Solved Explorer.exe infected with bamital AF- Explorer will not run

Status
Not open for further replies.

generalkenobi2

Posts: 39   +0
If i made a mistake or posted wrong to cause you to avoid helping me, please let me know what i did wrong. dont just click away please, help is appreciated. now I've looked at some of the other user's posts and have tried, ive been running programs with the command prompt from a black screen. can you guys work some magic for me too?

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000041c

Kernel Drivers (total 196):
0x82A41000 \SystemRoot\system32\ntkrnlpa.exe
0x82A0E000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\PSHED.dll
0x80418000 \SystemRoot\system32\BOOTVID.dll
0x80420000 \SystemRoot\system32\CLFS.SYS
0x80461000 \SystemRoot\system32\CI.dll
0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805B2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\system32\drivers\isapnp.sys
0x80690000 \SystemRoot\system32\drivers\mpio.sys
0x806AC000 \SystemRoot\System32\drivers\partmgr.sys
0x806BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C8000 \SystemRoot\system32\drivers\volmgr.sys
0x806D7000 \SystemRoot\System32\drivers\volmgrx.sys
0x80721000 \SystemRoot\system32\drivers\intelide.sys
0x80728000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80736000 \SystemRoot\system32\drivers\pciide.sys
0x8073D000 \SystemRoot\system32\drivers\aliide.sys
0x80744000 \SystemRoot\system32\drivers\amdide.sys
0x8074B000 \SystemRoot\system32\drivers\cmdide.sys
0x80753000 \SystemRoot\System32\drivers\mountmgr.sys
0x80763000 \SystemRoot\system32\drivers\msdsm.sys
0x8077D000 \SystemRoot\system32\drivers\nvraid.sys
0x80798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B9000 \SystemRoot\system32\drivers\viaide.sys
0x88204000 \SystemRoot\system32\drivers\iastorv.sys
0x882A5000 \SystemRoot\system32\drivers\atapi.sys
0x882AD000 \SystemRoot\system32\drivers\ataport.SYS
0x882CB000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x882E5000 \SystemRoot\system32\drivers\storport.sys
0x88326000 \SystemRoot\system32\drivers\nvstor.sys
0x88333000 \SystemRoot\system32\drivers\hpcisss.sys
0x8833E000 \SystemRoot\system32\drivers\adp94xx.sys
0x883A8000 \SystemRoot\system32\drivers\adpahci.sys
0x807C1000 \SystemRoot\system32\drivers\adpu160m.sys
0x805C0000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88404000 \SystemRoot\system32\drivers\adpu320.sys
0x8842A000 \SystemRoot\system32\drivers\djsvs.sys
0x8843E000 \SystemRoot\system32\drivers\arc.sys
0x88454000 \SystemRoot\system32\drivers\arcsas.sys
0x8846A000 \SystemRoot\system32\drivers\elxstor.sys
0x884FE000 \SystemRoot\system32\drivers\i2omp.sys
0x88508000 \SystemRoot\system32\drivers\iirsp.sys
0x88518000 \SystemRoot\system32\drivers\iteatapi.sys
0x88524000 \SystemRoot\system32\drivers\iteraid.sys
0x88530000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8854A000 \SystemRoot\system32\drivers\lsi_sas.sys
0x88562000 \SystemRoot\system32\drivers\megasas.sys
0x88604000 \SystemRoot\system32\drivers\megasr.sys
0x886BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x886C6000 \SystemRoot\system32\drivers\msahci.sys
0x886D0000 \SystemRoot\system32\drivers\nfrd960.sys
0x88807000 \SystemRoot\system32\drivers\ql2300.sys
0x8893F000 \SystemRoot\system32\drivers\ql40xx.sys
0x88994000 \SystemRoot\system32\drivers\sisraid2.sys
0x889A1000 \SystemRoot\system32\drivers\sisraid4.sys
0x889B6000 \SystemRoot\system32\drivers\symc8xx.sys
0x889C2000 \SystemRoot\system32\drivers\sym_hi.sys
0x889CD000 \SystemRoot\system32\drivers\sym_u3.sys
0x886DE000 \SystemRoot\system32\drivers\uliahci.sys
0x889D8000 \SystemRoot\system32\drivers\ulsata.sys
0x8871A000 \SystemRoot\system32\drivers\ulsata2.sys
0x88746000 \SystemRoot\system32\drivers\vsmraid.sys
0x88767000 \SystemRoot\system32\drivers\fltmgr.sys
0x88799000 \SystemRoot\system32\drivers\fileinfo.sys
0x8856C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A03000 \SystemRoot\system32\drivers\ndis.sys
0x88B0E000 \SystemRoot\system32\drivers\msrpc.sys
0x88B39000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C00000 \SystemRoot\System32\drivers\tcpip.sys
0x88CEA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F18000 \SystemRoot\system32\drivers\wd.sys
0x88F20000 \SystemRoot\system32\drivers\volsnap.sys
0x88F59000 \SystemRoot\System32\Drivers\spldr.sys
0x88F61000 \SystemRoot\system32\drivers\sbp2port.sys
0x88F76000 \SystemRoot\System32\Drivers\mup.sys
0x88F85000 \SystemRoot\System32\drivers\ecache.sys
0x88FAC000 \SystemRoot\system32\drivers\disk.sys
0x88FBD000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FD3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FE7000 \SystemRoot\system32\DRIVERS\processr.sys
0x88FF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88D05000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88FC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88D18000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88FD1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88D48000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88E00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88D53000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88D5B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88D65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88DA3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C80C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C899000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C8B1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C8BB000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D47E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D480000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D521000 \SystemRoot\System32\drivers\watchdog.sys
0x8D60C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8D754000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D783000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D78E000 \SystemRoot\system32\drivers\windrvr6.sys
0x8D7BE000 \SystemRoot\system32\DRIVERS\bridge.sys
0x8D7D9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D7F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D52D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D550000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D55F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D573000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D588000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D7FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D598000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D5C2000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9B8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C9C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88DB2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x88DC3000 \SystemRoot\system32\drivers\CHDRT32.sys
0x88B74000 \SystemRoot\system32\drivers\portcls.sys
0x88BA1000 \SystemRoot\system32\drivers\drmk.sys
0x887A9000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8DA03000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8DB06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8DBBB000 \SystemRoot\system32\drivers\modem.sys
0x8DBC8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8DBE5000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x88BC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x88BDD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DBF9000 \SystemRoot\System32\Drivers\Null.SYS
0x88DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x889F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x887F0000 \SystemRoot\System32\drivers\vga.sys
0x885DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x887E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x883F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x807DC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x807E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x807F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x805E6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DC0B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8DC15000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DC29000 \SystemRoot\system32\drivers\afd.sys
0x8DC71000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8DC76000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DCA8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DCBE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DCCC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DCDF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DD1B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DD25000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DD3C000 \SystemRoot\System32\Drivers\aswSP.SYS
0x968E0000 \SystemRoot\System32\win32k.sys
0x8DD70000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DD7A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96B00000 \SystemRoot\System32\TSDDD.dll
0x96B20000 \SystemRoot\System32\cdd.dll
0x8DD89000 \SystemRoot\system32\drivers\luafv.sys
0x8DDA4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8DDDB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8DDDE000 \SystemRoot\system32\drivers\WudfPf.sys
0x8200E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8201E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82048000 \SystemRoot\system32\drivers\spsys.sys
0x820F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82102000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82115000 \SystemRoot\system32\drivers\HTTP.sys
0x82182000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8219F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x821B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x821CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D40D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D446000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D45E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D486000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D4EC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D4F0000 \SystemRoot\system32\drivers\npf.sys
0x9D4F7000 \SystemRoot\system32\drivers\peauth.sys
0x9D5D5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D5DF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D5EB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9D5F3000 \SystemRoot\system32\drivers\tdtcp.sys
0x9D400000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA1409000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA143C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B60000 \Windows\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
492 csrss.exe
544 C:\Windows\System32\wininit.exe
556 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\winlogon.exe
1192 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\nvvsvc.exe
1476 C:\Windows\System32\svchost.exe
1612 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1648 C:\Windows\System32\wlanext.exe
1972 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\svchost.exe
432 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
468 C:\Program Files\Bonjour\mDNSResponder.exe
456 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\inetsrv\inetinfo.exe
956 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1388 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2060 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\svchost.exe
2148 C:\Windows\SMINST\BLService.exe
2208 C:\Windows\System32\TCPSVCS.EXE
2232 C:\Windows\System32\svchost.exe
2272 C:\Windows\System32\svchost.exe
2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2364 C:\Windows\System32\SearchIndexer.exe
2412 C:\Windows\System32\drivers\XAudio.exe
2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2476 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2504 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3416 C:\Windows\System32\taskeng.exe
3488 C:\Windows\System32\dwm.exe
2468 C:\Windows\System32\taskmgr.exe
2800 C:\Windows\System32\taskeng.exe
2860 C:\Program Files\Mozilla Firefox\firefox.exe
3344 C:\Windows\System32\SearchProtocolHost.exe
1392 C:\Windows\System32\SearchFilterHost.exe
3936 C:\Users\Maaike new\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Mbam log

MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4910

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/22/2010 3:32:57 AM
mbam-log-2010-10-22 (03-32-57).txt

Scan type: Quick scan
Objects scanned: 151955
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
DDS

DDS


DDS (Ver_10-10-21.02) - NTFSx86
Run by Maaike new at 3:55:17.64 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.953 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Maaike new\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\maaike~1\appdata\roaming\mozilla\firefox\profiles\3436nbe5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\maaike new\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-26 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-5-21 361808]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-1 105576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-16 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-20 11264]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-22 10:19:02 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-22 09:46:52 -------- d-----w- c:\users\maaike~1\appdata\local\temp
2010-10-22 08:54:08 98816 ----a-w- c:\windows\sed.exe
2010-10-22 08:54:08 77312 ----a-w- c:\windows\MBR.exe
2010-10-22 08:54:08 256512 ----a-w- c:\windows\PEV.exe
2010-10-22 08:54:08 161792 ----a-w- c:\windows\SWREG.exe
2010-10-22 08:40:46 -------- d-----w- C:\_OTL
2010-10-22 08:26:32 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ac9e4d4a-b48e-4e1f-bcfe-4e011daa5594}\mpengine.dll
2010-10-22 05:25:24 -------- d-----w- c:\users\maaike new\DoctorWeb
2010-10-22 04:35:15 -------- d-----w- c:\users\maaike~1\appdata\roaming\SpaceMonger
2010-10-22 04:35:15 -------- d-----w- c:\program files\SpaceMonger
2010-10-22 03:31:08 3063561 ----a-w- c:\progra~2\MobileTV.exe
2010-10-22 03:31:07 2989660 ----a-w- c:\progra~2\DVD.exe
2010-10-22 03:31:06 2864396 ----a-w- c:\progra~2\MPV.exe
2010-10-22 03:31:06 2331174 ----a-w- c:\progra~2\Karaoke.exe
2010-10-22 03:31:06 2231606 ----a-w- c:\progra~2\Games.exe
2010-10-22 03:31:05 -------- d-----w- c:\progra~2\ENU
2010-10-21 19:39:23 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-21 19:36:54 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-10-20 23:44:44 -------- d-----w- c:\windows\system32\catroot2
2010-10-20 19:14:46 -------- d-----w- c:\progra~2\WSTB
2010-10-19 00:39:44 10240 ----a-w- c:\windows\system32\virport.dll
2010-10-19 00:27:27 -------- d-----w- C:\swsetup
2010-10-18 23:46:16 -------- d-----w- c:\users\maaike new\Tracing
2010-10-18 23:42:13 -------- d-----w- c:\windows\en
2010-10-18 23:35:33 94040 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\DSETUP.dll
2010-10-18 23:35:33 525656 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\DXSETUP.exe
2010-10-18 23:35:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\dsetup32.dll
2010-10-18 23:35:25 94040 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\DSETUP.dll
2010-10-18 23:35:25 525656 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\DXSETUP.exe
2010-10-18 23:35:25 1691480 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\dsetup32.dll
2010-10-18 23:34:36 -------- d-----w- c:\users\maaike~1\appdata\local\Windows Live
2010-10-16 07:26:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-16 07:26:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-15 06:55:15 -------- d-----w- c:\program files\WinPcap
2010-10-15 06:25:14 -------- d-----w- c:\program files\PFConfig
2010-10-15 05:21:11 -------- d-----w- c:\program files\XBC
2010-10-14 03:02:02 -------- d-----w- c:\progra~2\LightScribe
2010-10-14 01:39:54 -------- d-----w- c:\program files\Nero
2010-10-13 17:46:23 -------- d-----w- c:\users\maaike~1\appdata\local\Nero
2010-10-13 17:35:46 -------- d-----w- c:\users\maaike~1\appdata\roaming\NeroDigital(TM)
2010-10-13 16:54:06 -------- d-----w- c:\users\maaike~1\appdata\local\Nero_AG
2010-10-13 16:51:25 -------- d-----w- c:\program files\MSXML 4.0
2010-10-13 07:19:53 -------- d-----w- c:\progra~2\Nero
2010-10-13 04:48:34 -------- d-----w- c:\windows\system32\DLA
2010-10-13 02:18:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 02:18:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 02:16:59 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 02:16:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 02:13:00 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 19:45:38 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2010-10-11 19:45:31 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2010-10-11 19:45:19 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2010-10-11 19:45:14 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2010-10-11 19:44:59 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2010-10-11 19:44:48 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2010-10-11 19:44:27 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2010-10-11 19:10:35 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-11 06:03:34 -------- d-----w- c:\users\maaike~1\appdata\roaming\MozillaControl
2010-10-11 06:03:21 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-10-09 02:43:30 -------- d-----w- c:\program files\QWIX
2010-10-05 17:18:23 -------- d-----w- c:\windows\Freecorder
2010-10-04 21:05:13 165232 ---ha-w- c:\users\maaike~1\appdata\roaming\microsoft\virtual pc\VPCKeyboard.dll
2010-09-29 07:26:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:26:27 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-24 22:48:11 -------- d-----w- c:\users\maaike~1\appdata\roaming\FlashFXP
2010-09-24 22:47:49 90112 ----a-w- c:\windows\unvise32.exe
2010-09-24 22:47:47 -------- d-----w- c:\program files\FlashFXP
2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 05:26:40 -------- d-----w- c:\progra~2\FlashFXP
2010-09-24 01:50:13 864256 ----a-w- c:\windows\system32\cg.dll
2010-09-23 22:51:57 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
2010-09-23 21:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 07:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 04:58:39 -------- d-----w- c:\program files\Misc Apps
2010-09-23 00:01:01 1347344 ----a-w- c:\windows\system32\Msvbvm50.dll

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-02 05:30:20 8192 ----a-w- c:\windows\system32\streamci.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 3:55:55.79 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/17/2008 5:52:30 PM
System Uptime: 10/22/2010 3:45:44 AM (0 hours ago)

Motherboard: Wistron | | 360A
Processor: AMD Athlon Dual-Core QL-60 | Socket A | 1900/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 102 GiB total, 20.369 GiB free.
D: is FIXED (NTFS) - 10 GiB total, .013 GiB free.
E: is CDROM ()
K: is NetworkDisk (NTFS) - 102 GiB total, 20.369 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP466: 10/18/2010 5:27:57 PM - Device Driver Package Install: Conexant Sound, video and game controllers
RP467: 10/19/2010 10:09:33 AM - Scheduled Checkpoint
RP468: 10/19/2010 11:58:50 AM - Windows Update
RP469: 10/20/2010 5:39:06 PM - Scheduled Checkpoint
RP470: 10/22/2010 1:12:55 AM - Restore Operation
RP471: 10/22/2010 1:26:05 AM - Windows Update

==== Installed Programs ======================

"Nero SoundTrax Help
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Blu-ray Disc Authoring Plug-in
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Character Builder
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
D3DX10
DolbyFiles
DTS Plug-in
Duplicate Music Files Finder 1.5.5
erLT
FlashFXP v3.2.0 (Build 1080) Scene Edition
GearDrvs
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Doc Viewer
HP DVD Play 3.7
HP User Guides 0110
HP Wireless Assistant
HPNetworkAssistant
HPTCSSetup
ImagXpress
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 5
K-Lite Codec Pack 4.0.0 (Full)
LightScribe System Software
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft Xbox 360 Accessories 1.2
Mobile Broadband Generic Drivers
Movie Templates - Starter Kit
Mozilla Firefox (3.6.11)
mp3PRO Plug-in
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BackItUp 4
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero Move it
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PeaZip 2.9.1
PVSonyDll
QuickTime
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sonic Activation Module
SoundTrax
SpaceMonger 2.1.1
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Battle for Middle-earth (tm) II
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinPcap 4.1.2
XBC 5.1
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


We're all volunteers around here.
We work, we sleep, we eat and we have private lives too.
Bumping your topic won't speed up anything.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
i must apologize for my seeming impatient, i didnt realize the time frame refreshed after every post and i saw others on the page between an hour and ten minutes that were active, thought i was being ignored because of a mistake i made, deepest apologies broni.

Good news is my desktop is working again, here is the log.

