Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Nia

Pages: [1]
1
Tech Clinic / It's that time again
« on: June 08, 2009, 01:27:23 PM »
I tried it again and selected 'remove unhealed items to vault' that worked fine and today I tried it with "remove selected infections" and it froze again. Here's what it found the first time:

"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\2o7.net.29c43642";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\2o7.net.b368833d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.12e6c053";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\media.adrevolver.com.7fd89687";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revenue.net.bcf44ea1";"Found Tracking cookie.Revenue";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.b8d48360";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\searchportal.information.com.4a4cae2d";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\tradedoubler.com.ef90aa95";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\yadroWebsite removed for spamming.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\vetpoexf.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"


I was a bit too opimistic after that so I didn't save the second report, but they were all cookies as well. Is it probably that my avg just doesn't work properly? The programs aren't all that slow anymore, but it does take longer for windows to start up.

2
Tech Clinic / It's that time again
« on: June 06, 2009, 04:24:44 PM »
Nothing here either. I remembered, I think ran the Cleanup! program before I posted. Could the virus have been erased? Here's the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Saturday, June 6, 2009
 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Saturday, June 06, 2009 11:11:06
 Records in database: 2318019
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   F:\

Scan statistics:
   Files scanned: 129245
   Threat name: 0
   Infected objects: 0
   Suspicious objects: 0
   Duration of the scan: 03:18:36

No malware has been detected. The scan area is clean.

The selected area was scanned.

