Hi Blade,
Please find below the logs from Combofix, DDS and to top it of also a fresh Hijackthis log.
ComboFix 09-10-10.02 - Lloyd 11-10-2009 15:46.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.1790.1007 [GMT 2:00]
Gestart vanuit: G:\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Lloyd\AppData\Roaming\.#
c:\users\Lloyd\AppData\Roaming\.#\MBX@1258@1AF2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1258@1AF29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1258@1AF29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1400@1BE2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1400@1BE29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1400@1BE29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@144C@1AB2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@144C@1AB29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@144C@1AB29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1550@18C2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1550@18C29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1550@18C29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@15C8@1C12990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@15C8@1C129C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@15C8@1C129F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@173C@1CE2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@173C@1CE29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@173C@1CE29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@188C@1C12990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@188C@1C129C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@188C@1C129F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1EFC@16C2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1EFC@16C29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@1EFC@16C29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@45C@1CD2990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@45C@1CD29C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@45C@1CD29F0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@A08@1882990.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@A08@18829C0.###
c:\users\Lloyd\AppData\Roaming\.#\MBX@A08@18829F0.###
c:\users\Lloyd\AppData\Roaming\02000000831bf521560C.manifest
c:\users\Lloyd\AppData\Roaming\02000000831bf521560O.manifest
c:\users\Lloyd\AppData\Roaming\02000000831bf521560P.manifest
c:\users\Lloyd\AppData\Roaming\02000000831bf521560S.manifest
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-09-11 to 2009-10-11 ))))))))))))))))))))))))))))))
.
2009-10-11 13:54 . 2009-10-11 13:57 -------- d-----w- c:\users\Lloyd\AppData\Local\temp
2009-10-11 13:54 . 2009-10-11 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-10 12:33 . 2009-10-10 12:33 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Malwarebytes
2009-10-10 12:33 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 12:33 . 2009-10-10 12:33 -------- d-----w- c:\programdata\Malwarebytes
2009-10-10 12:33 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 12:33 . 2009-10-10 12:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 20:49 . 2009-10-09 20:50 -------- d-----w- c:\program files\MegaSpoof
2009-10-03 15:07 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 15:03 . 2009-10-03 16:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-03 15:03 . 2009-10-03 15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 11:45 . 2009-10-03 11:45 -------- d-----w- c:\program files\CCleaner
2009-10-01 19:42 . 2009-10-01 19:21 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-01 19:40 . 2009-10-01 19:23 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-01 19:38 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 19:38 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 19:38 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 19:38 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 19:38 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 19:38 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-01 19:38 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-01 19:38 . 2009-10-01 19:38 -------- d-----w- c:\program files\Alwil Software
2009-10-01 19:15 . 2009-10-01 19:17 -------- d-----w- c:\program files\SpywareBlaster
2009-10-01 19:03 . 2009-10-01 19:03 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-01 19:02 . 2009-10-01 19:10 -------- d-----w- c:\programdata\Lavasoft
2009-10-01 19:02 . 2009-10-01 19:02 -------- d-----w- c:\program files\Lavasoft
2009-10-01 17:53 . 2009-10-01 17:53 -------- d-----w- c:\users\Lloyd\AppData\Roaming\eSobi
2009-10-01 14:59 . 2009-10-01 14:59 -------- d-----w- C:\Sounds
2009-10-01 14:56 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-10-01 14:56 . 2009-10-01 18:23 -------- d-----w- c:\program files\LG PC Suite II
2009-10-01 14:56 . 2009-10-01 14:56 -------- d-----w- c:\users\Lloyd\AppData\Roaming\LG Electronics
2009-10-01 14:50 . 2009-10-01 14:58 -------- d-----w- c:\program files\LG Electronics
2009-10-01 14:50 . 2008-11-11 11:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-10-01 14:50 . 2008-11-11 11:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-10-01 14:50 . 2008-11-11 11:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-09-24 17:47 . 2009-10-11 13:20 -------- d-----w- c:\users\Lloyd\AppData\Local\WarRockDF
2009-09-24 17:16 . 2009-09-24 17:16 -------- d-----w- c:\users\Lloyd\Program Files
2009-09-24 15:22 . 2009-09-30 16:30 -------- d-----w- c:\users\Lloyd\AppData\Local\GamersFirst LIVE!