ComboFix 10-10-22.03 - Maaike new 10/22/2010 18:44:43.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1125 [GMT -7:00]
Running from: c:\users\Maaike new\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 01:53 . 2010-10-23 01:55 -------- d-----w- c:\users\Maaike new\AppData\Local\temp
2010-10-23 01:53 . 2010-10-23 01:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-10-23 01:53 . 2010-10-23 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-22 20:01 . 2010-10-23 01:32 -------- d-----w- c:\users\Maaike new\AppData\Local\QuickPlay
2010-10-22 19:47 . 2010-10-22 19:47 -------- d-----w- c:\program files\ESET
2010-10-22 08:40 . 2010-10-22 08:40 -------- d-----w- C:\_OTL
2010-10-22 08:26 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC9E4D4A-B48E-4E1F-BCFE-4E011DAA5594}\mpengine.dll
2010-10-22 05:25 . 2010-10-22 07:19 -------- d-----w- c:\users\Maaike new\DoctorWeb
2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\program files\SpaceMonger
2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\users\Maaike new\AppData\Roaming\SpaceMonger
2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\users\Maaike new\AppData\Roaming\HP
2010-10-22 03:31 . 2010-10-22 03:31 3063561 ----a-w- c:\programdata\MobileTV.exe
2010-10-22 03:31 . 2010-10-22 03:31 2989660 ----a-w- c:\programdata\DVD.exe
2010-10-22 03:31 . 2010-10-22 03:31 2864396 ----a-w- c:\programdata\MPV.exe
2010-10-22 03:31 . 2010-10-22 03:31 2331174 ----a-w- c:\programdata\Karaoke.exe
2010-10-22 03:31 . 2010-10-22 03:31 2231606 ----a-w- c:\programdata\Games.exe
2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\programdata\ENU
2010-10-21 19:39 . 2009-01-12 23:50 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-21 19:36 . 2007-03-14 03:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-10-20 23:44 . 2010-10-20 23:48 -------- d-----w- c:\windows\system32\catroot2
2010-10-20 22:46 . 2010-10-20 22:46 -------- d-----w- c:\users\Maaike new\AppData\Roaming\DAEMON Tools
2010-10-20 19:14 . 2010-10-20 19:14 -------- d-----w- c:\programdata\WSTB
2010-10-19 00:39 . 2003-09-16 08:19 10240 ----a-w- c:\windows\system32\virport.dll
2010-10-19 00:27 . 2010-10-19 00:27 -------- d-----w- C:\swsetup
2010-10-18 23:46 . 2010-10-19 00:44 -------- d-----w- c:\users\Maaike new\Tracing
2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\windows\en
2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DSETUP.dll
2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DXSETUP.exe
2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\dsetup32.dll
2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DSETUP.dll
2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DXSETUP.exe
2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\dsetup32.dll
2010-10-18 23:34 . 2010-10-19 03:26 -------- d-----w- c:\users\Maaike new\AppData\Local\Windows Live
2010-10-16 07:26 . 2010-10-22 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-16 07:26 . 2010-10-16 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-15 06:55 . 2010-10-15 06:55 -------- d-----w- c:\program files\WinPcap
2010-10-15 06:25 . 2010-10-15 08:23 -------- d-----w- c:\program files\PFConfig
2010-10-15 05:21 . 2010-10-16 20:33 -------- d-----w- c:\program files\XBC
2010-10-14 03:02 . 2010-10-14 03:02 -------- d-----w- c:\programdata\LightScribe
2010-10-14 01:39 . 2010-10-14 01:52 -------- d-----w- c:\program files\Nero
2010-10-14 01:39 . 2010-10-14 02:07 -------- d-----w- c:\program files\Common Files\Nero
2010-10-13 17:46 . 2010-10-13 17:46 -------- d-----w- c:\users\Maaike new\AppData\Local\Nero
2010-10-13 16:51 . 2010-10-13 16:51 -------- d-----w- c:\program files\MSXML 4.0
2010-10-13 08:02 . 2010-10-14 22:33 -------- d-----w- c:\users\Maaike new\AppData\Roaming\Nero
2010-10-13 07:19 . 2010-10-14 07:38 -------- d-----w- c:\programdata\Nero
2010-10-13 04:48 . 2010-10-13 08:15 -------- d-----w- c:\windows\system32\DLA
2010-10-13 04:48 . 2010-10-13 04:48 -------- d-----w- c:\programdata\InstallShield
2010-10-13 02:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 02:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 02:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 02:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 02:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2010-10-11 19:10 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-11 06:03 . 2010-10-20 21:54 -------- d-----w- c:\users\Maaike new\AppData\Roaming\MozillaControl
2010-10-11 06:03 . 2010-10-11 06:03 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-10-09 02:43 . 2010-10-09 02:58 -------- d-----w- c:\program files\QWIX
2010-10-05 17:18 . 2010-10-05 17:18 -------- d-----w- c:\windows\Freecorder
2010-10-04 21:05 . 2010-10-06 05:08 165232 ---ha-w- c:\users\Maaike new\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-29 07:26 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:26 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-24 22:48 . 2010-09-24 22:48 -------- d-----w- c:\users\Maaike new\AppData\Roaming\FlashFXP
2010-09-24 22:47 . 2003-03-16 08:15 90112 ----a-w- c:\windows\unvise32.exe
2010-09-24 22:47 . 2010-09-24 22:48 -------- d-----w- c:\program files\FlashFXP
2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 05:26 . 2010-09-24 05:26 -------- d-----w- c:\programdata\FlashFXP
2010-09-24 01:50 . 2004-01-24 09:35 864256 ----a-w- c:\windows\system32\cg.dll
2010-09-23 22:51 . 2010-09-23 22:52 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 04:58 . 2010-10-02 20:35 -------- d-----w- c:\program files\Misc Apps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2010-08-27 22:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-07 15:12 . 2010-09-03 05:20 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-04-27 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-04-27 04:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-04-27 04:03 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-04-27 04:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-04-27 04:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-04-27 04:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-02 05:30 . 2010-09-02 05:30 8192 ----a-w- c:\windows\system32\streamci.dll
2010-08-17 14:11 . 2010-09-15 16:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 18:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-11 03:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
FF - ProfilePath - c:\users\Maaike new\AppData\Roaming\Mozilla\Firefox\Profiles\3436nbe5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Maaike new\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 18:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SMINST\BLService.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-22 19:02:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 02:02
ComboFix2.txt 2010-10-22 09:46

Pre-Run: 20,616,597,504 bytes free
Post-Run: 20,558,077,952 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - D2FD9374F6687875F11598E4CAAD8486
 
Good news :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\Drivers\PsSdk30.drv

Driver::
PsSdk30

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk30]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ran it and it rebooted, whats next?

ComboFix 10-10-22.03 - Maaike new 10/22/2010 22:11:56.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.924 [GMT -7:00]
Running from: c:\users\Maaike new\Desktop\ComboFix.exe
Command switches used :: c:\users\Maaike new\Desktop\cfscript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\Drivers\PsSdk30.drv"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSSDK30
-------\Service_PsSdk30


((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 05:21 . 2010-10-23 05:21 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-10-23 05:21 . 2010-10-23 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-23 02:02 . 2010-10-23 05:24 -------- d-----w- c:\users\Maaike new\AppData\Local\temp
2010-10-22 20:01 . 2010-10-23 01:32 -------- d-----w- c:\users\Maaike new\AppData\Local\QuickPlay
2010-10-22 19:47 . 2010-10-22 19:47 -------- d-----w- c:\program files\ESET
2010-10-22 08:40 . 2010-10-22 08:40 -------- d-----w- C:\_OTL
2010-10-22 08:26 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC9E4D4A-B48E-4E1F-BCFE-4E011DAA5594}\mpengine.dll
2010-10-22 05:25 . 2010-10-22 07:19 -------- d-----w- c:\users\Maaike new\DoctorWeb
2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\program files\SpaceMonger
2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\users\Maaike new\AppData\Roaming\SpaceMonger
2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\users\Maaike new\AppData\Roaming\HP
2010-10-22 03:31 . 2010-10-22 03:31 3063561 ----a-w- c:\programdata\MobileTV.exe
2010-10-22 03:31 . 2010-10-22 03:31 2989660 ----a-w- c:\programdata\DVD.exe
2010-10-22 03:31 . 2010-10-22 03:31 2864396 ----a-w- c:\programdata\MPV.exe
2010-10-22 03:31 . 2010-10-22 03:31 2331174 ----a-w- c:\programdata\Karaoke.exe
2010-10-22 03:31 . 2010-10-22 03:31 2231606 ----a-w- c:\programdata\Games.exe
2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\programdata\ENU
2010-10-21 19:39 . 2009-01-12 23:50 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-21 19:36 . 2007-03-14 03:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-10-20 23:44 . 2010-10-20 23:48 -------- d-----w- c:\windows\system32\catroot2
2010-10-20 22:46 . 2010-10-20 22:46 -------- d-----w- c:\users\Maaike new\AppData\Roaming\DAEMON Tools
2010-10-20 19:14 . 2010-10-20 19:14 -------- d-----w- c:\programdata\WSTB
2010-10-19 00:39 . 2003-09-16 08:19 10240 ----a-w- c:\windows\system32\virport.dll
2010-10-19 00:27 . 2010-10-19 00:27 -------- d-----w- C:\swsetup
2010-10-18 23:46 . 2010-10-19 00:44 -------- d-----w- c:\users\Maaike new\Tracing
2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\windows\en
2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DSETUP.dll
2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DXSETUP.exe
2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\dsetup32.dll
2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DSETUP.dll
2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DXSETUP.exe
2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\dsetup32.dll
2010-10-18 23:34 . 2010-10-19 03:26 -------- d-----w- c:\users\Maaike new\AppData\Local\Windows Live
2010-10-16 07:26 . 2010-10-22 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-16 07:26 . 2010-10-16 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-15 06:55 . 2010-10-15 06:55 -------- d-----w- c:\program files\WinPcap
2010-10-15 06:25 . 2010-10-15 08:23 -------- d-----w- c:\program files\PFConfig
2010-10-15 05:21 . 2010-10-16 20:33 -------- d-----w- c:\program files\XBC
2010-10-14 03:02 . 2010-10-14 03:02 -------- d-----w- c:\programdata\LightScribe
2010-10-14 01:39 . 2010-10-14 01:52 -------- d-----w- c:\program files\Nero
2010-10-14 01:39 . 2010-10-14 02:07 -------- d-----w- c:\program files\Common Files\Nero
2010-10-13 17:46 . 2010-10-13 17:46 -------- d-----w- c:\users\Maaike new\AppData\Local\Nero
2010-10-13 16:51 . 2010-10-13 16:51 -------- d-----w- c:\program files\MSXML 4.0
2010-10-13 08:02 . 2010-10-14 22:33 -------- d-----w- c:\users\Maaike new\AppData\Roaming\Nero
2010-10-13 07:19 . 2010-10-14 07:38 -------- d-----w- c:\programdata\Nero
2010-10-13 04:48 . 2010-10-13 08:15 -------- d-----w- c:\windows\system32\DLA
2010-10-13 04:48 . 2010-10-13 04:48 -------- d-----w- c:\programdata\InstallShield
2010-10-13 02:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 02:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 02:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 02:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 02:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2010-10-11 19:10 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-11 06:03 . 2010-10-20 21:54 -------- d-----w- c:\users\Maaike new\AppData\Roaming\MozillaControl
2010-10-11 06:03 . 2010-10-11 06:03 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-10-09 02:43 . 2010-10-09 02:58 -------- d-----w- c:\program files\QWIX
2010-10-05 17:18 . 2010-10-05 17:18 -------- d-----w- c:\windows\Freecorder
2010-10-04 21:05 . 2010-10-06 05:08 165232 ---ha-w- c:\users\Maaike new\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-29 07:26 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:26 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-24 22:48 . 2010-09-24 22:48 -------- d-----w- c:\users\Maaike new\AppData\Roaming\FlashFXP
2010-09-24 22:47 . 2003-03-16 08:15 90112 ----a-w- c:\windows\unvise32.exe
2010-09-24 22:47 . 2010-09-24 22:48 -------- d-----w- c:\program files\FlashFXP
2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 05:26 . 2010-09-24 05:26 -------- d-----w- c:\programdata\FlashFXP
2010-09-24 01:50 . 2004-01-24 09:35 864256 ----a-w- c:\windows\system32\cg.dll
2010-09-23 22:51 . 2010-09-23 22:52 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2010-08-27 22:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-07 15:12 . 2010-09-03 05:20 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-04-27 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-04-27 04:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-04-27 04:03 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-04-27 04:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-04-27 04:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-04-27 04:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-02 05:30 . 2010-09-02 05:30 8192 ----a-w- c:\windows\system32\streamci.dll
2010-08-17 14:11 . 2010-09-15 16:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 18:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-11 03:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
FF - ProfilePath - c:\users\Maaike new\AppData\Roaming\Mozilla\Firefox\Profiles\3436nbe5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Maaike new\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SMINST\BLService.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2010-10-22 22:30:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 05:30
ComboFix2.txt 2010-10-23 02:02
ComboFix3.txt 2010-10-22 09:46