3
Tech Clinic / It's that time again
« on: June 05, 2009, 04:39:35 PM »
OTS logfile created on: 5-6-2009 22:55:18 - Run 1
OTS by OldTimer - Version 3.0.3.0     Folder = C:\Users\Media\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,54% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 24,62 Gb Free Space | 22,09% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 83,13 Gb Free Space | 79,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC_VAN_MEDIA
Current User Name: Media
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
acervcm.exe -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe -> [2009-01-07 17:41:42 | 01,216,512 | ---- | M] (Acer Incorporated)
acp2hid.exe -> C:\Program Files\Acer\Acer VCM\acp2HID.exe -> [2007-03-27 12:00:32 | 00,196,608 | ---- | M] (Acer Inc.)
agentsvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -> [2008-03-03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2007-12-11 05:15:04 | 00,012,800 | ---- | M] (Agere Systems)
arcadedeluxeagent.exe -> C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe -> [2008-07-24 15:54:10 | 00,147,456 | ---- | M] (CyberLink Corp.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009-05-24 11:19:00 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009-05-24 11:18:59 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009-05-24 11:19:00 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009-05-24 11:19:00 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009-05-24 11:18:59 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009-05-24 11:18:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
backupsvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2008-04-25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.)
basvc.exe -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2009-05-12 02:45:04 | 03,520,512 | ---- | M] ()
bkuptray.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe -> [2008-04-25 22:36:20 | 00,028,672 | ---- | M] ()
clhnservice.exe -> C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -> [2008-01-16 18:35:02 | 00,081,504 | ---- | M] ()
clmlsvc.exe -> C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe -> [2008-07-24 15:54:18 | 00,167,936 | ---- | M] (CyberLink)
compptcvui.exe -> C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe -> [2009-05-12 02:45:13 | 03,485,696 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
eaudio.exe -> C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe -> [2008-05-30 13:24:30 | 00,544,768 | ---- | M] (Acer Incorporated)
edsloader.exe -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe -> [2008-07-29 18:52:50 | 00,526,896 | ---- | M] (Egis Incorporated)
edsservice.exe -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -> [2008-07-29 18:53:00 | 00,500,784 | ---- | M] (Egis Incorporated)
epower_dmc.exe -> C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe -> [2008-08-01 10:51:42 | 00,405,504 | ---- | M] (Acer Inc.)
etservice.exe -> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -> [2008-06-02 10:25:40 | 00,024,576 | ---- | M] ()
evteng.exe -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008-04-30 20:41:12 | 00,815,104 | ---- | M] (Intel® Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008-10-29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009-04-24 11:27:03 | 00,307,704 | ---- | M] (Mozilla Corporation)
framework.launcher.exe -> C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe -> [2008-06-02 10:26:22 | 00,319,488 | ---- | M] ()
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009-05-12 02:41:12 | 00,068,856 | ---- | M] (Google Inc.)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008-07-20 18:45:06 | 00,182,808 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008-07-20 18:45:06 | 00,354,840 | ---- | M] (Intel Corporation)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2008-06-16 11:58:38 | 00,809,480 | ---- | M] (Dritek System Inc.)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -> [2006-10-26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation)
mobilityservice.exe -> C:\Acer\Mobility Center\MobilityService.exe -> [2007-12-06 17:15:28 | 00,110,592 | ---- | M] ()
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008-01-21 04:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation)
nvvsvc.exe -> C:\Windows\System32\nvvsvc.exe -> [2008-12-05 12:24:00 | 00,203,296 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Users\Media\Downloads\OTS.exe -> [2009-06-05 22:46:27 | 00,505,344 | ---- | M] (OldTimer Tools)
pdtwzd.exe -> C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe -> [2009-05-12 02:44:55 | 03,719,680 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
plfseti.exe -> C:\Windows\PLFSetI.exe -> [2008-06-30 17:56:32 | 00,200,704 | ---- | M] ()
pmvservice.exe -> C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe -> [2008-07-18 16:04:36 | 00,167,936 | ---- | M] (Acer Corp.)
popcfde.tmp -> C:\Users\Media\Documents\Games\bejeweled 2 deluxe\popCFDE.tmp -> [2009-06-05 21:18:36 | 01,675,264 | -H-- | M] ()
pwdbank.exe -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe -> [2009-05-12 02:45:18 | 03,833,640 | ---- | M] ()
regsrvc.exe -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008-04-30 20:10:10 | 00,466,944 | ---- | M] (Intel® Corporation)
richvideo.exe -> C:\Program Files\Cyberlink\Shared files\RichVideo.exe -> [2007-01-09 19:25:30 | 00,272,024 | ---- | M] ()
rs_service.exe -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008-07-19 15:13:44 | 00,233,472 | ---- | M] (Acer Incorporated)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2008-05-07 10:19:26 | 06,139,904 | ---- | M] (Realtek Semiconductor)
rtkbtmnt.exe -> C:\Users\Media\AppData\Local\Temp\RtkBtMnt.exe -> [2009-05-12 02:44:02 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.)
schedulersvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2008-04-25 22:36:02 | 00,131,072 | ---- | M] ()
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2008-04-04 11:26:54 | 01,037,608 | ---- | M] (Synaptics, Inc.)
syntphelper.exe -> C:\Program Files\Synaptics\SynTP\SynTPHelper.exe -> [2008-04-04 11:27:02 | 00,095,528 | ---- | M] (Synaptics, Inc.)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2008-01-21 04:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation)
vfsfpservice.exe -> C:\Windows\System32\vfsFPService.exe -> [2008-05-26 05:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.)
winbej2.exe -> C:\Users\Media\Documents\Games\bejeweled 2 deluxe\WinBej2.exe -> [2007-12-04 05:56:28 | 02,040,226 | ---- | M] ()
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2007-12-11 05:15:04 | 00,012,800 | ---- | M] (Agere Systems)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009-05-24 11:18:59 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009-05-24 11:18:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BUNAgentSvc) NTI Backup Now 5 Agent Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -> [2008-03-03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.)
(CLHNService) CLHNService [Win32_Own | Auto | Running] -> C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -> [2008-01-16 18:35:02 | 00,081,504 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-01-21 04:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation)
(eDataSecurity Service) eDataSecurity Service [Win32_Own | Auto | Running] -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -> [2008-07-29 18:53:00 | 00,500,784 | ---- | M] (Egis Incorporated)
(ehRecvr) Windows Media Center Receiver-service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008-01-21 04:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler-service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006-11-02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(ETService) Empowering Technology Service [Win32_Own | Auto | Running] -> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -> [2008-06-02 10:25:40 | 00,024,576 | ---- | M] ()
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2008-01-21 04:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation)
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008-04-30 20:41:12 | 00,815,104 | ---- | M] (Intel® Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008-01-21 04:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-092308-165331) Google Desktop Manager 5.8.809.23506 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009-01-12 21:23:52 | 00,030,192 | ---- | M] (Google)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-05-23 23:00:30 | 00,182,768 | ---- | M] (Google)
(IAANTMON) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008-07-20 18:45:06 | 00,354,840 | ---- | M] (Intel Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008-01-21 04:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation)
(IGBASVC) iGroupTec Service [Win32_Own | Auto | Running] -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2009-05-12 02:45:04 | 03,520,512 | ---- | M] ()
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -> [2006-10-26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation)
(MobilityService) MobilityService [Win32_Own | Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2007-12-06 17:15:28 | 00,110,592 | ---- | M] ()
(NetTcpPortSharing) Net.Tcp-service voor het delen van poorten [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008-01-21 04:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NTIBackupSvc) NTI Backup Now 5 Backup Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2008-04-25 22:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.)
(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2008-04-25 22:36:02 | 00,131,072 | ---- | M] ()
(nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\Windows\System32\nvvsvc.exe -> [2008-12-05 12:24:00 | 00,203,296 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008-04-30 20:10:10 | 00,466,944 | ---- | M] (Intel® Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> C:\Program Files\Cyberlink\Shared files\RichVideo.exe -> [2007-01-09 19:25:30 | 00,272,024 | ---- | M] ()
(RS_Service) Raw Socket Service [Win32_Own | Auto | Running] -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008-07-19 15:13:44 | 00,233,472 | ---- | M] (Acer Incorporated)
(vfsFPService) Validity Fingerprint Service [Win32_Own | Auto | Running] -> C:\Windows\System32\vfsFPService.exe -> [2008-05-26 05:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008-01-21 04:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing-service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008-01-21 04:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008-01-21 04:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008-01-21 04:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008-01-21 04:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\AGRSM.sys -> [2008-02-29 09:13:38 | 01,202,560 | ---- | M] (Agere Systems)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(AlfaFF) AlfaFF File System mini-filter [File_System | Boot | Running] -> C:\Windows\system32\Drivers\AlfaFF.sys -> [2009-05-12 02:44:59 | 00,043,184 | ---- | M] (Alfa Corporation)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008-01-21 04:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008-01-21 04:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008-01-21 04:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009-05-24 11:19:08 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009-05-24 11:19:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009-05-24 11:19:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008-01-21 04:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\DKbFltr.sys -> [2006-11-02 15:29:36 | 00,021,264 | ---- | M] (Dritek System Inc.)
(DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> C:\Program Files\Launch Manager\DPortIO.sys -> [2006-11-02 15:27:34 | 00,020,112 | ---- | M] (Dritek System Inc.)
(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2008-01-21 04:23:24 | 00,118,784 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008-01-21 04:23:22 | 00,342,584 | ---- | M] (Emulex)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008-01-21 04:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\iaStor.sys -> [2008-07-20 18:44:44 | 00,324,120 | ---- | M] (Intel Corporation)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008-01-21 04:23:23 | 00,235,064 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2007-01-26 08:32:18 | 00,069,632 | ---- | M] ()
