I think my computer is infected with suspicious.mh690.a virus , can anyone help?

Okay, please re-run OTL now and post the new OTL.txt log.

ok sorry to keep you waiting !
did the OTL again

here's the log

OTL logfile created on: 17/09/2010 18:28:50 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,57 Gb Total Space | 133,25 Gb Free Space | 69,56% Space Free | Partition Type: NTFS
Drive D: | 94,80 Gb Total Space | 94,71 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,86 Gb Total Space | 1,31 Gb Free Space | 70,26% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_VAN_STEVE
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/17 14:14:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.com
PRC - [2009/08/25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/09/21 01:32:50 | 000,561,152 | ---- | M] (C&E) -- C:\Program Files\C&E\OSD\osd.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/10 17:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/08 19:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006/11/22 18:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 11:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/17 14:14:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.com
MOD - [2007/11/03 11:43:02 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll
MOD - [2006/11/02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2009/08/25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe -- (NAV)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/11/03 10:17:36 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/04 02:01:50 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/08 19:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steve\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/17 17:07:45 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100917.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/17 17:07:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/17 17:07:45 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100917.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/12 15:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/01 21:39:20 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/09/01 20:04:32 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100916.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/02/13 22:33:51 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/08/30 02:17:21 | 000,338,480 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/08/30 02:17:20 | 000,169,008 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/30 02:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\SYMDS.SYS -- (SymDS)
DRV - [2009/08/30 02:16:50 | 000,114,736 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\Ironx86.SYS -- (SymIRON)
DRV - [2009/08/30 02:16:41 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\NAV\1100000.088\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/30 02:16:41 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/29 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/25 00:50:39 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1100000.088\ccHPx86.sys -- (ccHP)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/11/03 12:14:34 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/11/03 12:14:34 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/11/03 12:14:34 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/05 01:20:00 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2007/09/01 01:18:06 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - [2007/08/31 23:22:26 | 000,007,168 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - [2007/07/19 01:31:00 | 007,599,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/09 13:28:16 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/06/01 17:10:38 | 000,753,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007/05/10 18:25:12 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/04/04 05:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/02/25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006/11/22 18:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004/11/01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/09/12 15:20:17 | 000,000,000 | ---D | M]