Pre-Run: 20,665,585,664 bytes free
Post-Run: 20,360,196,096 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - D9195B4217F85DDCAD9E17A3C98C08E7
 
It looks good now :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000041c

Kernel Drivers (total 199):
0x82A34000 \SystemRoot\system32\ntkrnlpa.exe
0x82A01000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\PSHED.dll
0x80426000 \SystemRoot\system32\BOOTVID.dll
0x8042E000 \SystemRoot\system32\CLFS.SYS
0x8046F000 \SystemRoot\system32\CI.dll
0x8054F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\system32\drivers\isapnp.sys
0x80696000 \SystemRoot\system32\drivers\mpio.sys
0x806B2000 \SystemRoot\System32\drivers\partmgr.sys
0x806C1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806CE000 \SystemRoot\system32\drivers\volmgr.sys
0x806DD000 \SystemRoot\System32\drivers\volmgrx.sys
0x80727000 \SystemRoot\system32\drivers\intelide.sys
0x8072E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8073C000 \SystemRoot\system32\drivers\pciide.sys
0x80743000 \SystemRoot\system32\drivers\aliide.sys
0x8074A000 \SystemRoot\system32\drivers\amdide.sys
0x80751000 \SystemRoot\system32\drivers\cmdide.sys
0x80759000 \SystemRoot\System32\drivers\mountmgr.sys
0x80769000 \SystemRoot\system32\drivers\msdsm.sys
0x80783000 \SystemRoot\system32\drivers\nvraid.sys
0x8079E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807BF000 \SystemRoot\system32\drivers\viaide.sys
0x88205000 \SystemRoot\system32\drivers\iastorv.sys
0x882A6000 \SystemRoot\system32\drivers\atapi.sys
0x882AE000 \SystemRoot\system32\drivers\ataport.SYS
0x882CC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x882E6000 \SystemRoot\system32\drivers\storport.sys
0x88327000 \SystemRoot\system32\drivers\nvstor.sys
0x88334000 \SystemRoot\system32\drivers\hpcisss.sys
0x8833F000 \SystemRoot\system32\drivers\adp94xx.sys
0x883A9000 \SystemRoot\system32\drivers\adpahci.sys
0x807C7000 \SystemRoot\system32\drivers\adpu160m.sys
0x805CE000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88405000 \SystemRoot\system32\drivers\adpu320.sys
0x8842B000 \SystemRoot\system32\drivers\djsvs.sys
0x8843F000 \SystemRoot\system32\drivers\arc.sys
0x88455000 \SystemRoot\system32\drivers\arcsas.sys
0x8846B000 \SystemRoot\system32\drivers\elxstor.sys
0x884FF000 \SystemRoot\system32\drivers\i2omp.sys
0x88509000 \SystemRoot\system32\drivers\iirsp.sys
0x88519000 \SystemRoot\system32\drivers\iteatapi.sys
0x88525000 \SystemRoot\system32\drivers\iteraid.sys
0x88531000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8854B000 \SystemRoot\system32\drivers\lsi_sas.sys
0x88563000 \SystemRoot\system32\drivers\megasas.sys
0x88609000 \SystemRoot\system32\drivers\megasr.sys
0x886C0000 \SystemRoot\system32\drivers\mraid35x.sys
0x886CB000 \SystemRoot\system32\drivers\msahci.sys
0x886D5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8880D000 \SystemRoot\system32\drivers\ql2300.sys
0x88945000 \SystemRoot\system32\drivers\ql40xx.sys
0x8899A000 \SystemRoot\system32\drivers\sisraid2.sys
0x889A7000 \SystemRoot\system32\drivers\sisraid4.sys
0x889BC000 \SystemRoot\system32\drivers\symc8xx.sys
0x889C8000 \SystemRoot\system32\drivers\sym_hi.sys
0x889D3000 \SystemRoot\system32\drivers\sym_u3.sys
0x886E3000 \SystemRoot\system32\drivers\uliahci.sys
0x889DE000 \SystemRoot\system32\drivers\ulsata.sys
0x8871F000 \SystemRoot\system32\drivers\ulsata2.sys
0x8874B000 \SystemRoot\system32\drivers\vsmraid.sys
0x8876C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8879E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8856D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A05000 \SystemRoot\system32\drivers\ndis.sys
0x88B10000 \SystemRoot\system32\drivers\msrpc.sys
0x88B3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C0E000 \SystemRoot\System32\drivers\tcpip.sys
0x88CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F1A000 \SystemRoot\system32\drivers\wd.sys
0x88F22000 \SystemRoot\system32\drivers\volsnap.sys
0x88F5B000 \SystemRoot\System32\Drivers\spldr.sys
0x88F63000 \SystemRoot\system32\drivers\sbp2port.sys
0x88F78000 \SystemRoot\System32\Drivers\mup.sys
0x88F87000 \SystemRoot\System32\drivers\ecache.sys
0x88FAE000 \SystemRoot\system32\drivers\disk.sys
0x88FBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FE0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FE9000 \SystemRoot\system32\DRIVERS\processr.sys
0x88E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88D13000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88FC8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88D26000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88FD3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88D56000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88FF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88D61000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88D69000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88D73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88DB1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA8D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CAA5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8CAAF000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8D00B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8DA89000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8DA8B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DB2C000 \SystemRoot\System32\drivers\watchdog.sys
0x8DC0F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8DD57000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DD86000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DD91000 \SystemRoot\system32\drivers\windrvr6.sys
0x8DDC1000 \SystemRoot\system32\DRIVERS\bridge.sys
0x8DDDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DDF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DB38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DB5B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DB6F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DB84000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DDFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DB94000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DBBE000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CBAC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CBB9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CBEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x88DC0000 \SystemRoot\system32\drivers\CHDRT32.sys
0x88B76000 \SystemRoot\system32\drivers\portcls.sys
0x88BA3000 \SystemRoot\system32\drivers\drmk.sys
0x887AE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E008000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E10B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8E1C0000 \SystemRoot\system32\drivers\modem.sys
0x8E1CD000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8E1EA000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x88BC8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x88BDF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x88DF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E000000 \SystemRoot\System32\Drivers\Null.SYS
0x8DBF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x88800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88C00000 \SystemRoot\System32\drivers\vga.sys
0x885DE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x887EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x807E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x887F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x88600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x883F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x807F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x80400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x80600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E20E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E224000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E22E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E242000 \SystemRoot\system32\drivers\afd.sys
0x8E28A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E28F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E2C1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E2D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E2E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E2F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E334000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E33E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E355000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E37C000 \SystemRoot\system32\DRIVERS\udfs.sys
0x94C90000 \SystemRoot\System32\win32k.sys
0x8E3C4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E3CE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94EB0000 \SystemRoot\System32\TSDDD.dll
0x94ED0000 \SystemRoot\System32\cdd.dll
0x8E3DD000 \SystemRoot\system32\drivers\luafv.sys
0x99E0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x99E45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x99E48000 \SystemRoot\system32\drivers\WudfPf.sys
0x99E62000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99E72000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99E9C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99EA6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99EB9000 \SystemRoot\system32\drivers\spsys.sys
0x99F69000 \SystemRoot\system32\drivers\HTTP.sys
0x99FD6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D805000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D81E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D833000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D852000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D88B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D8A3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D8CB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D931000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D935000 \SystemRoot\system32\drivers\npf.sys
0x9F40D000 \SystemRoot\system32\drivers\peauth.sys
0x9F4EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F501000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F509000 \SystemRoot\system32\drivers\tdtcp.sys
0x9F514000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9F520000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x77450000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
500 csrss.exe
552 csrss.exe
560 C:\Windows\System32\wininit.exe
596 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
856 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\nvvsvc.exe
1512 C:\Windows\System32\svchost.exe
1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1644 C:\Windows\System32\wlanext.exe
1996 C:\Windows\System32\spoolsv.exe
2020 C:\Windows\System32\svchost.exe
460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12 C:\Program Files\Bonjour\mDNSResponder.exe
588 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\inetsrv\inetinfo.exe
1116 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1424 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2072 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2136 C:\Windows\System32\svchost.exe
2152 C:\Windows\SMINST\BLService.exe
2228 C:\Windows\System32\TCPSVCS.EXE
2260 C:\Windows\System32\svchost.exe
2432 C:\Windows\System32\svchost.exe
2448 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2496 C:\Windows\System32\SearchIndexer.exe
2540 C:\Windows\System32\drivers\XAudio.exe
2564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2612 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2716 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2940 C:\Windows\System32\taskeng.exe
2960 C:\Windows\System32\dwm.exe
3084 C:\Windows\explorer.exe
3320 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3396 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3704 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
676 C:\Windows\System32\wbem\unsecapp.exe
2844 WmiPrvSE.exe
1140 C:\Windows\System32\sdclt.exe
3204 C:\Windows\System32\svchost.exe
3496 C:\Program Files\Windows Media Player\wmpnscfg.exe
3840 C:\Program Files\Windows Media Player\wmpnetwk.exe
2084 C:\Windows\System32\taskeng.exe
1892 C:\Windows\System32\rundll32.exe
2796 C:\Windows\System32\sdclt.exe
3264 C:\Windows\System32\SearchProtocolHost.exe
1660 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1860 C:\Program Files\uTorrent\uTorrent.exe
5332 C:\Program Files\Mozilla Firefox\firefox.exe
4720 taskeng.exe
4628 C:\Users\Maaike new\Desktop\MBRCheck.exe
2548 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6BEF951E1A91096CB282C94F18162CE6C4B1837E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000041c