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2008-05-07 13:22:50 | 02,134,424 | ---- | M] (Realtek Semiconductor Corp.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(itecir) ITECIR Infrared Receiver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\itecir.sys -> [2007-12-18 17:12:12 | 00,054,784 | ---- | M] (ITE Tech. Inc. )
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\L1E60x86.sys -> [2008-05-19 18:23:00 | 00,047,104 | ---- | M] (Atheros Communications, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008-01-21 04:23:25 | 00,089,656 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008-01-21 04:23:27 | 00,031,288 | ---- | M] (LSI Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008-01-21 04:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(NETw5v32) Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NETw5v32.sys -> [2008-04-28 00:29:26 | 03,658,752 | ---- | M] (Intel Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NTIDrvr.sys -> [2008-01-30 11:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.)
(NTIPPKernel) NTIPPKernel [Kernel | Auto | Running] -> C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -> [2008-01-16 18:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2008-09-24 23:39:48 | 00,045,600 | ---- | M] (NVIDIA Corporation)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\nvlddmkm.sys -> [2008-12-05 12:24:00 | 07,538,560 | ---- | M] (NVIDIA Corporation)
(nvraid) NVIDIA nForce RAID Driver    [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008-01-21 04:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008-01-21 04:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(PSDFilter) PSDFilter [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\psdfilter.sys -> [2008-07-29 18:53:10 | 00,018,992 | ---- | M] (Egis Incorporated)
(PSDNServ) PSDNServ [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\PSDNServ.sys -> [2008-07-29 18:53:10 | 00,016,944 | ---- | M] (Egis Incorporated)
(psdvdisk) psdvdisk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\PSDVdisk.sys -> [2008-07-29 18:53:12 | 00,060,464 | ---- | M] (Egis Incorporated)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008-01-21 04:23:24 | 01,122,360 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008-01-21 04:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\SynTP.sys -> [2008-04-04 11:26:56 | 00,196,784 | ---- | M] (Synaptics, Inc.)
(UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2008-01-30 11:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008-01-21 04:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008-01-21 04:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(vfs101x) vfs101x [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vfs101x.sys -> [2008-05-26 05:44:14 | 00,040,752 | ---- | M] (Validity Sensors, Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008-01-21 04:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008-01-21 04:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Kernel | Auto | Running] -> C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -> [2008-07-18 16:05:10 | 00,061,424 | ---- | M] (Cyberlink Corp.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935 ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://global.acer.com [binary data] ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> http://www.woningnet.nl/ [binary data] ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://games.asobrain.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search/?q=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\prefs.js ->
browser.search.selectedEngine -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://jeannie81.livejournal.com/friends | mail.yahoo.com" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7 ->
extensions.enabledItems -> [email protected]:1.19 ->
extensions.enabledItems -> {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.041 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.9 ->
extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
extensions.enabledItems -> {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.08 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009-06-03 04:43:09 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8} -> C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF] -> [2009-06-03 04:43:09 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009-05-23 23:00:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009-05-26 21:25:25 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
 -> C:\Users\Media\AppData\Roaming\mozilla\Extensions -> [2009-05-23 23:00:21 | 00,000,000 | ---D | M]
 -> C:\Users\Media\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009-05-23 23:00:21 | 00,000,000 | ---D | M]
 -> C:\Users\Media\AppData\Roaming\mozilla\Extensions\[email protected] -> [2009-05-23 23:00:21 | 00,000,000 | ---D | M]
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions -> [2009-06-05 22:53:26 | 00,989,870 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\[email protected] -> [2009-06-05 22:55:19 | 00,991,869 | ---- | M] ()
 -> C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\vetpoexf.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}\chrome\mozapps\extensions -> [2009-05-23 23:39:46 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\searchplugins\ -> C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\searchplugins -> [2009-05-30 01:13:09 | 00,000,000 | ---D | M]
askcom.xml -> C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\searchplugins\askcom.xml -> [2009-05-24 11:08:26 | 00,002,207 | ---- | M] ()
imdb.xml -> C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\searchplugins\imdb.xml -> [2009-05-30 01:13:09 | 00,001,504 | ---- | M] ()
youtube.xml -> C:\Users\Media\AppData\Roaming\Mozilla\FireFox\Profiles\vetpoexf.default\searchplugins\youtube.xml -> [2009-05-23 23:34:24 | 00,004,140 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009-04-24 11:27:04 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009-04-24 11:27:04 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009-04-24 11:27:04 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009-04-24 11:27:04 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009-05-23 23:00:08 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009-04-24 11:27:05 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009-04-24 11:27:05 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009-05-26 21:25:25 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009-04-24 11:27:05 | 00,065,528 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009-05-24 11:16:00 | 00,000,000 | ---D | M]
bolcom-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\bolcom-nl.xml -> [2008-02-08 11:12:30 | 00,001,890 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008-04-16 06:08:20 | 00,001,706 | ---- | M] ()
marktplaats-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\marktplaats-nl.xml -> [2008-02-11 23:02:16 | 00,004,558 | ---- | M] ()
vandale-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\vandale-nl.xml -> [2007-11-09 11:17:02 | 00,001,111 | ---- | M] ()
wikipedia-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia-nl.xml -> [2008-03-18 13:19:22 | 00,001,049 | ---- | M] ()
yahoo-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-nl.xml -> [2007-11-09 11:17:02 | 00,000,802 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1       localhost
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008-06-11 23:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009-05-24 11:19:00 | 01,107,224 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKLM] -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [ShowBarObj Class] -> [2008-07-29 18:51:50 | 00,312,880 | ---- | M] (Egis)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2008-11-18 14:47:06 | 00,408,952 | ---- | M] (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> C:\Program Files\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2009-05-24 11:19:05 | 02,223,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009-05-23 22:57:34 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009-05-23 23:00:31 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009-05-23 22:57:34 | 00,470,512 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-03-09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009-05-23 22:57:34 | 00,259,696 | ---- | M] (Google Inc.)
"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" [HKLM] -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [Acer eDataSecurity Management] -> [2008-07-29 18:52:08 | 00,142,896 | ---- | M] (Egis Incorporated.)
"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> C:\Program Files\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2009-05-24 11:19:05 | 02,223,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [Acer eDataSecurity Management] -> [2008-07-29 18:52:08 | 00,142,896 | ---- | M] (Egis Incorporated.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009-05-23 22:57:34 | 00,259,696 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008-06-12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"ArcadeDeluxeAgent" -> C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe ["C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"] -> [2008-07-24 15:54:10 | 00,147,456 | ---- | M] (CyberLink Corp.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009-05-24 11:18:59 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BkupTray" -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ["C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"] -> [2008-04-25 22:36:20 | 00,028,672 | ---- | M] ()
"CLMLServer" -> C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe ["C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"] -> [2008-07-24 15:54:18 | 00,167,936 | ---- | M] (CyberLink)
"eAudio" -> C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe ["C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"] -> [2008-05-30 13:24:30 | 00,544,768 | ---- | M] (Acer Incorporated)
"eDataSecurity Loader" -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe] -> [2008-07-29 18:52:50 | 00,526,896 | ---- | M] (Egis Incorporated)
"ePower_DMC" -> C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe] -> [2008-08-01 10:51:42 | 00,405,504 | ---- | M] (Acer Inc.)
"eRecoveryService" ->  [] -> File not found
"Google Desktop Search" ->  ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2008-07-20 18:45:06 | 00,182,808 | ---- | M] (Intel Corporation)
"LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2008-06-16 11:58:38 | 00,809,480 | ---- | M] (Dritek System Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008-12-05 12:24:00 | 13,601,312 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008-12-05 12:24:00 | 00,092,704 | ---- | M] (NVIDIA Corporation)
"PlayMovie" -> C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe ["C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"] -> [2008-07-18 16:04:36 | 00,167,936 | ---- | M] (Acer Corp.)
"PLFSetI" -> C:\Windows\PLFSetI.exe [C:\Windows\PLFSetI.exe] -> [2008-06-30 17:56:32 | 00,200,704 | ---- | M] ()
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2008-05-07 10:19:26 | 06,139,904 | ---- | M] (Realtek Semiconductor)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008-04-04 11:26:54 | 01,037,608 | ---- | M] (Synaptics, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008-01-21 04:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation)
"ZPdtWzdVitaKey MC3000" -> C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe ["C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show] -> [2009-05-12 02:44:55 | 03,719,680 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" ->  [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Eraser" -> C:\Program Files\Eraser\Eraser.exe [C:\Program Files\Eraser\Eraser.exe -hide] -> [2007-12-23 01:03:28 | 00,916,240 | ---- | M] (The Eraser Project)
"ProductReg" -> C:\Program Files\Acer\WR_PopUp\ProductReg.exe ["C:\Program Files\Acer\WR_PopUp\ProductReg.exe"] -> [2008-11-17 09:47:56 | 00,135,168 | ---- | M] (Acer)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009-05-12 02:41:12 | 00,068,856 | ---- | M] (Google Inc.)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  
  • -> File not found

