    "Native Instruments Maschine" = Native Instruments Maschine
    "Native Instruments Maschine Driver" = Native Instruments Maschine Driver
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Massive Expansion Vol. 2" = Native Instruments Massive Expansion Vol. 2
    "Native Instruments Pro-53" = Native Instruments Pro-53
    "Native Instruments Service Center" = Native Instruments Service Center
    "Native Instruments Urban Arsenal" = Native Instruments Urban Arsenal
    "NomadFactory Analog Mastering Tools VST RTAS_is1" = NomadFactory Analog Mastering Tools VST RTAS v1.0
    "NomadFactory Blue Tubes Analog TrackBox VST RTAS_is1" = NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3
    "NomadFactory Blue Tubes Dynamics Pack VST RTAS_is1" = NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2
    "NomadFactory Blue Tubes Effects Pack VST RTAS_is1" = NomadFactory Blue Tubes Effects Pack VST RTAS v3.2
    "NomadFactory Blue Tubes Equalizers Pack VST RTAS_is1" = NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2
    "NomadFactory Essential Studio Suite VST RTAS_is1" = NomadFactory Essential Studio Suite VST RTAS v1.5
    "NomadFactory Limiting Amplifier LM-662 VST RTAS_is1" = NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3
    "NomadFactory Liquid Bundle VST RTAS_is1" = NomadFactory Liquid Bundle VST RTAS v2.4
    "NomadFactory Program Equalizer EQP-4 VST RTAS_is1" = NomadFactory Program Equalizer EQP-4 VST RTAS v1.3
    "NomadFactory Retrology M-Tone EQ VST RTAS_is1" = NomadFactory Retrology M-Tone EQ VST RTAS v1.0
    "NomadFactory Studio Channel SC-226 VST RTAS_is1" = NomadFactory Studio Channel SC-226 VST RTAS v1.3
    "NVIDIA Drivers" = NVIDIA Drivers
    "PCM Native Reverb VST Plug-in" = PCM Native Reverb VST Plug-in
    "PoiZone" = PoiZone
    "PowerISO" = PowerISO
    "PreSonus FireBox driver v5.13.0.0" = PreSonus FireBox driver v5.13.0.0
    "Proteus VX" = Proteus VX
    "PSP Audioware Neon HR VST RTAS_is1" = PSP Audioware Neon HR VST RTAS v1.5.1
    "PSP Audioware Xenon_is1" = PSP Audioware Xenon v1.0
    "PSP EasyVerb 1.5.4" = PSP EasyVerb 1.5.4
    "PSP MasterComp 1.5.4" = PSP MasterComp 1.5.4
    "PSP MasterQ 1.5.2" = PSP MasterQ 1.5.2
    "PSP MixPack2 2.0.3" = PSP MixPack2 2.0.3
    "PSP Nitro 1.1.2" = PSP Nitro 1.1.2
    "PSP sQuad 1.1.1" = PSP sQuad 1.1.1
    "PSP StereoPack 1.9.0" = PSP StereoPack 1.9.0
    "PSP VintageWarmer2 2.3.1 32bit" = PSP VintageWarmer2 2.3.1 32bit
    "Punch VST v1.05" = Punch VST v1.05
    "Reason4_is1" = Reason 4.0
    "reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "Sandboxie" = Sandboxie 3.46
    "Sawer" = Sawer
    "Softube FET Compressor VST RTAS_is1" = Softube FET Compressor VST RTAS v1.0.3
    "Softube Passive-Active Pack VST RTAS_is1" = Softube Passive-Active Pack VST RTAS v1.0.2
    "Softube Tonelux Tilt_is1" = Softube Tonelux Tilt VST RTAS v1.0
    "Softube Tube-Tech CL 1B VST RTAS_is1" = Softube Tube-Tech CL 1B VST RTAS v1.0.3
    "Softube Tube-Tech PE 1C_is1" = Softube Tube-Tech PE 1C VST RTAS v1.0.1
    "Softube Valley People Dyna-mite_is1" = Softube Valley People Dyna-mite VST RTAS v1.0.3
    "Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
    "Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
    "Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
    "Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
    "Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
    "Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
    "SPL Analog Code DrumXchanger VST RTAS_is1" = SPL Analog Code DrumXchanger VST RTAS v1.0
    "SPL Analog Code Vitalizer MK2-T VST RTAS_is1" = SPL Analog Code Vitalizer MK2-T VST RTAS v1.1
    "SSi Pro EQ VST v1.0_is1" = Minimal System Instruments SSi Pro EQ VST v1.0
    "SSi Pro Expander&Gate VST v1.0_is1" = Minimal System Instruments SSi Pro Expander&Gate VST v1.0
    "Steinberg Freefilter v1.2" = Steinberg Freefilter v1.2
    "Steinberg Groove Agent VSTi DXi_is1" = Steinberg Groove Agent VSTi DXi v2.0
    "Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
    "Steinberg The Grand VSTi DXi_is1" = Steinberg The Grand VSTi DXi v2.1.0
    "Steinberg Virtual Bassist VSTi DXi_is1" = Steinberg Virtual Bassist VSTi DXi v1.0
    "Stillwell Audio Plugins Bundle VST v1.52" = Stillwell Audio Plugins Bundle VST v1.52
    "Sytrus" = Sytrus
    "Tone2 FilterBank3_is1" = FilterBank v3.2
    "Tone2 FireBird+_is1" = FireBird+ v1.9
    "Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
    "Toxic Biohazard" = Toxic Biohazard
    "TT Dynamic Range Meter_is1" = TT Dynamic Range Meter 1.0
    "UltraComp VST v1.05" = UltraComp VST v1.05
    "URS Plug-In Bundle Complete VST RTAS_is1" = URS Plug-In Bundle Complete VST RTAS v1.0
    "uTorrent" = µTorrent
    "Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
    "VLC media player" = VLC media player 1.1.3
    "Waldorf Largo" = Waldorf Largo
    "Wave Arts Master Restoration" = Wave Arts Master Restoration
    "Wave Arts Power Suite" = Wave Arts Power Suite
    "Wave Arts Tube Saturator" = Wave Arts Tube Saturator
    "WaveLabPro" = WaveLab 6
    "Waves Complete v7_is1" = Waves Complete VST RTAS TDM v7.1.16
    "Way out Ware TimewARP2600 VSTi RTAS_is1" = Way out Ware TimewARP2600 VSTi RTAS v1.4.1
    "Winamp" = Winamp
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "XviD4PSP5" = XviD4PSP 5.0
    "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1645522239-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Elysia Alpha Compressor_is1" = Elysia Alpha Compressor VST RTAS v1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 19-1-2011 10:18:32 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: camrecorder.exe, versie: 6.0.3.928, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00011780.