[2009/08/14 12:00:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions
[2009/08/14 12:00:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/02/11 23:17:20 | 000,000,827 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u.com
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [recinfo] File not found
O4 - HKLM..\Run: [recinfo106] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [aavkk] C:\Windows\System32\aa7vqkkffa7.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [bbvqq7l] C:\Windows\System32\ql5g3bvvq.exe File not found
O4 - HKCU..\Run: [bqqlbb] C:\Windows\System32\bbvqq7lvg.exe File not found
O4 - HKCU..\Run: [fvvqq] C:\Windows\System32\vvqqlaavl.exe File not found
O4 - HKCU..\Run: [idssnni] C:\Windows\System32\nxn9iidx9s.exe File not found
O4 - HKCU..\Run: [iejdsmm] C:\Windows\System32\yhsgmmw.exe File not found
O4 - HKCU..\Run: [jncontmon] C:\Windows\System32\ssjitsys32.exe File not found
O4 - HKCU..\Run: [kaavkkf] C:\Windows\System32\avv6f5a2.exe File not found
O4 - HKCU..\Run: [lbbwl] C:\Windows\System32\qllg7bw1wq.exe File not found
O4 - HKCU..\Run: [mndpro32] C:\Windows\System32\primndd.exe File not found
O4 - HKCU..\Run: [ncstatsc] C:\Windows\System32\lsnccq.exe File not found
O4 - HKCU..\Run: [nddxnni] C:\Windows\System32\ddxn9iid.exe File not found
O4 - HKCU..\Run: [nniid] C:\Windows\System32\xn9iidx9s0n.exe File not found
O4 - HKCU..\Run: [pqezlr32] C:\Windows\System32\eyclcm.exe File not found
O4 - HKCU..\Run: [prodcmmp] C:\Windows\System32\ikddmch.exe File not found
O4 - HKCU..\Run: [qisdrmss] C:\Windows\System32\qodesnaq.exe File not found
O4 - HKCU..\Run: [qlbbwl] C:\Windows\System32\q0lggb1wqq.exe File not found
O4 - HKCU..\Run: [rlbbww] C:\Windows\System32\qll6wwq2.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [udccndw2] C:\Windows\System32\psiomcp.exe File not found
O4 - HKCU..\Run: [vvbvllg] C:\Windows\System32\6g7bvqq.exe File not found
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0wwr1lg.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\av5q1faqq1a.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddyo0i0dyy.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llgw0q0l.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlb9wwrl.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w1wqqlb9.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\y0to0i0dyy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steve\Desktop\Steve\Foto's\Reis Turkije (Side) 2009\DSC01085.JPG
O24 - Desktop BackupWallPaper: C:\Users\Steve\Desktop\Steve\Foto's\Reis Turkije (Side) 2009\DSC01085.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - Service
SafeBootMin: dmboot.sys - Driver
SafeBootMin: dmio.sys - Driver
SafeBootMin: dmload.sys - Driver
SafeBootMin: dmserver - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - Service
SafeBootNet: dmboot.sys - Driver
SafeBootNet: dmio.sys - Driver
SafeBootNet: dmload.sys - Driver
SafeBootNet: dmserver - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: SRService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 18:27:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.com
[2010/09/17 17:42:56 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/09/17 16:44:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2010/09/17 16:44:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/17 16:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/17 16:44:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/17 16:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 15:44:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/17 15:44:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/17 15:44:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/17 15:44:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/17 15:44:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/17 15:43:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/17 13:30:51 | 000,000,000 | ---D | C] -- C:\Windows\HaxFix
[2010/09/12 15:20:09 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/12 15:19:51 | 000,338,480 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\symtdiv.sys
[2010/09/12 15:19:51 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.sys
[2010/09/12 15:19:51 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.sys
[2010/09/12 15:19:51 | 000,169,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.sys
[2010/09/12 15:19:51 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.sys
[2010/09/12 15:19:50 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\ccHPx86.sys
[2010/09/12 15:19:50 | 000,114,736 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\Ironx86.sys
[2010/09/12 15:19:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/09/12 15:19:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1100000.088
[2010/09/12 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/09/12 15:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