\\"dontdisplaylastusername" ->  
  • -> File not found

\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  
  • -> File not found

\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  
  • -> File not found

\\"EnableUIADesktopToggle" ->  
  • -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xporteren naar Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2007-10-05 21:37:38 | 17,927,192 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Button: Quick-Launching Area] -> [2009-05-12 02:45:18 | 03,833,640 | ---- | M] ()
{10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Menu: Quick-Launching Area] -> [2009-05-12 02:45:18 | 03,833,640 | ---- | M] ()
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: In weblog opnemen] -> [2008-12-02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &In weblog opnemen met Windows Live Writer] -> [2008-12-02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Verzenden naar OneNote] -> [2007-08-29 01:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: Verz&enden naar OneNote] -> [2007-08-29 01:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet |  ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_13] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 195.241.77.55 195.241.77.58 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{57309779-A609-451C-A2E5-AE5C56B5A605}\\DhcpNameServer -> 192.168.1.254 195.241.77.55 195.241.77.58   (Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller) ->
{6F022C26-00AF-4888-9482-EE95D3124458}\\DhcpNameServer -> 192.168.1.254 195.241.77.55 195.241.77.58   (Intel® Wireless WiFi Link 5100) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009-01-12 21:23:53 | 00,119,296 | ---- | M] (Google)
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009-05-24 11:19:13 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2008-10-29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AWinNotifyVitaKey MC3000 -> C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll -> [2009-05-12 02:45:17 | 03,162,624 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHIN

4
Tech Clinic / It's that time again
« on: June 05, 2009, 04:02:50 PM »

5
Tech Clinic / It's that time again
« on: June 05, 2009, 01:34:06 PM »
It didn't find anything:

Malwarebytes' Anti-Malware 1.37
Database version: 2234
Windows 6.0.6001 Service Pack 1

5-6-2009 20:08:28
mbam-log-2009-06-05 (20-08-28).txt

Scan type: Quick Scan
Objects scanned: 73776
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



But  I ran the hjt-log again just in case:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:54, on 5-6-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Media\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.asobrain.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11637 bytes


Thanks Again!