    Error - 19-1-2011 10:21:54 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: camrecorder.exe, versie: 6.0.3.928, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00011780.

    Error - 19-1-2011 22:58:05 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: divxupdate.exe, versie: 1.0.1.10, vastgelopen
    module: msvcp80.dll, versie: 8.0.50727.4053, vastgelopen op: 0x000100b5.

    Error - 20-1-2011 8:20:42 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 20-1-2011 10:40:09 | Computer Name = ADILOST | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: winamp.exe, versie: 5.5.5.2405, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x00010f20.

    Error - 21-1-2011 8:20:21 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 8:29:11 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 244: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 8:34:10 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 224: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 21-1-2011 9:27:50 | Computer Name = ADILOST | Source = Bonjour Service | ID = 100
    Description = 240: ERROR: read_msg errno 10054 (De externe host heeft een verbinding
    verbroken.)

    Error - 26-1-2011 9:36:22 | Computer Name = ADILOST | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: AvastUI.exe, versie: 5.1.889.0, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    [ System Events ]
    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De SMTP (Simple Mail Transfer Protocol)-service is onverwacht beëindigd.
    Dit is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De World Wide Web-publicatie-service is onverwacht beëindigd. Dit
    is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
    keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De MBAMService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

    Error - 25-1-2011 10:44:51 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De NIHardwareService-service is onverwacht beëindigd. Dit is nu 1
    keer gebeurd.

    Error - 25-1-2011 11:09:30 | Computer Name = ADILOST | Source = MRxSmb | ID = 8003
    Description = De masterbrowser heeft een servermelding ontvangen van computer SX551E61CAD
    die
    meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{71BFA0BC-9BBE-43.
    De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

    Error - 25-1-2011 14:07:02 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De C-DillaCdaC11BA-service is onverwacht beëindigd. Dit is nu 1 keer
    gebeurd.

    Error - 25-1-2011 19:18:01 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7034
    Description = De C-DillaCdaC11BA-service is onverwacht beëindigd. Dit is nu 1 keer
    gebeurd.

    Error - 26-1-2011 7:30:24 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: COM-service voor IMAPI cd-branders.