========== Files - Modified Within 30 Days ==========

[2010/09/17 18:29:11 | 001,585,306 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1100000.088\Cat.DB
[2010/09/17 18:28:14 | 001,572,864 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/09/17 18:27:37 | 000,027,335 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\nvModes.001
[2010/09/17 18:25:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/17 17:48:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 17:48:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 17:48:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/17 17:48:31 | 3219,562,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 17:48:28 | 402,820,128 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/17 17:41:29 | 001,515,942 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/17 17:41:29 | 000,689,618 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/09/17 17:41:29 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/17 17:41:29 | 000,122,796 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/09/17 17:41:29 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/17 17:38:04 | 003,846,509 | R--- | M] () -- C:\Users\Steve\Combo-Fix.exe
[2010/09/17 17:14:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/17 17:14:38 | 001,074,893 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/09/17 16:44:12 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 14:14:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.com
[2010/09/12 15:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 15:20:08 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 15:20:08 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 15:19:59 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/09/11 08:12:25 | 000,000,680 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/09/17 17:38:01 | 003,846,509 | R--- | C] () -- C:\Users\Steve\Combo-Fix.exe
[2010/09/17 16:44:12 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 15:44:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/17 15:44:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/17 15:44:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/17 15:44:41 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/17 15:44:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/17 13:30:52 | 000,537,842 | ---- | C] () -- C:\HaxFix.exe
[2010/09/12 15:20:12 | 001,585,306 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\Cat.DB
[2010/09/12 15:20:09 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 15:20:09 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 15:19:59 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/09/12 15:19:46 | 000,003,375 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.inf
[2010/09/12 15:19:46 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.inf
[2010/09/12 15:19:46 | 000,001,756 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\ccHPx86.inf
[2010/09/12 15:19:46 | 000,001,475 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNetV.inf
[2010/09/12 15:19:46 | 000,001,447 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNet.inf
[2010/09/12 15:19:46 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.inf
[2010/09/12 15:19:46 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.inf
[2010/09/12 15:19:46 | 000,000,743 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\Iron.inf
[2010/09/12 15:19:42 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\symnetv.cat
[2010/09/12 15:19:42 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.cat
[2010/09/12 15:19:42 | 000,007,431 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.cat
[2010/09/12 15:19:42 | 000,007,429 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.cat
[2010/09/12 15:19:42 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.cat
[2010/09/12 15:19:42 | 000,007,424 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\iron.cat
[2010/09/12 15:19:42 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\cchpx86.cat
[2010/09/12 15:19:42 | 000,007,355 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNet.cat
[2010/09/12 15:19:42 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\isolate.ini
[2010/09/12 14:46:17 | 3219,562,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/17 20:40:34 | 000,000,535 | ---- | C] () -- C:\Program Files\game.cfg
[2010/06/12 14:16:11 | 087,012,465 | ---- | C] () -- C:\Program Files\Carrière.sav
[2010/02/25 22:25:04 | 000,324,009 | ---- | C] () -- C:\Program Files\hall_of_fame.bin
[2010/02/14 09:26:17 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2010/02/11 23:58:14 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/14 21:10:28 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/12/14 21:10:28 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/11/16 09:22:41 | 000,000,215 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/06/24 08:18:48 | 000,035,628 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/02/18 10:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\nfr.dll.gpref
[2008/09/28 14:55:36 | 000,027,335 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\nvModes.001
[2008/09/28 14:55:35 | 000,027,335 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\nvModes.dat
[2008/09/28 14:20:19 | 000,028,672 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/30 18:29:12 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/30 18:28:37 | 000,753,456 | ---- | C] () -- C:\Windows\System32\drivers\BisonCam.sys
[2008/04/30 18:28:37 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 18:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/11/03 11:11:30 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/30 18:41:21 | 016,781,312 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/04/30 18:41:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/04/30 18:41:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/04/30 18:41:34 | 017,043,456 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/04/30 18:41:35 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 09:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/04/30 18:14:19 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 09:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/03/31 10:39:36 | 000,036,608 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2006/11/02 09:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 09:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 09:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 09:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 09:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 09:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 09:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 09:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 09:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 09:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 09:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 09:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 09:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/15 23:08:32 | 002,032,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 00:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/30 18:41:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/12 17:53:51 | 000,141,937 | ---- | M] () -- C:\fb20100612.log
[2010/06/13 18:29:18 | 000,006,989 | ---- | M] () -- C:\fb20100613.log
[2010/06/15 21:21:50 | 000,072,813 | ---- | M] () -- C:\fb20100615.log
[2010/06/24 21:53:58 | 000,145,700 | ---- | M] () -- C:\fb20100624.log
[2010/06/29 20:54:34 | 000,082,644 | ---- | M] () -- C:\fb20100629.log
[2010/07/11 16:41:05 | 000,132,015 | ---- | M] () -- C:\fb20100711.log
[2010/09/02 10:23:57 | 000,161,404 | ---- | M] () -- C:\fb20100902.log
[2010/09/12 16:01:19 | 000,049,253 | ---- | M] () -- C:\fb20100912.log
[2010/09/17 16:48:54 | 000,011,433 | ---- | M] () -- C:\fb20100917.log
[2010/04/04 13:04:57 | 000,537,842 | ---- | M] () -- C:\HaxFix.exe
[2010/09/17 17:48:31 | 3219,562,496 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/30 10:23:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/30 10:23:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/17 17:48:29 | 3533,307,904 | -HS- | M] () -- C:\pagefile.sys
[2008/04/30 09:18:39 | 000,001,575 | ---- | M] () -- C:\Prodlog.txt