Kernel Drivers (total 199):
0x82A0B000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC4000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\PSHED.dll
0x80419000 \SystemRoot\system32\BOOTVID.dll
0x80421000 \SystemRoot\system32\CLFS.SYS
0x80462000 \SystemRoot\system32\CI.dll
0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805B3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\system32\drivers\isapnp.sys
0x80696000 \SystemRoot\system32\drivers\mpio.sys
0x806B2000 \SystemRoot\System32\drivers\partmgr.sys
0x806C1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806CE000 \SystemRoot\system32\drivers\volmgr.sys
0x806DD000 \SystemRoot\System32\drivers\volmgrx.sys
0x80727000 \SystemRoot\system32\drivers\intelide.sys
0x8072E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8073C000 \SystemRoot\system32\drivers\pciide.sys
0x80743000 \SystemRoot\system32\drivers\aliide.sys
0x8074A000 \SystemRoot\system32\drivers\amdide.sys
0x80751000 \SystemRoot\system32\drivers\cmdide.sys
0x80759000 \SystemRoot\System32\drivers\mountmgr.sys
0x80769000 \SystemRoot\system32\drivers\msdsm.sys
0x80783000 \SystemRoot\system32\drivers\nvraid.sys
0x8079E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807BF000 \SystemRoot\system32\drivers\viaide.sys
0x8820B000 \SystemRoot\system32\drivers\iastorv.sys
0x882AC000 \SystemRoot\system32\drivers\atapi.sys
0x882B4000 \SystemRoot\system32\drivers\ataport.SYS
0x882D2000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x882EC000 \SystemRoot\system32\drivers\storport.sys
0x8832D000 \SystemRoot\system32\drivers\nvstor.sys
0x8833A000 \SystemRoot\system32\drivers\hpcisss.sys
0x88345000 \SystemRoot\system32\drivers\adp94xx.sys
0x883AF000 \SystemRoot\system32\drivers\adpahci.sys
0x807C7000 \SystemRoot\system32\drivers\adpu160m.sys
0x805C1000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88400000 \SystemRoot\system32\drivers\adpu320.sys
0x88426000 \SystemRoot\system32\drivers\djsvs.sys
0x8843A000 \SystemRoot\system32\drivers\arc.sys
0x88450000 \SystemRoot\system32\drivers\arcsas.sys
0x88466000 \SystemRoot\system32\drivers\elxstor.sys
0x884FA000 \SystemRoot\system32\drivers\i2omp.sys
0x88504000 \SystemRoot\system32\drivers\iirsp.sys
0x88514000 \SystemRoot\system32\drivers\iteatapi.sys
0x88520000 \SystemRoot\system32\drivers\iteraid.sys
0x8852C000 \SystemRoot\system32\drivers\lsi_fc.sys
0x88546000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8855E000 \SystemRoot\system32\drivers\megasas.sys
0x8860E000 \SystemRoot\system32\drivers\megasr.sys
0x886C5000 \SystemRoot\system32\drivers\mraid35x.sys
0x886D0000 \SystemRoot\system32\drivers\msahci.sys
0x886DA000 \SystemRoot\system32\drivers\nfrd960.sys
0x88808000 \SystemRoot\system32\drivers\ql2300.sys
0x88940000 \SystemRoot\system32\drivers\ql40xx.sys
0x88995000 \SystemRoot\system32\drivers\sisraid2.sys
0x889A2000 \SystemRoot\system32\drivers\sisraid4.sys
0x889B7000 \SystemRoot\system32\drivers\symc8xx.sys
0x889C3000 \SystemRoot\system32\drivers\sym_hi.sys
0x889CE000 \SystemRoot\system32\drivers\sym_u3.sys
0x886E8000 \SystemRoot\system32\drivers\uliahci.sys
0x889D9000 \SystemRoot\system32\drivers\ulsata.sys
0x88724000 \SystemRoot\system32\drivers\ulsata2.sys
0x88750000 \SystemRoot\system32\drivers\vsmraid.sys
0x88771000 \SystemRoot\system32\drivers\fltmgr.sys
0x887A3000 \SystemRoot\system32\drivers\fileinfo.sys
0x88568000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88A01000 \SystemRoot\system32\drivers\ndis.sys
0x88B0C000 \SystemRoot\system32\drivers\msrpc.sys
0x88B37000 \SystemRoot\system32\drivers\NETIO.SYS
0x88C0E000 \SystemRoot\System32\drivers\tcpip.sys
0x88CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88E02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F12000 \SystemRoot\system32\drivers\wd.sys
0x88F1A000 \SystemRoot\system32\drivers\volsnap.sys
0x88F53000 \SystemRoot\System32\Drivers\spldr.sys
0x88F5B000 \SystemRoot\system32\drivers\sbp2port.sys
0x88F70000 \SystemRoot\System32\Drivers\mup.sys
0x88F7F000 \SystemRoot\System32\drivers\ecache.sys
0x88FA6000 \SystemRoot\system32\drivers\disk.sys
0x88FB7000 \SystemRoot\system32\drivers\crcdisk.sys
0x88FCD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FD8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88FE1000 \SystemRoot\system32\DRIVERS\processr.sys
0x88FF0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88D13000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88FC0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88D26000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88FCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88D56000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88FF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88D61000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88D69000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88D73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88DB1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B72000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88DC0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88DD8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C804000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D67E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8D680000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D721000 \SystemRoot\System32\drivers\watchdog.sys
0x8DA0F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8DB57000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DB86000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DB91000 \SystemRoot\system32\drivers\windrvr6.sys
0x8DBC1000 \SystemRoot\system32\DRIVERS\bridge.sys
0x8DBDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D72D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D750000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D764000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D779000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D789000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D7B3000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D7EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C901000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C90E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C943000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C954000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8C98A000 \SystemRoot\system32\drivers\portcls.sys
0x8C9B7000 \SystemRoot\system32\drivers\drmk.sys
0x887B3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8DC0A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8DD0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8DDC2000 \SystemRoot\system32\drivers\modem.sys
0x8DDCF000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8DDEC000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8DC00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C9DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D7F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88DE2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C9EC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x885D9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C9F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88DF9000 \SystemRoot\System32\Drivers\Null.SYS
0x88C00000 \SystemRoot\System32\Drivers\Beep.SYS
0x88600000 \SystemRoot\System32\drivers\vga.sys
0x8E005000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E026000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E02E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E036000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E041000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E04F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E058000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E06E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E078000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E08C000 \SystemRoot\system32\drivers\afd.sys
0x8E0D4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E0D9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E10B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E121000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E12F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E142000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E17E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E188000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E19F000 \SystemRoot\System32\Drivers\aswSP.SYS
0x96A60000 \SystemRoot\System32\win32k.sys
0x8E1D3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E1DD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96C80000 \SystemRoot\System32\TSDDD.dll
0x96CA0000 \SystemRoot\System32\cdd.dll
0x807E2000 \SystemRoot\system32\drivers\luafv.sys
0x9B205000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9B23C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9B23F000 \SystemRoot\system32\drivers\WudfPf.sys
0x9B259000 \SystemRoot\system32\drivers\spsys.sys
0x9B309000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B319000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B343000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B34D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B360000 \SystemRoot\system32\drivers\HTTP.sys
0x9B3CD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x805E7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B3EA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D20F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D22E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D267000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D27F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D2A7000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D30D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D311000 \SystemRoot\system32\drivers\npf.sys
0x9D318000 \SystemRoot\system32\drivers\peauth.sys
0x9D3F6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D200000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D2F5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9D2FD000 \SystemRoot\system32\drivers\tdtcp.sys
0x8E1EC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA2C04000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA2C37000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
492 csrss.exe
544 C:\Windows\System32\wininit.exe
556 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\winlogon.exe
1108 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\svchost.exe
1616 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1624 C:\Windows\System32\wlanext.exe
1980 C:\Windows\System32\spoolsv.exe
2004 C:\Windows\System32\svchost.exe
436 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
496 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\inetsrv\inetinfo.exe
1224 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1512 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
580 C:\Windows\System32\svchost.exe
2084 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2124 C:\Windows\SMINST\BLService.exe
2184 C:\Windows\System32\TCPSVCS.EXE
2232 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\svchost.exe
2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2352 C:\Windows\System32\SearchIndexer.exe
2408 C:\Windows\System32\drivers\XAudio.exe
2436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2472 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2564 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3468 C:\Windows\System32\dwm.exe
3484 C:\Windows\System32\taskeng.exe
3560 C:\Windows\explorer.exe
3660 C:\Windows\System32\mobsync.exe
3784 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3808 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3908 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3920 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2620 C:\Windows\System32\wbem\unsecapp.exe
1192 WmiPrvSE.exe
2068 C:\Program Files\Windows Media Player\wmpnscfg.exe
3944 C:\Program Files\Windows Media Player\wmpnetwk.exe
3396 C:\Windows\System32\taskeng.exe
2772 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1136 C:\Program Files\uTorrent\uTorrent.exe
3648 C:\Program Files\Mozilla Firefox\firefox.exe
3520 C:\Windows\System32\SearchProtocolHost.exe
3936 C:\Windows\System32\SearchFilterHost.exe
3420 C:\Users\Maaike new\Desktop\MBRCheck.exe
1700 WmiPrvSE.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Looks good :)