    Error - 26-1-2011 7:30:24 | Computer Name = ADILOST | Source = Service Control Manager | ID = 7000
    Description = De COM-service voor IMAPI cd-branders-service kan vanwege de volgende
    fout niet worden gestart: %%1053


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      [2010-09-20 23:13:20 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjpj.ini
      [2010-09-03 15:36:54 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjol.ini
      [2010-09-03 15:36:54 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjfl.ini
      [2010-09-03 15:36:08 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjef.ini
      [2010-09-03 15:35:56 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjda.ini
      [2010-09-03 15:35:45 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjcc.ini
      [2010-09-03 15:35:32 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjpc.ini
      [2010-09-03 15:35:32 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjjd.ini
      [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjma.ini
      [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjke.ini
      [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjgb.ini
      [2010-09-03 15:02:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjbe.ini
      [2010-09-03 15:01:58 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dnlehjlk.ini
      @Alternate Data Stream - 1257 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:cZAAyo3VetYfXrm5B3tw
      @Alternate Data Stream - 1242 bytes -> C:\Documents and Settings\Mr.A\Cookies\4nIcFQGyou7m:cwQNeMVQDblPSunGe3X
      @Alternate Data Stream - 1214 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:fXeY28poQMWPDaKRZ
      @Alternate Data Stream - 1205 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dgDiPp650oCYkoGTsnGhu42
      @Alternate Data Stream - 1122 bytes -> C:\Documents and Settings\Mr.A\Cookies:RpvRPoYZRH6rjYzclCkaHhyU6R
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Oke i have followed all steps, the eset online scanner is still scanning though. It already has found a few things so far.

    But before i posted all the log files needed i wanted to ask something quick. Do i have to remove the found items by the online scanner after it is finished?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    No. I want to see them:
     
  23. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Okido got it :) Thanks for the quick reply..

    Yeah I had already unchecked them, but i was not realy clear about to remove them manually after the scan or not. But i got it now.
    I will post them as soon as the scan is ready.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK................
     
  25. Adilost

    Adilost TS Rookie Topic Starter Posts: 28

    Oke now the scan is ready, here are the steps I have taking in order..

    First I have updated my Java as suggested. After installation I have rebooted my PC.
    Then I used JavaRa as described. It made a log, don’t know if the log is suppose to be posted, but here is it anyway:

    ==================================================

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Wed Jan 26 23:18:13 2011

    Found and removed: C:\Documents and Settings\Mr.A\Application Data\Sun\Java\jre1.6.0_21

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: Installer\Products\4EA42A62D9304AC4784BF238120612FF\SourceList

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062F01

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062F01

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.

    ==================================================


    After that I have copied the content of the codebox and pasted in the specific box in OTL, and clicked the Run Fix button. After it was done, I rebooted my system & the log was produced including the following content:

    ==================================================

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    C:\WINDOWS\dnlehjpj.ini moved successfully.
    C:\WINDOWS\dnlehjol.ini moved successfully.
    C:\WINDOWS\dnlehjfl.ini moved successfully.
    C:\WINDOWS\dnlehjef.ini moved successfully.
    C:\WINDOWS\dnlehjda.ini moved successfully.
    C:\WINDOWS\dnlehjcc.ini moved successfully.
    C:\WINDOWS\dnlehjpc.ini moved successfully.
    C:\WINDOWS\dnlehjjd.ini moved successfully.
    C:\WINDOWS\dnlehjma.ini moved successfully.
    C:\WINDOWS\dnlehjke.ini moved successfully.
    C:\WINDOWS\dnlehjgb.ini moved successfully.
    C:\WINDOWS\dnlehjbe.ini moved successfully.
    C:\WINDOWS\dnlehjlk.ini moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:cZAAyo3VetYfXrm5B3tw deleted successfully.
    ADS C:\Documents and Settings\Mr.A\Cookies\4nIcFQGyou7m:cwQNeMVQDblPSunGe3X deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:fXeY28poQMWPDaKRZ deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:dgDiPp650oCYkoGTsnGhu42 deleted successfully.
    ADS C:\Documents and Settings\Mr.A\Cookies:RpvRPoYZRH6rjYzclCkaHhyU6R deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Mr.A
    ->Temp folder emptied: 12157556 bytes
    ->Temporary Internet Files folder emptied: 325003 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 50564157 bytes
    ->Flash cache emptied: 1140 bytes

    User: Mr~A

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 640184 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49635 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 188924 bytes

    Total Files Cleaned = 61,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: Mr.A
    ->Flash cache emptied: 0 bytes

    User: Mr~A

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 01262011_233607

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f24.dat not found!