< %PROGRAMFILES%\*. >
[2008/10/08 09:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/30 18:30:03 | 000,000,000 | ---D | M] -- C:\Program Files\C&E
[2010/02/22 21:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\CM 01-02
[2010/09/17 17:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/30 18:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/02/22 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Data
[2009/12/14 21:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/02/22 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Editor
[2010/01/31 12:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/09/28 14:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\History
[2009/12/14 21:10:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/04/30 18:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/10/15 08:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/12/11 08:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/22 21:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/09/17 16:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/14 21:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2009/02/18 10:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microgaming
[2009/09/17 10:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/18 07:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/17 10:58:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/09/17 10:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2008/04/30 18:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/04/30 18:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/28 14:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/09/12 15:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2010/09/12 15:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/12/14 21:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/02/22 21:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Pictures
[2008/09/28 14:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\print
[2008/09/28 14:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\qstart
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/03 10:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2009/12/14 21:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2008/09/28 14:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\search
[2009/02/05 17:45:31 | 000,000,000 | ---D | M] -- C:\Program Files\Shop-n-Spree
[2008/09/28 14:50:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sounds
[2010/09/12 15:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/06/12 13:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\tactics
[2010/06/12 13:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\training
[2006/11/02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/09/12 15:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\webserver
[2008/09/28 16:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/09/17 11:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/17 10:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/11/12 22:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/30 10:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/02 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/04/30 18:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2010/09/17 18:27:37 | 000,027,335 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\nvModes.001
[2010/07/11 16:41:01 | 000,027,335 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\nvModes.dat

< MD5 for: AGP440.SYS >
[2007/11/03 11:44:02 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007/11/03 11:44:02 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007/11/03 11:44:02 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/11/03 12:14:34 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007/11/03 12:14:34 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/30 18:18:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/30 18:18:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/04/30 18:18:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008/04/30 18:18:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/04/30 18:18:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/07/12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\DRIVER\CHIPSET\ROBSON1\setup\Winall\Driver\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\DRIVER\SATA\INTEL1\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/04/25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\DRIVER\CHIPSET\ROBSON1\setup\Winall\Driver64\IaStor.sys
[2007/04/25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

the rest :



< MD5 for: IASTORV.SYS >
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\System32\drivers\nvrd32.sys
[2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/11/03 11:40:14 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2007/11/03 11:40:14 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/11/03 11:40:14 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/11/03 11:40:14 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2006/11/02 10:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< MD5 for: VIAMRAID.SYS >
[2006/11/08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006/11/08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-16 07:22:41

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [recinfo] File not found
  O4 - HKLM..\Run: [recinfo106] c:\RecInfo\RecInfo.exe ()
  O4 - HKCU..\Run: [aavkk] C:\Windows\System32\aa7vqkkffa7.exe File not found
  O4 - HKCU..\Run: [bbvqq7l] C:\Windows\System32\ql5g3bvvq.exe File not found
  O4 - HKCU..\Run: [bqqlbb] C:\Windows\System32\bbvqq7lvg.exe File not found
  O4 - HKCU..\Run: [fvvqq] C:\Windows\System32\vvqqlaavl.exe File not found
  O4 - HKCU..\Run: [idssnni] C:\Windows\System32\nxn9iidx9s.exe File not found
  O4 - HKCU..\Run: [iejdsmm] C:\Windows\System32\yhsgmmw.exe File not found
  O4 - HKCU..\Run: [jncontmon] C:\Windows\System32\ssjitsys32.exe File not found
  O4 - HKCU..\Run: [kaavkkf] C:\Windows\System32\avv6f5a2.exe File not found
  O4 - HKCU..\Run: [lbbwl] C:\Windows\System32\qllg7bw1wq.exe File not found
  O4 - HKCU..\Run: [mndpro32] C:\Windows\System32\primndd.exe File not found
  O4 - HKCU..\Run: [ncstatsc] C:\Windows\System32\lsnccq.exe File not found
  O4 - HKCU..\Run: [nddxnni] C:\Windows\System32\ddxn9iid.exe File not found
  O4 - HKCU..\Run: [nniid] C:\Windows\System32\xn9iidx9s0n.exe File not found
  O4 - HKCU..\Run: [pqezlr32] C:\Windows\System32\eyclcm.exe File not found
  O4 - HKCU..\Run: [prodcmmp] C:\Windows\System32\ikddmch.exe File not found
  O4 - HKCU..\Run: [qisdrmss] C:\Windows\System32\qodesnaq.exe File not found
  O4 - HKCU..\Run: [qlbbwl] C:\Windows\System32\q0lggb1wqq.exe File not found
  O4 - HKCU..\Run: [rlbbww] C:\Windows\System32\qll6wwq2.exe File not found
  O4 - HKCU..\Run: [udccndw2] C:\Windows\System32\psiomcp.exe File not found
  O4 - HKCU..\Run: [vvbvllg] C:\Windows\System32\6g7bvqq.exe File not found
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0wwr1lg.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\av5q1faqq1a.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddyo0i0dyy.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llgw0q0l.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlb9wwrl.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w1wqqlb9.exe ()
  O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\y0to0i0dyy.exe ()
  [2009/02/18 10:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\nfr.dll.gpref
  