Nia

6
Tech Clinic / It's that time again
« on: June 04, 2009, 11:56:21 AM »
Hi guys,

I think I have a virus, but I can't be sure; I downloaded a "movie" and didn't check the file before I opened it (stupid I know). Now everything's working slower and my avg antivirus gets my computer frozen whenever I try to remove threats. So anyway, hope you can help, thanks in advance and here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:46, on 4-6-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Media\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.asobrain.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11426 bytes

7
Hardware / changing the harddrive location
« on: September 15, 2007, 03:57:02 PM »
Hi guys,

I've got a problem, I have an external harddrive that I have to plug in to start up every time I switch on my laptop. Normally its location is G. But I've been fiddling with virtual drives and now its location has changed from G to O. I have programs that run from G, so I need to change it back or I'll have to reinstall a whole lotta programs. I tried removing the virtual drives, but it didn't change back the location. So any help on this would really be appreciated, I really don't know what else to do. Also, I think this is a hardware problem, but now I'm not so sure its not a software problem, so sorry if it's misplaced.

Nia

8
Tech Clinic / Can I recover my deleted fotos?
« on: September 05, 2006, 05:06:08 PM »
I tried but I didn't get anything. Thanks for helping anyway. I thought I had saved the pics on disc, but it turns out I only saved half of the pics I wanted to. Well, at least I'll be more careful next time http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />. The thing is,the programs did find *much* older pics, like from last year,  but not the ones I recently deleted. Weird huh?

Thanks for your help, I really appreciate it.

9
Tech Clinic / Can I recover my deleted fotos?
« on: August 31, 2006, 02:08:34 PM »
I accidentaly deleted some pictures I took, without checking to see if I had them on cd first. Now, I deleted them with Steganos Shredder and I tried to recover them with PC Inspector File Recovery, but it didn't work. I was also ordering a printout of them with this program from an internet store. The order was also deleted accidentaly, but it wasn't deleted with the shredder. I also saved the order on another harddrive, but couldn't recover those files either.  Are my files lost forever? Please help, I really need to get those pics back!

10
Tech Clinic / not sure if I've removed the virus, please help!
« on: February 20, 2006, 05:27:02 PM »
I couldn't find the bszip file, but I did the rest, checked it with adaware and avg and everything is a-ok, so thank you very much for helping me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />. I tend to just delete things right and left when I get a virus, so I'm so happy I found this site.

11
Tech Clinic / not sure if I've removed the virus, please help!
« on: February 19, 2006, 04:41:22 PM »
I tried to extract the ServiceFilter file, but it doesn't work, I don't think it downloads properly. I decided to delete norton internet security and install ZoneAlarm for my firewall, I remembered I had it on a cd somewhere. I forgot to say thank you last post, I really appreciate this. Anyway, here's the Hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 22:39:09, on 19-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC07362E-B174-49BE-8EFD-087005BBA9FF}: NameServer = 195.121.1.34 195.121.1.66
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

12
Tech Clinic / not sure if I've removed the virus, please help!
« on: February 18, 2006, 07:26:18 AM »
I'd like to keep AVG, but I also have a firewall on my Norton Internet security. Do I have to delete the whole program or can I just leave some options on? I couldn't find that option on Norton that's why I'm asking, maybe you know how?

13
Tech Clinic / not sure if I've removed the virus, please help!
« on: February 16, 2006, 10:48:42 AM »
Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 16:50:18, on 16-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nia\Mijn documenten\Spellen\rummy\Cub Rummy\CubRummy.exe
C:\hjt\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC07362E-B174-49BE-8EFD-087005BBA9FF}: NameServer = 195.121.1.34 195.121.1.66
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

14
Tech Clinic / not sure if I've removed the virus, please help!
« on: February 15, 2006, 03:17:23 PM »
I got infected with Win32.P2P-Worm.Alcan.a  yesterday , so I looked through the threads and followed the steps,  but now I'm not sure I've really removed the virus. I haven't yet installed the hijackthis program, because I wanted to know if I did the right thing, so here are my Ad-aware and L2mfix logs. I hope you can help me.