    Registry entries deleted on Reboot...

    ==================================================


    Then I ran SecurityCheck.exe The log for the Checkup.txt file includes the following content:

    ==================================================

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Pro Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner (remove only)
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.3.4 - Nederlands
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    ``````````End of Log````````````

    ==================================================


    After that was done I ran TFC as mentioned. After cleaning I had to reboot my PC.
    One started up I disabled my anti-virus (avast) and ran a scan using the ESET Online scanner. After the scan was done I saw that it has detected 91 treats. As mentioned I have saved the log file. It Includes the following content:

    ==================================================

    F:\Downloads\StreamingStar.HiDownload.Platinum.v7.7.5.320.WinAll.Incl.Keygen-CRD.rar a variant of Win32/Keygen.AL application
    F:\Downloads\StreamingStar.HiDownload.Platinum.v7.7.5.320.WinAll.Incl.Keygen-CRD\StreamingStar.HiDownload.Platinum.v7.7.5.320.WinAll.Incl.Keygen-CRD\cux0010a.zip a variant of Win32/Keygen.AL application
    F:\Downloads\StreamingStar.HiDownload.Platinum.v7.7.5.320.WinAll.Incl.Keygen-CRD\StreamingStar.HiDownload.Platinum.v7.7.5.320.WinAll.Incl.Keygen-CRD\cux0010a\cux0010a.rar a variant of Win32/Keygen.AL application
    F:\Mijn Documenten\BitComet Downloads\BS.Player.Pro.v2.35.985.Multilingual.Incl.Keymaker-CORE.rar a variant of Win32/Keygen.AG application
    F:\Mijn Documenten\BitComet Downloads\Digidesign Synchronic RTAS v1.0.rar probably a variant of Win32/Agent.GJPKHVD trojan
    F:\Mijn Documenten\BitComet Downloads\Malwarebytes v1.37 (by daniel2034).rar probably a variant of Win32/Agent.DDCOQWM trojan
    F:\Mijn Documenten\BitComet Downloads\relife141.zip probably a variant of Win32/SdBot.MUQSRIE trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Adobe After Effects CS4 (Final) [RH]\AAE_CS4_[RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\ACS4MC-Keygen.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.3.3.Incl.Keygen-AiR\a-1033wa.zip probably a variant of Win32/Agent.CZYNKI trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.4.2.Incl.Keygen-AiR NEW\a-mp142a.zip probably a variant of Win32/Agent.CZYNKI trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.4.2.Incl.Keygen-AiR NEW\a-mp142a\a-mp142.rar probably a variant of Win32/Agent.CZYNKI trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR\a-3222wa.zip probably a variant of Win32/Agent.KZPCPEY trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR\a-3222wa\a-3222w.rar probably a variant of Win32/Agent.KZPCPEY trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR NEW\a-3222wa.zip probably a variant of Win32/Agent.KZPCPEY trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Celemony.Melodyne.Studio.Edition.v3.2.2.2.Incl.Keygen-AiR NEW\a-3222wa\a-3222w.rar probably a variant of Win32/Agent.KZPCPEY trojan
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Analog.Edition.VSTi.RTAS.v1.23.Incl.Keygen-AiR\a-klcaea.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Analog.Edition.VSTi.RTAS.v1.23.Incl.Keygen-AiR\a-klcaea\a-klcae.rar a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Analog.Edition.VSTi.RTAS.v1.23.Incl.Keygen-AiR\a-klcaea\a-klcae\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Digital.Edition.VSTi.RTAS.v1.32.Incl.Keygen-AiR\a-klcdea.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Digital.Edition.VSTi.RTAS.v1.32.Incl.Keygen-AiR\a-klcdea\a-klcde.rar a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Korg.Legacy.Collection.Digital.Edition.VSTi.RTAS.v1.32.Incl.Keygen-AiR\a-klcdea\a-klcde\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\LennarDigital.Sylenth1.VSTi.v2.202.Incl.Keygen-AiR\a-s2202a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Silverspike.TapeIt.VST.v2.3.Incl.Keygen-AiR\a-ssti23.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Silverspike.TapeIt.VST.v2.3.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Tone2.Filterbank2.VST.v2.5.Incl.Keygen-AiR\a-t2fb25.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Tone2.Firebird.VSTi.v1.2.1.incl.Keygen-AiR\a-fb121a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Tone2.Firebird.VSTi.v1.2.1.incl.Keygen-AiR\a-fb121b\a-fb121.rar a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\Tone2.Firebird.VSTi.v1.2.1.incl.Keygen-AiR\a-fb121b\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\2010\WaveArts.Master.Restoration.VST.DX.RTAS.v5.46.Incl.Keygen-AiR\a-mr546a.zip probably a variant of Win32/Agent.WAFUGL trojan