  :commands
  [emptytemp]
  [resethosts]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

ok so did everything , rebooted and then got this


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recinfo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recinfo106 deleted successfully.
c:\RecInfo\RecInfo.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aavkk deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bbvqq7l deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bqqlbb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fvvqq deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\idssnni deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iejdsmm deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jncontmon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kaavkkf deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lbbwl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mndpro32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ncstatsc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nddxnni deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nniid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pqezlr32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\prodcmmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qisdrmss deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qlbbwl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rlbbww deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\udccndw2 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vvbvllg deleted successfully.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0wwr1lg.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\av5q1faqq1a.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddyo0i0dyy.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llgw0q0l.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlb9wwrl.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w1wqqlb9.exe not found.
File C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\y0to0i0dyy.exe not found.
C:\Windows\System32\drivers\nfr.dll.gpref moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Steve
->Temp folder emptied: 32078 bytes
->Temporary Internet Files folder emptied: 26690340 bytes
->Java cache emptied: 7595559 bytes
->Flash cache emptied: 98515 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.12.1 log created on 09172010_185830

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Okay try Combofix 1 more time please.

ok did it , but it shut down again ,
BUT I had something different now , after it said completed_part50

it said deleting files ( which I never had before ) but then again it shutted down , got the blue screen and got something else ( I think it was something with page _ in it but it shutted down quickly )

could this maybe have something to do with norton ?
the antivirus is turned of ( like mentioned in ur previous post ) but still it keeps saying before I do the combofix that it's still active ?

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

Try Combofix in Safe Mode now.

ok I did it , it didn't shut down , after part 50 , it said deleting combo-fix and deleting something else , now I have a black screen with "safe modus" in all four corners of the screen , is this normal ? cause it stays like that right now ?

Even after you reboot it goes back to Safe Mode?

well it said reboot but I'm quite sure it didn't , I got a black screen now with safe mode in all corners , should I do something ?

ir rebooted again now

am I supposed to get a log or anything ? cause I didn't get anything , it just rebooted like you start the computer ?

and it doesn't go back to normal mode?

Okay, go to Start > Run. In the box, type in msconfig and hit enter.

In the "boot.ini" tab, is the box next to "/SAFEBOOT" ticked? if so, untick it.

ok , it wasn't ticked , btw to go to start - run in windows vista , how do you do it exactly ?
just click on the circle (start ) and type the things in the box that says search ?
damn I feel like an imbecile now ! sorry!