2009-09-24 15:22 . 2009-09-24 15:22 -------- d-----w- c:\users\Lloyd\AppData\Local\DNA
2009-09-24 15:22 . 2009-10-01 18:53 -------- d-----w- c:\users\Lloyd\AppData\Roaming\DNA
2009-09-24 15:22 . 2009-09-24 15:22 -------- d-----w- c:\program files\DNA
2009-09-24 15:22 . 2009-09-26 09:52 -------- d-----w- c:\program files\GamersFirst
2009-09-24 05:12 . 2009-09-24 05:12 -------- d-----w- c:\program files\Microsoft Encarta
2009-09-20 19:59 . 2009-09-20 19:59 -------- d-----w- c:\program files\Rockstar Games
2009-09-18 05:07 . 2009-09-18 05:07 137344 ----a-w- c:\windows\system32\drivers\litsgt.sys
2009-09-18 05:07 . 2009-09-18 05:07 12032 ----a-w- c:\windows\system32\drivers\tansgt.sys
2009-09-18 05:04 . 2009-09-18 05:04 -------- d-----w- c:\program files\Atari
2009-09-15 16:05 . 2009-09-15 16:05 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-15 16:01 . 2009-09-15 16:01 -------- d-----w- c:\program files\Firefly Studios
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 13:43 . 2009-01-18 16:23 -------- d-----w- c:\users\Lloyd\AppData\Roaming\LimeWire
2009-10-10 13:21 . 2009-07-09 16:32 -------- d-----w- c:\users\Lloyd\AppData\Roaming\Save
2009-10-10 12:33 . 2008-01-21 06:47 675602 ----a-w- c:\windows\system32\perfh013.dat
2009-10-10 12:33 . 2008-01-21 06:47 130282 ----a-w- c:\windows\system32\perfc013.dat
2009-10-09 12:32 . 2008-11-06 20:52 -------- d-----w- c:\program files\WarRock
2009-10-03 16:48 . 2008-12-24 13:44 -------- d-----w- c:\program files\GamesBar
2009-10-01 14:58 . 2008-05-08 18:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 14:23 . 2009-04-14 15:43 -------- d-----w- c:\program files\Runes of Magic
2009-09-25 15:42 . 2009-07-31 10:53 680 ----a-w- c:\users\Lloyd\AppData\Local\d3d9caps.dat
2009-09-24 15:08 . 2008-10-19 17:47 93664 ----a-w- c:\users\Lloyd\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-19 13:27 . 2009-02-25 06:50 24 ----a-w- c:\windows\popcinfo.dat
2009-09-18 05:04 . 2008-05-08 18:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-09 16:11 . 2009-08-16 22:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 05:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-06 19:04 . 2009-09-06 18:34 -------- d-----w- c:\program files\KaM - The Peasants Rebellion
2009-09-06 18:54 . 2009-09-06 18:54 -------- d-----w- c:\users\Lloyd\AppData\Roaming\InterTrust
2009-09-06 18:54 . 2008-05-08 18:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 12:39 . 2009-09-03 05:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 05:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-20 11:11 . 2009-08-20 11:10 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-14 17:07 . 2009-09-08 19:19 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-08 19:19 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29 . 2009-09-08 19:19 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-08 19:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-08 19:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-08 19:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-08 19:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-08 19:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-08 19:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-08 19:19 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-18 16:06 . 2009-07-31 10:58 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 10:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 10:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 11:27 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-14 11:27 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 11:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 11:27 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 11:27 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 92704]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-01 520024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2008-10-19 913408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F4804A2-82D9-40BC-86BF-E34442CF4EE8}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7D3EE105-EE61-4494-A6C5-96CC773FE365}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{25127F28-3B38-4CE4-A123-7B3E19937FC4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{A0BC9E8E-18EE-4E3E-BEBB-A0E43DFA8FE2}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{069128BB-ED73-4090-8F24-E4DC22A64792}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{4A07C5B3-9D35-4E04-9E53-D87A782C1A90}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{56ABEB14-8CC2-4BAB-BD08-1BFBA268A75B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{AD70C7F1-44D6-4720-875D-855A6EE061D1}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{DB6B1DD8-F3A1-4B99-9F23-ECAC4CEAC91B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{84247A04-9605-4E89-9FCE-8B551E172E6C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0E9DF07-AFA3-48BA-9632-7AE1CE447227}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{23EE8B53-BF18-4A20-9EAF-69931F36EC82}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{B3237BAB-6A21-4741-9BFD-93C44CB451F8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E8AF4DF3-5CC3-4618-B3F5-3A67FF2757AF}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3853D39E-81DA-466A-8200-25DAA4ED5006}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BB198969-2D72-4080-969F-A5D2F2523855}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9352630D-D70C-477C-9D79-802826E11C75}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"TCP