    F:\Mijn Documenten\BitComet Downloads\2010\WaveArts.TubeSaturator.VST.DX.RTAS.v1.00.Incl.Keygen-AiR\a-wts10a.zip probably a variant of Win32/Agent.GUYUUZJ trojan
    F:\Mijn Documenten\BitComet Downloads\2010\WaveArts.TubeSaturator.VST.DX.RTAS.v1.00.Incl.Keygen-AiR\a-wts10a\a-wts10.rar probably a variant of Win32/Agent.GUYUUZJ trojan
    F:\Mijn Documenten\BitComet Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe a variant of Win32/Keygen.AS application
    F:\Mijn Documenten\BitComet Downloads\Digidesign D-Fi TDM RTAS AS v2.0.1\Digidesign D-Fi TDM RTAS AS v2.0.1.rar probably a variant of Win32/Agent.GJPKHVD trojan
    F:\Mijn Documenten\BitComet Downloads\Digidesign Smack HD TDM RTAS AS v1.0.1\Digidesign Smack HD TDM RTAS AS v1.0.1.rar probably a variant of Win32/Agent.GJPKHVD trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT.rar probably a variant of Win32/Agent.HEPGPJJ trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Camel Audio CamelPhat VST v3.42 incl Keygen-AiR\a-cph342.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Camel Audio CamelPhat VST v3.42 incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Camel Audio CamelSpace VST v1.42 incl Keygen-AiR\a-csp142.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Camel Audio CamelSpace VST v1.42 incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.03.Incl.Keygen-AiR\a-oz403.rar a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.03.Incl.Keygen-AiR\a-oz403a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.03.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Native Instruments Kontakt v1.5.3.010\Native Instruments Kontakt v1.5.3.010.rar a variant of Win32/Keygen.AA application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Native.Instruments.Pro53.VSTi.DXi.RTAS.v3.04-AiR\Setup.exe probably a variant of Win32/Agent.DUBEDBP trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Novation.V-Station.VSTi.v1.5.1.incl.Keygen-AiR\a-nvs151.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Novation.V-Station.VSTi.v1.5.1.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware EasyVerb VST RTAS v1.5.4 Incl Keygen-AiR\a-ev154.rar a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware EasyVerb VST RTAS v1.5.4 Incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware MasterComp VST RTAS v1.5.4 Incl Keygen-AiR\a-mc154a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware MasterComp VST RTAS v1.5.4 Incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware MasterQ VST RTAS v1.5.2 Incl Keygen-AiR\a-mq152a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP Audioware MasterQ VST RTAS v1.5.2 Incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP.Audioware.Nitro.VST.RTAS.v1.1.2.Incl.Keygen-AiR\a-pn112a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP.Audioware.Nitro.VST.RTAS.v1.1.2.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP.Audioware.StereoPack.VST.RTAS.v1.9.0.Incl.Keygen-AiR\a-stp19a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\PSP.Audioware.StereoPack.VST.RTAS.v1.9.0.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob Papen Predator VSTi v1.1 Incl Keygen-AiR\a-rpp11a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob Papen Predator VSTi v1.1 Incl Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\B-Blue17.part1.rar probably a variant of Win32/Agent.HEPGPJJ trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\b-lue17a.zip probably a variant of Win32/Agent.HEPGPJJ trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob.Papen.ConcreteFX.Blue.VSTi.v1.7.incl.KeyGen-BEAT\KeyGen.exe probably a variant of Win32/Agent.HEPGPJJ trojan
    F:\Mijn Documenten\BitComet Downloads\FL STUDIO PLUGINS\Rob.Papen.Predator.VSTi.v1.1b.incl.Keygen-AiR\a-rp11ba.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\a-imb10a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.03.Incl.Keygen-AiR\a-oz403a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