Ad-Aware SE Build 1.06r1
Logfile Created on:woensdag 15 februari 2006 20:51:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R91 08.02.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


15-2-2006 20:51:29 - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\mediaplayer\preferences
    Description        : last playlist index loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\mediaplayer\preferences
    Description        : last playlist loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-2301585418-529066542-2346800501-1006\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 676
    ThreadCreationTime : 15-2-2006 19:41:08
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 756
    ThreadCreationTime : 15-2-2006 19:41:13
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 784
    ThreadCreationTime : 15-2-2006 19:41:17
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 828
    ThreadCreationTime : 15-2-2006 19:41:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Besturingssysteem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Services en controllertoepassingen
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 840
    ThreadCreationTime : 15-2-2006 19:41:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 984
    ThreadCreationTime : 15-2-2006 19:41:19
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1044
    ThreadCreationTime : 15-2-2006 19:41:19
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1080
    ThreadCreationTime : 15-2-2006 19:41:19
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1124
    ThreadCreationTime : 15-2-2006 19:41:19
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1228
    ThreadCreationTime : 15-2-2006 19:41:20
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [ccproxy.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\
    ProcessID          : 1512
    ThreadCreationTime : 15-2-2006 19:41:21
    BasePriority       : Normal
    FileVersion        : 103.0.4.3
    ProductVersion     : 103.0.4.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Network Proxy Service
    InternalName       : ccProxy
    LegalCopyright     : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccProxy.exe

#:12 [ccsetmgr.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\
    ProcessID          : 1528
    ThreadCreationTime : 15-2-2006 19:41:21
    BasePriority       : Normal
    FileVersion        : 103.0.4.3
    ProductVersion     : 103.0.4.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Settings Manager Service
    InternalName       : ccSetMgr
    LegalCopyright     : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccSetMgr.exe

#:13 [issvc.exe]
    FilePath           : C:\Program Files\Norton Internet Security\
    ProcessID          : 1540
    ThreadCreationTime : 15-2-2006 19:41:21
    BasePriority       : Normal
    FileVersion        : 8.0.5.14
    ProductVersion     : 8.0
    ProductName        : Norton Internet Security
    CompanyName        : Symantec Corporation
    FileDescription    : IS Service
    InternalName       : ISSVC.exe
    LegalCopyright     : Copyright © 2004 Symantec Corporation
    OriginalFilename   : ISSVC.exe

#:14 [sndsrvc.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\
    ProcessID          : 1552
    ThreadCreationTime : 15-2-2006 19:41:21
    BasePriority       : Normal
    FileVersion        : 5.5.1.6
    ProductVersion     : 5.5
    ProductName        : Symantec Security Drivers
    CompanyName        : Symantec Corporation
    FileDescription    : Network Driver Service
    InternalName       : SndSrvc
    LegalCopyright     : Copyright 2002, 2003, 2004 Symantec Corporation
    OriginalFilename   : SndSrvc.exe

#:15 [spbbcsvc.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\SPBBC\
    ProcessID          : 1564
    ThreadCreationTime : 15-2-2006 19:41:21
    BasePriority       : Normal
    FileVersion        : 1,0,1,47
    ProductVersion     : 1,0,1,47
    ProductName        : SPBBC
    CompanyName        : Symantec Corporation
    FileDescription    : SPBBC Service
    InternalName       : SPBBCSvc
    LegalCopyright     : Copyright © 2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : SPBBCSvc.exe

#:16 [ccevtmgr.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\
    ProcessID          : 1616
    ThreadCreationTime : 15-2-2006 19:41:22
    BasePriority       : Normal
    FileVersion        : 103.0.4.3
    ProductVersion     : 103.0.4.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Event Manager Service
    InternalName       : ccEvtMgr
    LegalCopyright     : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccEvtMgr.exe

#:17 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1872
    ThreadCreationTime : 15-2-2006 19:41:24
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion     : 5.1.2600.2696
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:18 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 1972
    ThreadCreationTime : 15-2-2006 19:41:24
    BasePriority       : Normal
    FileVersion        : 7,1,0,365
    ProductVersion     : 7.1.0.365
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:19 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 2040
    ThreadCreationTime : 15-2-2006 19:41:24
    BasePriority       : Normal
    FileVersion        : 7,1,0,349
    ProductVersion     : 7.1.0.349
    ProductName        : AVG 7.0 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:20 [ewidoctrl.exe]
    FilePath           : C:\Program Files\ewido anti-malware\
    ProcessID          : 176
    ThreadCreationTime : 15-2-2006 19:41:24
    BasePriority       : Normal
    FileVersion        : 3, 0, 0, 1
    ProductVersion     : 3, 0, 0, 1
    ProductName        : ewido control
    CompanyName        : ewido networks
    FileDescription    : ewido control
    InternalName       : ewido control
    LegalCopyright     : Copyright © 2004
    OriginalFilename   : ewidoctrl.exe

#:21 [navapsvc.exe]
    FilePath           : C:\Program Files\Norton Internet Security\Norton AntiVirus\
    ProcessID          : 208
    ThreadCreationTime : 15-2-2006 19:41:24
    BasePriority       : Normal
    FileVersion        : 11.0.9.16
    ProductVersion     : 11.0.9
    ProductName        : Norton AntiVirus
    CompanyName        : Symantec Corporation
    FileDescription    : Norton AntiVirus Auto-Protect Service
    InternalName       : NAVAPSVC
    LegalCopyright     : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : NAVAPSVC.EXE

#:22 [satsrv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 268
    ThreadCreationTime : 15-2-2006 19:41:25
    BasePriority       : Normal


#:23 [wdfmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 440
    ThreadCreationTime : 15-2-2006 19:41:26
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:24 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1332
    ThreadCreationTime : 15-2-2006 19:41:29
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:25 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 2164
    ThreadCreationTime : 15-2-2006 19:41:35
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2527 (xpsp.040919-1030)
    ProductVersion     : 6.00.2900.2527
    ProductName        : Besturingssysteem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Verkenner
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename   : EXPLORER.EXE