Sorry, yes. In the search box, type in msconfig and then open it from there.

yeah I opened it from there and it's not ticked.
now the laptop is on the desktop and although I've shut down norton there's a box that says that norton is doing background tasks , could that be the problem ?

btw , I tried combofix again in safe modus now , when I get the blue screen of combofix , the first thing it says is :

can't find the message for message number 0x8 in messagefile for System ?

could this be of use ?

sorry if I don't translate things literally but I speak dutch and everything is in dutch as well on my laptop .

so combofix is ready , it said "preparing log file ? " and then I get the blackscreen again , it doesn't reboot , it's like he shut down windows explorer ?

I could open taskmanager and I reopened explorer with "run" in there.
so now I'm back in the desktop , so basically when I try to run combofix in safemodus he deletes combo-fix.exe and he shuts down explorer ?

Hmmm.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

so I double checked the the C drive for any logs created by combofix and I've found this one , dunno if it's usable ?

ComboFix 10-09-16.06 - Steve 17/09/2010 21:55:07.10.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.3070.2707 [GMT 2:00]
Gestart vanuit: C:\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Norton AntiVirus *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.


I'll try TDSSkiller now

TDSSKILLER log :

2010/09/17 22:13:12.0658 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/17 22:13:12.0658 ================================================================================
2010/09/17 22:13:12.0658 SystemInfo:
2010/09/17 22:13:12.0658
2010/09/17 22:13:12.0658 OS Version: 6.0.6000 ServicePack: 0.0
2010/09/17 22:13:12.0658 Product type: Workstation
2010/09/17 22:13:12.0658 ComputerName: PC_VAN_STEVE
2010/09/17 22:13:12.0658 UserName: Steve
2010/09/17 22:13:12.0658 Windows directory: C:\Windows
2010/09/17 22:13:12.0658 System windows directory: C:\Windows
2010/09/17 22:13:12.0658 Processor architecture: Intel x86
2010/09/17 22:13:12.0658 Number of processors: 2
2010/09/17 22:13:12.0658 Page size: 0x1000
2010/09/17 22:13:12.0658 Boot type: Normal boot
2010/09/17 22:13:12.0658 ================================================================================
2010/09/17 22:13:12.0876 Initialize success
2010/09/17 22:13:18.0945 ================================================================================
2010/09/17 22:13:18.0945 Scan started
2010/09/17 22:13:18.0945 Mode: Manual;
2010/09/17 22:13:18.0945 ================================================================================
2010/09/17 22:13:19.0615 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/09/17 22:13:19.0662 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/17 22:13:19.0693 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/17 22:13:19.0740 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/17 22:13:19.0756 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/17 22:13:19.0818 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/09/17 22:13:19.0849 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
2010/09/17 22:13:19.0896 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/17 22:13:19.0943 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
2010/09/17 22:13:19.0974 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
2010/09/17 22:13:19.0990 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
2010/09/17 22:13:20.0037 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/17 22:13:20.0052 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/09/17 22:13:20.0083 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/17 22:13:20.0115 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/17 22:13:20.0161 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/17 22:13:20.0177 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2010/09/17 22:13:20.0239 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2010/09/17 22:13:20.0317 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/09/17 22:13:20.0380 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/17 22:13:20.0411 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/17 22:13:20.0458 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/17 22:13:20.0489 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/17 22:13:20.0520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/17 22:13:20.0536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/17 22:13:20.0583 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/17 22:13:20.0614 BthEnum (34f5dacba252add884473bce3cd68c9b) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/17 22:13:20.0629 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/17 22:13:20.0676 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/17 22:13:20.0707 BTHPORT (57dfac97330e986f845b16b29314d21f) C:\Windows\system32\Drivers\BTHport.sys
2010/09/17 22:13:20.0754 BTHUSB (d5fed325d457afd6e6bc5e0253a86213) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/17 22:13:20.0848 Cam5603D (166eba385178229475b6aeb950e0a082) C:\Windows\system32\Drivers\BisonCam.sys
2010/09/17 22:13:20.0895 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/17 22:13:20.0926 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/17 22:13:20.0957 CEBFilter (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys
2010/09/17 22:13:20.0973 CEIO (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys
2010/09/17 22:13:21.0004 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/17 22:13:21.0035 cKBFilter (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys
2010/09/17 22:13:21.0051 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/09/17 22:13:21.0097 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/17 22:13:21.0144 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