How is computer doing at the moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
running great, what was with the master boot? it was infected? computer booted fine before that. what did changing the mbr do? just curious. and ive been cleaning up the computer, clearing up space and such. getting rid of old files, junk i dont use any more. runs better than new lol.

OTL

OTL logfile created on: 10/23/2010 3:39:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Maaike new\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 1780 1780 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
Drive D: | 84.94 Mb Total Space | 71.38 Mb Free Space | 84.03% Space Free | Partition Type: NTFS
Drive K: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

Computer Name: PORTABLEKENOBI | User Name: Maaike new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
PRC - [2010/10/12 14:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/20 19:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe


========== Modules (SafeList) ==========

MOD - [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:25:08 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/20 19:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [2010/10/21 12:40:50] [Kernel | Auto | Stopped] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/09 15:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/06/21 15:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/09/09 18:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/07/03 10:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/21 20:59:04 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/04/17 14:07:46 | 000,203,776 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/17 11:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 19:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2384137
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 11:04:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 15:41:31 | 000,000,000 | ---D | M]

[2010/07/30 03:53:56 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Extensions
[2009/04/19 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/22 23:10:55 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions
[2010/07/31 18:42:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/26 11:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/17 17:37:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/20 15:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 08:33:42 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/10/22 22:24:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Maaike new\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Maaike new\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/21 04:43:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - ac3acm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 15:38:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
[2010/10/23 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Yahoo
[2010/10/23 11:19:00 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/10/23 11:19:00 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/10/23 11:18:59 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/10/23 11:18:59 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2010/10/23 11:18:59 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2010/10/23 11:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ENU
[2010/10/22 22:47:20 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Temp
[2010/10/22 22:24:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/22 22:21:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/22 22:10:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/22 13:01:42 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\QuickPlay
[2010/10/22 03:13:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe
[2010/10/22 01:54:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/22 01:54:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/22 01:54:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/22 01:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/21 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\SpaceMonger
[2010/10/21 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpaceMonger
[2010/10/21 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\HP
[2010/10/20 23:03:53 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\Nero Recode
[2010/10/20 16:44:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/10/20 12:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2010/10/20 12:14:19 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/18 18:32:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\My Received Files
[2010/10/18 17:27:27 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/10/18 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Tracing
[2010/10/18 16:42:13 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/18 16:34:36 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Windows Live
[2010/10/16 00:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/16 00:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/14 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/10/14 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\PFConfig
[2010/10/14 22:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\XBC
[2010/10/14 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\NeroVision
[2010/10/13 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/10/13 18:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/13 18:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/10/13 10:46:23 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Nero
[2010/10/13 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\NeroDigital(TM)
[2010/10/13 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Nero_AG
[2010/10/13 09:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/13 01:02:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\Nero
[2010/10/13 00:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/12 21:48:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\DLA
[2010/10/12 21:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/10/11 14:57:03 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/10/10 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\MozillaControl
[2010/10/10 23:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/08 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\QWIX
[2010/10/05 10:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010/09/24 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\FlashFXP
[2010/09/24 15:47:49 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/09/24 15:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP
[2010/09/23 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
[2010/10/23 15:32:06 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/23 15:32:05 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/23 14:54:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 14:54:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 14:48:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/23 13:35:48 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/23 12:17:02 | 073,422,295 | ---- | M] () -- C:\Users\Maaike new\Desktop\XBMC.rar
[2010/10/23 11:31:41 | 008,097,823 | ---- | M] () -- C:\Users\Maaike new\Desktop\Mirran.pdf
[2010/10/23 11:19:00 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/10/23 11:19:00 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/10/23 11:19:00 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/10/23 11:18:59 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2010/10/23 11:18:59 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2010/10/22 22:24:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/22 18:36:45 | 003,883,811 | R--- | M] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
[2010/10/22 03:13:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe
[2010/10/21 22:05:32 | 000,383,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/21 21:35:19 | 000,000,004 | ---- | M] () -- C:\Windows\System32\wnsm2i.rdb
[2010/10/21 21:34:55 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/10/20 15:41:35 | 000,001,708 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 15:41:35 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/18 16:36:56 | 000,044,032 | ---- | M] () -- C:\Users\Maaike new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 23:57:35 | 000,016,465 | ---- | M] () -- C:\Users\Maaike new\Desktop\GamesBeat.docx
[2010/10/14 22:48:44 | 000,001,581 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\XBC 5.1.lnk
[2010/10/13 21:53:35 | 000,000,386 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Downloads - Shortcut.lnk
[2010/10/13 18:53:00 | 000,004,767 | ---- | M] () -- C:\Windows\Irremote.ini
[2010/10/12 21:48:35 | 000,000,120 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/11 12:42:24 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/10/08 23:25:31 | 000,000,732 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Qwix.exe - Shortcut.lnk
[2010/09/27 14:55:47 | 000,000,000 | -H-- | M] () -- C:\Users\Maaike new\Documents\Default.rdp
[2010/09/23 22:08:44 | 000,149,504 | ---- | M] () -- C:\Users\Maaike new\AppData\Roaming\SharedSettings.ccs
[2010/09/23 15:52:02 | 004,818,944 | ---- | M] () -- C:\Windows\System32\ZeroGS.dll
[1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 11:57:08 | 073,422,295 | ---- | C] () -- C:\Users\Maaike new\Desktop\XBMC.rar
[2010/10/23 11:24:49 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2010/10/22 01:54:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/22 01:54:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/22 01:54:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/22 01:54:08 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/22 01:54:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/22 01:52:03 | 003,883,811 | R--- | C] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
[2010/10/21 21:35:19 | 000,000,004 | ---- | C] () -- C:\Windows\System32\wnsm2i.rdb
[2010/10/21 20:31:05 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2010/10/21 12:40:49 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/10/18 18:43:59 | 008,097,823 | ---- | C] () -- C:\Users\Maaike new\Desktop\Mirran.pdf
[2010/10/18 17:39:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\virport.dll
[2010/10/14 22:48:44 | 000,001,581 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\XBC 5.1.lnk
[2010/10/13 21:53:35 | 000,000,386 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Downloads - Shortcut.lnk
[2010/10/13 18:53:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/10/13 10:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/12 21:48:34 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/11 12:42:24 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/10/08 23:25:31 | 000,000,732 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Qwix.exe - Shortcut.lnk
[2010/09/27 14:55:47 | 000,000,000 | -H-- | C] () -- C:\Users\Maaike new\Documents\Default.rdp
[2010/09/23 15:51:57 | 004,818,944 | ---- | C] () -- C:\Windows\System32\ZeroGS.dll
[2010/09/08 16:59:23 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/08/21 10:16:09 | 000,149,504 | ---- | C] () -- C:\Users\Maaike new\AppData\Roaming\SharedSettings.ccs
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/05/01 15:41:25 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/28 23:56:34 | 000,020,203 | ---- | C] () -- C:\Users\Maaike new\AppData\Roaming\UserTile.png
[2009/09/10 19:27:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/06 21:02:42 | 000,044,032 | ---- | C] () -- C:\Users\Maaike new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/17 18:30:21 | 000,203,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/17 18:29:53 | 000,203,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/21 04:58:55 | 000,009,870 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/23 03:19:39 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\AnvSoft
[2010/09/24 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\FlashFXP
[2009/10/25 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Image Zone Express
[2010/10/22 22:45:12 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010/10/22 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2010/09/02 00:48:13 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\PeaZip
[2009/12/28 23:56:32 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\PeerNetworking
[2009/10/25 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Printer Info Cache
[2010/10/21 21:35:15 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\SpaceMonger
[2009/06/07 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Template
[2010/10/23 13:51:07 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\uTorrent
[2010/10/23 14:48:31 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/21 04:43:32 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/01 00:03:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/09/01 00:03:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/23 14:54:15 | 1866,465,280 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/13 01:41:37 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/10/25 13:30:40 | 000,001,650 | -H-- | M] () -- C:\Users\Maaike new\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/10/22 01:08:48 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/04 12:57:05 | 000,000,286 | -HS- | M] () -- C:\Users\Maaike new\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/22 18:36:45 | 003,883,811 | R--- | M] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
[2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
[2010/10/22 03:13:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/16 00:14:49 | 000,000,402 | -HS- | M] () -- C:\Users\Maaike new\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/05/02 20:48:11 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/10/23 11:19:00 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/10/23 11:18:59 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2010/10/21 21:34:55 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/10/23 11:18:59 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2010/07/29 22:48:19 | 000,009,870 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/10/23 11:18:59 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2010/10/23 11:19:00 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/10/23 11:19:00 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/10/23 15:32:05 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2003/09/16 01:19:48 | 000,099,544 | ---- | M] () -- C:\Windows\inf\virprn.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 10/23/2010 3:39:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Maaike new\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 1780 1780 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
Drive D: | 84.94 Mb Total Space | 71.38 Mb Free Space | 84.03% Space Free | Partition Type: NTFS
Drive K: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