#:26 [vttrayp.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2480
    ThreadCreationTime : 15-2-2006 19:41:38
    BasePriority       : Normal
    FileVersion        : 2.00.30-1011
    ProductVersion     : 2.00.30-1011
    ProductName        : Part of S3 Screen Toys
    CompanyName        : S3 Graphics Co., Ltd.
    FileDescription    : s3contrl (32-bit)
    InternalName       : s3contrl
    LegalCopyright     : Copyright © 2004 S3 Graphics Co., Ltd.
    LegalTrademarks    : S3 is a registered trademark of S3 Incorporated
    Comments           : S3TrayPlus tray icon utility (32-bit)

#:27 [vttimer.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2488
    ThreadCreationTime : 15-2-2006 19:41:38
    BasePriority       : Normal
    FileVersion        : 1.04.06-1020
    ProductVersion     : 1.04.06-1020
    ProductName        : S3 Graphics, Inc. Utilities
    CompanyName        : S3 Graphics, Inc.
    InternalName       : S3Timer
    LegalCopyright     : Copyright © 2001-2004 S3 Graphics, Inc.
    LegalTrademarks    : S3 is a registered trademark of S3 Incorporated

#:28 [soundman.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 2496
    ThreadCreationTime : 15-2-2006 19:41:38
    BasePriority       : Normal
    FileVersion        : 5.1.0.30
    ProductVersion     : 5.1.0.29
    ProductName        : Realtek Sound Manager
    CompanyName        : Realtek Semiconductor Corp.
    FileDescription    : Realtek Sound Manager
    InternalName       : ALSMTray
    LegalCopyright     : Copyright © 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename   : ALSMTray.exe
    Comments           : Realtek AC97 Audio Sound Manager

#:29 [agrsmmsg.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 2528
    ThreadCreationTime : 15-2-2006 19:41:38
    BasePriority       : Normal
    FileVersion        : 2.1.41 2.1.41 06/07/2004 10:15:45
    ProductVersion     : 2.1.41 2.1.41 06/07/2004 10:15:45
    ProductName        : Agere SoftModem Messaging Applet
    CompanyName        : Agere Systems
    FileDescription    : SoftModem Messaging Applet
    InternalName       : smdmstat.exe
    LegalCopyright     : Copyright © Agere Systems 1998-2000
    OriginalFilename   : smdmstat.exe

#:30 [apoint.exe]
    FilePath           : C:\Program Files\Apoint2K\
    ProcessID          : 2548
    ThreadCreationTime : 15-2-2006 19:41:39
    BasePriority       : Normal
    FileVersion        : 5.5.1.185
    ProductVersion     : 5.5.1.185
    ProductName        : Alps Pointing-device Driver
    CompanyName        : Alps Electric Co., Ltd.
    FileDescription    : Alps Pointing-device Driver
    InternalName       : Alps Pointing-device Driver
    LegalCopyright     : Copyright © 1999-2003 Alps Electric Co., Ltd.
    OriginalFilename   : Apoint.exe

#:31 [ccapp.exe]
    FilePath           : C:\Program Files\Common Files\Symantec Shared\
    ProcessID          : 2572
    ThreadCreationTime : 15-2-2006 19:41:39
    BasePriority       : Normal
    FileVersion        : 103.0.4.3
    ProductVersion     : 103.0.4.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec User Session
    InternalName       : ccApp
    LegalCopyright     : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccApp.exe

#:32 [dragdiag.exe]
    FilePath           : C:\Program Files\Thomson\SpeedTouch USB\
    ProcessID          : 2580
    ThreadCreationTime : 15-2-2006 19:41:39
    BasePriority       : Normal
    FileVersion        : 301.0.0.12
    ProductVersion     : 301.0.0.12
    ProductName        : SpeedTouch USB
    CompanyName        : THOMSON Telecom Belgium
    FileDescription    : SpeedTouch Statistics
    LegalCopyright     : Copyright© THOMSON Telecom Belgium 1999-2004
    LegalTrademarks    : SpeedTouch

#:33 [jusched.exe]
    FilePath           : C:\Program Files\Java\jre1.5.0_01\bin\
    ProcessID          : 2592
    ThreadCreationTime : 15-2-2006 19:41:39
    BasePriority       : Normal


#:34 [ituneshelper.exe]
    FilePath           : C:\Program Files\iTunes\
    ProcessID          : 2624
    ThreadCreationTime : 15-2-2006 19:41:40
    BasePriority       : Normal
    FileVersion        : 5.0.1.4
    ProductVersion     : 5.0.1.4
    ProductName        : iTunes
    CompanyName        : Apple Computer, Inc.
    FileDescription    : iTunesHelper Module
    InternalName       : iTunesHelper
    LegalCopyright     : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename   : iTunesHelper.exe

#:35 [qttask.exe]
    FilePath           : C:\Program Files\QuickTime\
    ProcessID          : 2632
    ThreadCreationTime : 15-2-2006 19:41:41
    BasePriority       : Normal
    FileVersion        : 7.0.2
    ProductVersion     : QuickTime 7.0.2
    ProductName        : QuickTime
    CompanyName        : Apple Computer, Inc.
    FileDescription    : QuickTime Task
    InternalName       : QuickTime Task
    LegalCopyright     : Copyright Apple Computer, Inc. 1989-2005
    OriginalFilename   : QTTask.exe