Query User{F0DC61E5-5CA0-4E45-B556-03D6F2F05125}c:\\programdata\\microsoft\\windows\\start menu\\programs\\world of warcraft\\repair.exe"= UDP:c:\programdata\microsoft\windows\start menu\programs\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{2BC5BCB8-13E0-4A91-862E-4FC79556B501}c:\\programdata\\microsoft\\windows\\start menu\\programs\\world of warcraft\\repair.exe"= TCP:c:\programdata\microsoft\windows\start menu\programs\world of warcraft\repair.exe:Blizzard Repair Utility
"{6DFDFC5B-7A3E-4979-B678-DEB8080222E1}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{54635187-B9C4-4594-BA15-06A3DE8B9B56}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{6D98E943-D3CE-4014-9468-5260A52588E4}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:Blizzard Downloader
"{57A1C342-13FF-494D-AB1B-F193D8D20E18}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:Blizzard Downloader
"{025026E8-A850-4131-BAF7-B955715C4AF3}"= UDP:3724:Blizzard Downloader: 3724
"{24CD35FB-B93F-4877-85D1-7F6AB33DACC2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{78B9B107-23D9-4F34-AFFA-2A5FE343D8C1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D68028AE-2C64-4F74-B307-BCB93397E0E1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE2A175F-9AC6-49E7-BF75-B298D4F58DD2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C571F207-4788-4AF2-8C1E-FA4041ACE2BF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6756EB63-1716-4B31-BEE6-C4F7E9A3731F}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{A564CFAF-4CFD-4F55-8B76-3D2B8724A31F}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{31A02D42-EAC8-4F71-A09F-49FAE57A0798}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{D8FC0948-565F-4817-887C-FFA61AE60CA5}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{145899FD-9BED-448C-BD5C-DCFFE5213314}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{978D373B-AC85-434D-BAB5-53FCC3505923}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{AB11B50A-B447-43A4-9B66-6299A98B7B05}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{AB553C5E-86E7-472E-82B0-35765D93151D}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{78DDA6BF-B167-4205-BD82-EB6CA638F623}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{18E05A3B-4106-4C6F-A3CF-B0264427805B}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{A3185138-8ECC-4C8B-AD3B-F20A8FE88E2D}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{E52EE3A8-0A7B-40F6-9A15-944DC5211523}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{4DBD9990-4A95-4BF5-8105-4C355BE4DA7F}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{8E126FED-7378-4F76-ABF3-6CE149DBAAE7}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{0ED2852D-372A-4DA8-BEE7-3828378C4572}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{C167A1A2-A66D-45C7-B17A-2841DF7C8EAC}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"TCP Query User{9D0A4A01-980B-4E91-8709-EF119CBB4327}c:\\users\\lloyd\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\noyglfw2\\yuleech-runesofmagic2_0_1_1821-en[1].exe"= UDP:c:\users\lloyd\appdata\local\microsoft\windows\temporary internet files\content.ie5\noyglfw2\yuleech-runesofmagic2_0_1_1821-en[1].exe:yuleech-runesofmagic2_0_1_1821-en[1].exe
"UDP Query User{26A9751F-AFCE-4BD7-ACC6-660493FE255B}c:\\users\\lloyd\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\noyglfw2\\yuleech-runesofmagic2_0_1_1821-en[1].exe"= TCP:c:\users\lloyd\appdata\local\microsoft\windows\temporary internet files\content.ie5\noyglfw2\yuleech-runesofmagic2_0_1_1821-en[1].exe:yuleech-runesofmagic2_0_1_1821-en[1].exe
"{93044C04-762E-4B52-89DE-1F46F5F2FA94}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader
"{B113D82F-2904-4250-BE8B-3F02D315580B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader
"{362823FF-FD91-4801-AA33-E185A97CD1F5}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{BE8442F2-C928-4B78-9B68-1C76BA71C5F2}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{19872AAC-09BD-444A-933D-53590FA650DB}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:Blizzard Downloader
"{A8E1381B-038F-42BA-BD72-2A38A71888ED}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:Blizzard Downloader
"{6DBA60CE-0E8B-4061-9424-73CE79D77139}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:Blizzard Downloader
"{D07DC387-9859-47BB-B9EB-05FBC5603176}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:Blizzard Downloader