Computer Name: PORTABLEKENOBI | User Name: Maaike new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SpaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BD8F69-944B-48A6-83DB-3A52A3661DE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03207C88-D31E-4A8E-B040-97F03668163B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07313C63-8EB2-4FEC-B638-B6D22E0329DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0AD10145-2E23-41A3-8FAB-ED8CA802A285}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14A6791B-1793-4B1E-B39B-101A1ADEF110}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{16D7A249-17E8-4793-BFD4-69A4B6E54BBA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F6DE53D-457A-4F44-8F8B-9E8362AA1186}" = lport=10244 | protocol=6 | dir=in | app=system |
"{21FCC2B0-2DD0-4319-8720-A771E6DA3572}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2794D5D4-E154-4EF6-BDF2-326D592499EC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3154CBD8-A236-43C4-A57F-DF1E2CEA71CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CD9951B-57FE-4568-8769-655AB8DB4E5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40F79696-E922-4E4F-B676-5B64BD5ACD6E}" = rport=139 | protocol=6 | dir=out | app=system |
"{46D103D3-0312-4403-A1A7-B45D75C2F615}" = lport=139 | protocol=6 | dir=in | app=system |
"{5BBE5665-4E8D-409C-9B30-3BE053F68934}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5EE52E36-D920-473A-97FF-7E7C4B68E250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60127447-B5ED-4E17-8235-35855E22BB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A16C96D-5BB3-4C25-B086-2F5C6FC5E78F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6A45ABBE-E283-489D-BA19-285BD67D95F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78BF31B5-DE5D-4263-A137-68554E75DE6D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9037C71A-480E-4F16-A873-B0339AC36005}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9278158F-11BF-4415-98F3-01FA2B31CE17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9514ACE7-A630-40A1-9008-AD1D806327DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1F74819-DE2A-4322-961A-2219E46C11CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A445FB5D-D8B3-4DF8-B9E9-3287F161D97C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9A0BA6E-615F-4457-805D-85F4F3F001D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA007A72-8B56-4049-85C7-2DABBBB411C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC3C6D99-EA48-485E-9C74-76B67EB3BCA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD104385-81A1-47E5-8582-9BAAD7CB61C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B77E7ED8-9B59-4E60-8DC9-7C4703C3975E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8673089-467D-4B8B-81E9-0F03FBA34605}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8839957-627A-4EE0-AA64-41D29F7B8131}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BBEEA5CD-1646-41F7-BF4A-14BC65FC5298}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0840FAA-8429-4F50-A695-69517DBD4C93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2CFE9FB-497B-4632-A8FA-3D3699E3CC10}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DFD73A44-F5BE-46C7-A704-133B7F4F15C0}" = lport=138 | protocol=17 | dir=in | app=system |
"{E20F67C9-309C-4B98-AA71-85B78690C607}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2E5FD99-844B-4E9F-9FC8-50AF7621D042}" = rport=137 | protocol=17 | dir=out | app=system |
"{F561FFE8-18EF-4C78-9ADD-8E6B80F1B7EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{FB5632DE-7F24-4C4F-AA05-F880051F5215}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBB292A4-3E8F-4C3B-A84B-ED6263580BF1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD4CC61A-E540-4A60-9D2B-725A5F259E9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE97DDB4-35D3-4A0F-B49A-AEEBBAB2C21A}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6DF9C2-8E8C-4DC7-BF6D-86F2D2A0CDCC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{11FAC98B-07B7-4897-9238-0A7D0724E677}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{13FEA82B-0958-409D-AFEC-49E02697C28B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{151D7915-0330-416A-B8E4-A440372E8B58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{178B0134-8C01-4537-9FF0-E8B78CB006FE}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{1A835D96-3E1C-4566-939E-6D9A10FA1658}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{1B9321C2-E57C-4623-BB4B-ECFC2762A478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{1D61EE0C-7A8B-4D30-AAF8-C3B5D67F0466}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1FAF85D1-1F45-4650-805C-FCD56910853B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{21B42689-154F-47F5-AAAD-9D67595FE968}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{22457A56-49D4-4D20-8EB7-FF12EB075DDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{232A3524-F4AB-4B0E-8C8A-3415FD0D4AB6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{24795094-40F3-47C7-90A5-5DB566C4D4E0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{2BEEE16E-AF90-48AB-B5F2-71474508332F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3641CCDC-9A23-411C-AC9A-C04A65022111}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{37378ADE-804F-43DC-9068-0E69B805889C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{441E92A6-7575-4DED-BB38-1022DC7423CC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{46FCA0CF-8C85-421C-9C5D-433ACE549C04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50D5A8EC-2A93-44A2-A8C6-FB735C53F575}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{56BFD211-F7B8-4A27-8BCC-41F2118B8FF6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{5732A5B9-9009-4F32-8279-9530EE17ABC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{607D9938-D865-4FCB-94B5-101257E4DB57}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6103756F-779B-434D-818C-1E23654B6FCD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{65C2C8DF-478B-439E-828A-4A8C82CD4E7A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{694D94CE-948D-4764-A40A-D59320D92563}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6EDE8188-8BBD-4AFB-A6DA-3F6A2380E2E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{71D79B3E-8C7B-4338-9C4C-90382A72CE3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{814D3A5E-BBB5-4198-B821-22097DD08B45}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8BFFEA41-0FAE-414D-B1A8-1D6557906E1E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{8CDAF72F-DDF8-49B8-9938-CB90D421F96A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{8DA3ED4F-DD65-4E24-9C9D-0F91932799F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{919D64DE-1EB2-4E4E-B2BC-1E84A2921A3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{91F5984A-E9A9-4C38-8FAE-9C89E91A66EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{94293264-00EF-43B8-9B9C-405E26EE692F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{9B640BCB-752B-48D3-BFBE-F41A9B7BED8F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{9C00A8F2-2BA9-48B4-9257-BDD1C08672BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{9CA359CF-DA43-4815-BAED-20CB40EB8F47}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{A22A7FB6-332F-4D1B-B1AE-55C07EF67498}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A3D34019-E183-4ACC-89D1-4B7ED5A6F3CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{A63828C1-1DA2-4F12-B982-41CE1A8C3FF4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{A968EC38-C598-4222-8E18-F4CE07118F75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB2A9E2E-5FB5-4140-908C-003957FFA628}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ADB5C1FE-C679-41F9-A9D2-7C5DA1DC6BB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B0995169-4881-45FB-8F78-65005EC1DC34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B38487D6-9345-4D94-9A08-BE8131701EC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{B5C56636-A6AC-4BB2-91DB-B20344E2C922}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{BAB8AC9B-30D9-47E6-A070-2E7FD9A2DE06}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{BD638788-49CF-4778-9C7D-4613E50ED809}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{BDE98A76-9742-467F-B75A-167CBD28EC09}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C1F66127-7A94-4CB4-B203-FB2A31896002}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C3C84FFE-F4FA-486B-BB0A-53521D3FEA19}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C6DFF93D-9AE3-4E37-BC83-1BBC973F07A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{CC72EA14-7D0C-4C52-939E-49A40860A351}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CD801948-C60E-4F03-98DF-BA5472F1A38B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{CE836FC9-7E9E-4FE4-821F-A8506D015133}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{DE1771E7-0362-4643-94D7-82035A071016}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E30E59D5-4608-4B9C-B5B0-4C95B4679921}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{E8A160F0-43F9-4B5D-B80A-3782E088E25E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{E916765D-EAE0-4CA6-AF88-D84578BE9610}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{EA63AF70-F23E-4E43-91B3-FD0AB27840B3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EC427A51-8954-48A6-8FD1-858AC0F9D76A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EFD70EC9-32CE-4264-A813-767A691D9CD6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{F1E0D979-A082-43C6-952E-6CFF498BCE72}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F3D89977-6E6C-4758-9691-40768AA78D85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F7E71D54-3192-4CF8-88CD-D4E715D77D9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA8C248A-4D8A-40B4-B641-381F38DFE3F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{FE6E5CEC-7F1D-4966-A782-D97BE2DDEB52}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{28E92612-3043-455F-86EB-207B767794CA}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{36BA4E43-0D89-4198-ADF7-266E34879A9E}C:\program files\xbc\nexbc.exe" = protocol=6 | dir=in | app=c:\program files\xbc\nexbc.exe |
"TCP Query User{6BA31AE3-035C-4796-A2E3-313EEFAAF238}C:\program files\flashfxp\flashfxp.exe" = protocol=6 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
"TCP Query User{A0E004EC-F258-4032-BA83-C07CBCCCEECF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{AD568DCD-B05D-4F4E-B0D5-6F5B1F30A3DD}C:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=6 | dir=in | app=c:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
"TCP Query User{BBFE1471-85F6-4430-8DB6-D633610D4BB2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D92A30CC-C4A7-46A1-AA8F-DE57B96DC15E}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"TCP Query User{E5E93E45-8D1E-4352-B36F-5250A6965AC4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F95FA369-82A9-4367-A032-6C11724CA625}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{138C5C6E-C75F-4863-8D04-AFF3A9D06744}C:\program files\flashfxp\flashfxp.exe" = protocol=17 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
"UDP Query User{75C5B4D0-C566-4006-9C73-B51F314757DD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7D37105E-7D6A-4B35-AF6E-C5363469EF47}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"UDP Query User{99B07A92-2707-4386-862A-2DA38838D292}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D0CABE57-49AD-4923-B4FF-859FD192EF8B}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{D4FC6E88-B9E3-43BC-9D88-B42AF8F542C2}C:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=17 | dir=in | app=c:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
"UDP Query User{DED5B048-DE37-410E-A1E7-39EBB884DCFA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E9C1636E-8434-4673-AA04-9B2BDEB899DE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F0834B64-0930-467A-B334-CEB0394F6B8F}C:\program files\xbc\nexbc.exe" = protocol=17 | dir=in | app=c:\program files\xbc\nexbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15dbe5c4-86bc-418c-b19f-8c5b7cd0e2c5}" = Nero Move it
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22985a19-a829-4101-94c3-a6b75a797a3d}" = mp3PRO Plug-in
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2cd639b0-0587-4397-a63b-1089df039187}" = Nero BackItUp 4
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.9.1
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{766621ad-de53-48db-a681-5e697e112a69}" = Nero 9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{825880ef-d767-4b3e-8fef-9afb219061ed}" = DTS Plug-in
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ece4ff2c-c412-4755-bd39-5d775e5da3b6}" = Blu-ray Disc Authoring Plug-in
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Duplicate Music Files Finder_is1" = Duplicate Music Files Finder 1.5.5
"FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"SpaceMonger" = SpaceMonger 2.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XBC 5.1" = XBC 5.1
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 2:32:10 AM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/23/2010 4:19:04 AM | Computer Name = PortableKenobi | Source = Application Error | ID = 1000
Description = Faulting application NeroExpress.exe, version 9.0.9.100, time stamp
0x48d36d6b, faulting module AdvrCntr4.dll, version 1.2.2.0, time stamp 0x48c69512,
exception code 0xc0000005, fault offset 0x000b05ea, process id 0xdd4, application
start time 0x01cb728aeead27a6.