    F:\Mijn Documenten\BitComet Downloads\PSP Audioware MasterComp VST RTAS v1.5.4 Incl Keygen-AiR\a-mc154a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\PSP Audioware MasterQ VST RTAS v1.5.2 Incl Keygen-AiR\a-mq152a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\PSP.Audioware.Neon.VST.RTAS.v1.5.1.x32.x64.Incl.Keygen-AiR\a-pn151a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\PSP.Audioware.Nitro.VST.RTAS.v1.1.2.Incl.Keygen-AiR\a-pn112a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\PSP.Audioware.StereoPack.VST.RTAS.v1.9.0.Incl.Keygen-AiR\a-stp19a.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\BitComet Downloads\relife141\ReLife 1.41\ReLife_Mono.dll probably a variant of Win32/SdBot.MUQSRIE trojan
    F:\Mijn Documenten\BitComet Downloads\Sony Sound Forge 9.0e Build 441\Keygen.exe a variant of Win32/Keygen.AR application
    F:\Mijn Documenten\BitComet Downloads\Sony Sound Forge Pro v10 (SoundForge 2009) + Keygen (CLEAN) [h33t] - CaZoR\Sony Sound Forge Pro v10 (SoundForge 2009) + Keygen (CLEAN).rar a variant of Win32/Keygen.AR application
    F:\Mijn Documenten\BitComet Downloads\Sony Sound Forge Pro v10 (SoundForge 2009) + Keygen (CLEAN) [h33t] - CaZoR\Sony Sound Forge Pro v10 (SoundForge 2009) + Keygen (CLEAN)\Keygen.exe a variant of Win32/Keygen.AR application
    F:\Mijn Documenten\BitComet Downloads\WiZOO DARKUBA LATIGO VSTi. AU.RTAS.PC.MAC\Wizoo Darbuka + Latigo Trial Patch.zip\Wizoo Darbuka + Latigo Trial Patch.zip probably a variant of Win32/Agent.MYJCEUM trojan
    F:\Mijn Documenten\BitComet Downloads\WiZOO DARKUBA LATIGO VSTi. AU.RTAS.PC.MAC\WiZOO. DARKUBA.LATIGO.VSTi. AU.RTAS.PC.MAC\Cracked DLL's of WIZOO DARBUKA & LATIGO.rar probably a variant of Win32/Agent.MYJCEUM trojan
    F:\Mijn Documenten\FL Studio Stuff\vst plugins\D16.Nepheton.VSTi.v1.0.5.Incl.Keygen-AiR.zip a variant of Win32/Keygen.AD application
    F:\Mijn Documenten\Software\2010\VSO ConvertX To DVD 4.0.9.322a.rar a variant of Win32/Keygen.AS application
    F:\Mijn Documenten\Software\2oo9\cbsoftwarepatchregistrybooster.exe a variant of Win32/RegistryBooster application
    F:\Mijn Documenten\Software\2oo9\Driver Genius Pro.7z probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan
    F:\Mijn Documenten\Software\2oo9\Driver Genius Pro\Driver Genius Pro\Driver_Genius_Professional_Edition_9.0.0.180_incl_crack.rar Win32/PSW.Fignotok.C trojan
    F:\Mijn Documenten\Software\2oo9\Driver Genius Pro\Driver Genius Pro\drvgenpro.exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan
    F:\Mijn Documenten\Windows Live Messenger Stuff\messengercontentbackup03b.exe probably a variant of Win32/Agent.BYAAUSR trojan
    F:\Mijn Documenten\Windows Live Messenger Stuff\MsgPlusLive-470.exe a variant of Win32/MessengerPlus application
    F:\Mijn Documenten\Windows Live Messenger Stuff\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application
    F:\Private Stuff\proggies voor laptop\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe a variant of Win32/Keygen.AS application
    F:\VstPlugins\Camel Audio\Phat\keygen.exe a variant of Win32/Keygen.AD application
    F:\VstPlugins\Camel Audio\Space\keygen.exe a variant of Win32/Keygen.AD application
    F:\VstPlugins\Korg Legacy\Analog Edition\keygen.exe a variant of Win32/Keygen.AD application
    F:\VstPlugins\Korg Legacy\Digital Edition\keygen.exe a variant of Win32/Keygen.AD application
    F:\VstPlugins\PSP AudioWare\keygen.exe a variant of Win32/Keygen.AD application

    ==================================================


    Not sure, but since AVG nor MalwareBytes Anti-Malware would never not read these files as viruses, I myself think the most of these founded files are KeyGen files of certain programs. Some one once told me that some Anti-Virus programs read these files as backdoor viruses because they were programmed in the same characteristic way or something. Don’t know if that is true or not.. But maybe that’s the case I thought to my self. Because I found it weird why these programs would not recognize these files as possible Worm or Viruses, while a online scanner does..
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...