"{CD747450-B1D3-4B29-9836-38451163599A}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)
"{95C83005-FA72-4DAB-9508-DBE5D05DCBC3}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [1-10-2009 21:42 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [1-10-2009 21:38 114768]
R2 acedrv10;acedrv10;c:\windows\System32\drivers\ACEDRV10.sys [27-7-2007 10:13 330144]
R2 acehlp10;acehlp10;c:\windows\System32\drivers\acehlp10.sys [27-7-2007 12:46 251680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [8-5-2008 20:48 269448]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1-10-2009 21:38 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1-10-2009 21:38 53328]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [8-5-2008 20:33 24576]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [17-3-2009 21:43 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18-1-2009 23:34 1028432]
R2 litsgt;litsgt;c:\windows\System32\drivers\litsgt.sys [18-9-2009 7:07 137344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3-10-2009 17:03 1153368]
R2 tansgt;tansgt;c:\windows\System32\drivers\tansgt.sys [18-9-2009 7:07 12032]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [8-5-2008 13:58 43552]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [21-1-2009 15:09 1527900]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [1-2-2008 16:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [1-2-2008 16:17 8320]
.
Inhoud van de 'Gedeelde Taken' map
2009-10-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:19]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://nl.intl.acer.yahoo.com
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\oiygezsr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Lloyd\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{463B7604-3D35-4348-85C5-34EA0A8107D3} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-HijackThis - G:\HijackThis.exe
AddRemove-Save - c:\program files\Save\SaveUninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-11 15:57
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(3728)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2009-10-11 16:01 - machine werd herstart
ComboFix-quarantined-files.txt 2009-10-11 14:01
Pre-Run: 56.618.274.816 bytes beschikbaar
Post-Run: 56.192.643.072 bytes beschikbaar
357 --- E O F --- 2009-10-09 12:01
DDs
DDS (Ver_09-09-29.01) - NTFSx86
Run by Lloyd at 16:06:56,55 on zo 11-10-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.1790.799 [GMT 2:00]
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mStart Page = hxxp://nl.intl.acer.yahoo.com
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {2C5A7A51-7E8D-497E-852A-D63AD9014E14} - No File
EB: {8BCB5337-EC01-4E38-840C-A964F174255B} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\siteco~1.lnk - c:\program files\sitecom\sitecom wireless network usb adapter turbo g wl-172\installer\WLANUTL.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1232296316_8d3be8400e4bbf3c092544996ecedc2f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\reference 2001\msero.dll
Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\lloyd\appdata\roaming\mozilla\firefox\profiles\oiygezsr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lloyd\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-1 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-1 114768]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-27 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-27 251680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-5-8 269448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-1 53328]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-8 24576]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-17 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2009-9-18 137344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-3 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2009-9-18 12032]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-8 43552]
S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-1-21 1527900]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]
=============== Created Last 30 ================
2009-10-11 15:56 <DIR> --d----- C:\$RECYCLE.BIN
2009-10-11 15:45 229,888 a------- c:\windows\PEV.exe
2009-10-11 15:45 161,792 a------- c:\windows\SWREG.exe
2009-10-11 15:45 98,816 a------- c:\windows\sed.exe
2009-10-11 15:45 <DIR> --d----- C:\ComboFix
2009-10-10 14:33 <DIR> --d----- c:\users\lloyd\appdata\roaming\Malwarebytes
2009-10-10 14:33 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 14:33 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-10 14:33 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-10 14:33 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-10 14:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 22:49 <DIR> --d----- c:\program files\MegaSpoof