Error - 10/23/2010 2:02:43 PM | Computer Name = PortableKenobi | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2010 2:12:53 PM | Computer Name = PortableKenobi | Source = Application Error | ID = 1000
Description = Faulting application Nero.exe, version 9.0.9.100, time stamp 0x48d36d6b,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x0004a4df, process id 0xc20, application start time
0x01cb72dddfd86fd2.

Error - 10/23/2010 2:22:01 PM | Computer Name = PortableKenobi | Source = VSS | ID = 8194
Description =

Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/23/2010 4:53:22 PM | Computer Name = PortableKenobi | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/30/2009 12:26:49 AM | Computer Name = Maaikes | Source = MCUpdate | ID = 0
Description =

Error - 8/20/2009 7:28:24 PM | Computer Name = Maaikes | Source = MCUpdate | ID = 0
Description =

Error - 9/5/2009 3:31:59 AM | Computer Name = Maaike_laptop | Source = MCUpdate | ID = 0
Description =

Error - 2/5/2010 3:07:40 PM | Computer Name = Maaike_laptop | Source = MCUpdate | ID = 0
Description =

Error - 7/13/2010 9:53:02 PM | Computer Name = PortableKenobi | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/13/2010 10:15:10 PM | Computer Name = PortableKenobi | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 6/14/2009 1:48:17 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
Description =

Error - 6/14/2009 2:12:14 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
Description =

Error - 6/14/2009 2:24:15 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
Description =

Error - 6/14/2009 2:36:16 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
Description =

Error - 6/14/2009 10:18:33 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
Description =

Error - 6/15/2009 12:16:54 AM | Computer Name = Maaikes | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0021003311B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/15/2009 4:26:17 AM | Computer Name = Maaikes | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:23:37 AM on 6/15/2009 was unexpected.

Error - 6/15/2009 4:26:19 AM | Computer Name = Maaikes | Source = HTTP | ID = 15016
Description =

Error - 6/15/2009 6:14:18 PM | Computer Name = Maaikes | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:27:08 AM on 6/15/2009 was unexpected.

Error - 6/15/2009 6:14:20 PM | Computer Name = Maaikes | Source = HTTP | ID = 15016
Description =


< End of report >
 
I'm glad to hear good news :)
Unfortunately MBRCheck log doesn't tell us, what was wrong with MBR. It just says, MBR was not a correct one.

======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Maaike new\Documents\~WRL1125.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Maaike new
->Temp folder emptied: 94523606 bytes
->Temporary Internet Files folder emptied: 385342 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62350146 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1144 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3150 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 65183473 bytes

Total Files Cleaned = 212.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Maaike new
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.0 log created on 10232010_225417

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
there is no viewpoint software installed, viewpoint is actually the last virus my computer had, i dont know the technical name for it, but it was a fake antivirus that pretended to do a recovery boot that required me to purchase software to cleanse my system of the infection. it started off by a boat load of virus alerts and warnings from windows defender, which i wasnt aware i had on my computer, and windows firewall, and probably some from the fake antivirus itself, for all i know they were all fake, i dont know if it was or wasnt harmful but it was annoying. i just used ctrl shift esc, ended its hotfix.exe program, started explorer.exe program, started up my antivirus programs, and manually removed the hotfix file, as none of my programs detected it. after that it started up properly and worked for about a week, after which it didnt boot explorer.exe because it was infected after i switched the paging file from my main to my recovery partition. to use the 1.9 gigs free over there and to clean up some free space on my main. ANYWAY... all this boils down to just this, 1. did my tinkering mess up my explorer.exe file? or was that some of the trojans my antivirus and eset caught before i got on the forum. and 2, im assuming i still have the registry keys in my computer which is why it showed up in the scan, if so where can i find them to delete them?
 
We just removed Viewpoint leftovers.
Your explorer.exe was infected by Bamital trojan.

I still need two other logs.
 
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Oct 24 11:18:34 2010

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_13

Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_17

Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_18

Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_20

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13
 
Status
Not open for further replies.
Back