#:36 [avgcc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 2688
    ThreadCreationTime : 15-2-2006 19:41:41
    BasePriority       : Normal
    FileVersion        : 7,1,0,355
    ProductVersion     : 7.1.0.355
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Control Center
    InternalName       : AvgCC
    LegalCopyright     : Copyright © 2005, GRISOFT, s.r.o.
    OriginalFilename   : AvgCC.EXE

#:37 [ipodservice.exe]
    FilePath           : C:\Program Files\iPod\bin\
    ProcessID          : 2696
    ThreadCreationTime : 15-2-2006 19:41:41
    BasePriority       : Normal
    FileVersion        : 5.0.1.4
    ProductVersion     : 5.0.1.4
    ProductName        : iTunes
    CompanyName        : Apple Computer, Inc.
    FileDescription    : iPodService Module
    InternalName       : iPodService
    LegalCopyright     : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
    OriginalFilename   : iPodService.exe

#:38 [apntex.exe]
    FilePath           : C:\Program Files\Apoint2K\
    ProcessID          : 2712
    ThreadCreationTime : 15-2-2006 19:41:41
    BasePriority       : Normal
    FileVersion        : 5.5.1.16
    ProductVersion     : 5.5.1.16
    ProductName        : Alps Pointing-device Driver for Windows NT/2000/XP
    CompanyName        : Alps Electric Co., Ltd.
    FileDescription    : Alps Pointing-device Driver for Windows NT/2000/XP
    InternalName       : Alps Pointing-device Driver for Windows NT/2000/XP
    LegalCopyright     : Copyright © 1998-2003 Alps Electric Co., Ltd.
    OriginalFilename   : ApntEx.exe

#:39 [ctfmon.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2740
    ThreadCreationTime : 15-2-2006 19:41:41
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : CTF Loader
    InternalName       : CTFMON
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : CTFMON.EXE

#:40 [msnmsgr.exe]
    FilePath           : C:\Program Files\MSN Messenger\
    ProcessID          : 2752
    ThreadCreationTime : 15-2-2006 19:41:42
    BasePriority       : Normal
    FileVersion        : 7.5.0311
    ProductVersion     : 7.5.0311
    ProductName        : MSN Messenger
    CompanyName        : Microsoft Corporation
    FileDescription    : MSN Messenger
    InternalName       : msnmsgr
    LegalCopyright     : Copyright © Microsoft Corporation 1997-2004
    LegalTrademarks    : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename   : msnmsgr.exe

#:41 [firefox.exe]
    FilePath           : C:\Program Files\Mozilla Firefox\
    ProcessID          : 3412
    ThreadCreationTime : 15-2-2006 19:42:11
    BasePriority       : Normal


#:42 [notepad.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2880
    ThreadCreationTime : 15-2-2006 19:45:23
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Besturingssysteem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Kladblok
    InternalName       : Notepad
    LegalCopyright     : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename   : NOTEPAD.EXE

#:43 [taskmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1420
    ThreadCreationTime : 15-2-2006 19:50:35
    BasePriority       : High
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Besturingssysteem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Taakbeheer
    InternalName       : taskmgr
    LegalCopyright     : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename   : taskmgr.exe

#:44 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 2148
    ThreadCreationTime : 15-2-2006 19:51:12
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Win32.P2P-Worm.Alcan.a Object Recognized!
    Type               : File
    Data               : bszip.dll
    TAC Rating         : 8
    Category           : Worm
    Comment            :
    Object             : C:\WINDOWS\system32\
    FileVersion        : 3.0.2.0
    ProductVersion     : 3.02
    ProductName        : BigSpeed Zip DLL
    CompanyName        : BigSpeedSoft
    InternalName       : bszip.dll
    LegalCopyright     : © BigSpeedSoft
    LegalTrademarks    : BigSpeed is a trademark of BigSpeedSoft
    OriginalFilename   : bszip.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 10




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

21:06:27 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:57.761
Objects scanned:131416
Objects identified:1
Objects ignored:0
New critical objects:1







L2MFIX find log 010406
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellextensies voor Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschappenpagina van vorige versies"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorige versies"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{00000000-5736-4205-0100-0ff9b7c016dd}"="Steganos Security Suite 2006"
"{B28C18DB-6816-4F31-9630-397683E3C2C3}"="Filzip Shell Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   browseui.dll   Thu 24 Nov 2005   1:39:20   A....      1.022.464   998,50 K
   bszip.dll      Wed 15 Feb 2006  14:40:32   A....         62.464    61,00 K
   gdi32.dll      Thu 29 Dec 2005   3:56:06   A....        280.064   273,50 K
   mshtml.dll     Thu 24 Nov 2005   1:39:22   A....      3.013.632     2,87 M
   shdocvw.dll    Thu  1 Dec 2005   4:33:22   A....      1.492.480     1,42 M
   webclnt.dll    Wed  4 Jan 2006   4:36:30   A....         68.096    66,50 K
   wmp.dll        Tue  6 Dec 2005   6:02:16   A....      5.533.696     5,28 M

7 items found:  7 files, 0 directories.
   Total of file sizes:  11.472.896 bytes     10,94 M
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
 De volumenaam van station C is N00589
 Het volumenummer is E057-C48B

 Map van C:\WINDOWS\System32

15-02-2006  00:42    <DIR>          dllcache
07-07-2005  23:21    <DIR>          Microsoft
               0 bestand(en)                0 bytes
               2 map(pen)  17.054.289.920 bytes beschikbaar

Pages: [1]