2009-10-03 17:07 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-03 17:03 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-10-03 17:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-03 17:03 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-10-03 13:45 <DIR> --d----- c:\program files\CCleaner
2009-10-01 21:42 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-01 21:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-01 21:38 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-01 21:15 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-01 21:03 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-01 21:03 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-01 21:02 <DIR> --d----- c:\windows\pss
2009-10-01 21:02 <DIR> --d----- c:\programdata\Lavasoft
2009-10-01 21:02 <DIR> --d----- c:\program files\Lavasoft
2009-10-01 19:53 <DIR> --d----- c:\users\lloyd\appdata\roaming\eSobi
2009-10-01 16:59 <DIR> --d----- C:\Sounds
2009-10-01 16:56 1,164,728 a------- c:\windows\system32\NMSDVDXU.dll
2009-10-01 16:56 630,784 a------- c:\windows\system32\vsflex8u.ocx
2009-10-01 16:56 419,240 a------- c:\windows\system32\Vsflex7L.ocx
2009-10-01 16:56 244,416 a------- c:\windows\system32\Msflxgrd.ocx
2009-10-01 16:56 <DIR> --d----- c:\users\lloyd\appdata\roaming\LG Electronics
2009-10-01 16:56 <DIR> --d----- c:\program files\LG PC Suite II
2009-10-01 16:50 24,832 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-10-01 16:50 19,968 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-10-01 16:50 13,056 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-10-01 16:50 <DIR> --d----- c:\program files\LG Electronics
2009-09-24 19:16 <DIR> --d----- c:\users\lloyd\Program Files
2009-09-24 17:22 <DIR> --d----- c:\users\lloyd\appdata\roaming\DNA
2009-09-24 17:22 <DIR> --d----- c:\program files\DNA
2009-09-24 17:22 <DIR> --d----- c:\program files\GamersFirst
2009-09-24 07:12 <DIR> --d----- c:\program files\Microsoft Encarta
2009-09-20 21:59 <DIR> --d----- c:\program files\Rockstar Games
2009-09-18 07:07 137,344 a------- c:\windows\system32\drivers\litsgt.sys
2009-09-18 07:07 12,032 a------- c:\windows\system32\drivers\tansgt.sys
2009-09-18 07:04 <DIR> --d----- c:\program files\Atari
2009-09-15 18:05 <DIR> --d----- c:\program files\GameSpy Arcade
2009-09-15 18:01 <DIR> --d----- c:\program files\Firefly Studios
==================== Find3M ====================
2009-10-10 14:33 675,602 a------- c:\windows\system32\perfh013.dat
2009-10-10 14:33 130,282 a------- c:\windows\system32\perfc013.dat
2009-10-01 17:00 51,200 a------- c:\windows\inf\infpub.dat
2009-10-01 17:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-01 17:00 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 14:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 14:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 14:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 14:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 14:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 12:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-14 19:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 18:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 18:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 16:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 16:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 16:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 16:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 16:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 16:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 16:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-18 18:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 18:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 11:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 16:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 15:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 14:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 14:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 12:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-29 07:34 34 a------- c:\users\lloyd\jagex_runescape_preferences.dat
2008-11-09 16:28 0 a------- c:\users\lloyd\appdata\roaming\wklnhst.dat
2008-10-21 07:55 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:43 336,440 a------- c:\windows\inf\perflib\0413\perfi.dat
2008-01-21 08:43 336,440 a------- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 08:43 41,976 a------- c:\windows\inf\perflib\0413\perfd.dat
2008-01-21 08:43 41,976 a------- c:\windows\inf\perflib\0413\perfc.dat
2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 16:08:49,47 ===============
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:04, on 11-10-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
G:\HijackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD5/JSCDL/...6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
--
End of file - 11374 bytes
Can I just mention that I really appreciate your help in cleaning this pc!