2010/09/17 22:13:21.0160 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/17 22:13:21.0191 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/17 22:13:21.0238 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/17 22:13:21.0269 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/09/17 22:13:21.0378 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/09/17 22:13:21.0425 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/17 22:13:21.0472 DXGKrnl (2d13d9e98caf6321f219b28921af214c) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/17 22:13:21.0503 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/17 22:13:21.0550 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2010/09/17 22:13:21.0612 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/17 22:13:21.0659 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/09/17 22:13:21.0690 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/17 22:13:21.0737 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/09/17 22:13:21.0768 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/09/17 22:13:21.0784 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/17 22:13:21.0831 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/09/17 22:13:21.0877 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/09/17 22:13:21.0909 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2010/09/17 22:13:21.0971 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/17 22:13:22.0002 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/17 22:13:22.0049 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/17 22:13:22.0080 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/17 22:13:22.0111 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/17 22:13:22.0158 HidIr (f24393c44fdfe2e5e9f416fd3bdf98e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/17 22:13:22.0205 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/17 22:13:22.0236 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/17 22:13:22.0283 HTTP (4caac567e39c379737675f811aa535c0) C:\Windows\system32\drivers\HTTP.sys
2010/09/17 22:13:22.0330 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/17 22:13:22.0361 i8042prt (bea9838cd25d36beba3f94386a761d60) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/17 22:13:22.0408 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\DRIVERS\iaNvStor.sys
2010/09/17 22:13:22.0439 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
2010/09/17 22:13:22.0486 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/17 22:13:22.0517 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/17 22:13:22.0595 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/17 22:13:22.0642 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2010/09/17 22:13:22.0673 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/17 22:13:22.0704 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/17 22:13:22.0767 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/17 22:13:22.0798 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/17 22:13:22.0829 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/09/17 22:13:22.0876 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
2010/09/17 22:13:22.0907 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/17 22:13:22.0938 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/17 22:13:22.0985 itecir (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
2010/09/17 22:13:23.0001 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/17 22:13:23.0047 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
2010/09/17 22:13:23.0079 kbdclass (c9b0cf786d5f151a43c7be8e243f2819) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/17 22:13:23.0110 kbdhid (97ab2fb84e8e77d93cee85550f4cf7f9) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/17 22:13:23.0157 KSecDD (b6fac1ff7d4a05c06da9e53dbf5e9e7a) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/17 22:13:23.0219 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/17 22:13:23.0266 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/17 22:13:23.0297 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/17 22:13:23.0328 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/17 22:13:23.0375 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/09/17 22:13:23.0406 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/17 22:13:23.0453 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/09/17 22:13:23.0484 monitor (ee05f7a5e2cefb275b08f3e3fcc2a8eb) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/17 22:13:23.0515 mouclass (4a00b3cf90ad075193ca5aeece71154c) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/17 22:13:23.0547 mouhid (8d9b701d716843c39e93b3432cb721fc) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/17 22:13:23.0578 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/09/17 22:13:23.0625 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/17 22:13:23.0656 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/17 22:13:23.0703 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/17 22:13:23.0749 MRxDAV (08f0c494a69cf3106ee7ffc48d8e5ac7) C:\Windows\system32\drivers\mrxdav.sys
2010/09/17 22:13:23.0781 mrxsmb (dc5632cbc8a3d02ce1114debb64b7037) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/17 22:13:23.0812 mrxsmb10 (f813456c00b904dc3b6558cad7b13bba) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/17 22:13:23.0843 mrxsmb20 (5334e68e89628a117255b936b204977f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/17 22:13:23.0874 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2010/09/17 22:13:23.0921 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/17 22:13:23.0952 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/09/17 22:13:23.0983 msisadrv (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
2010/09/17 22:13:24.0046 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/17 22:13:24.0077 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/17 22:13:24.0124 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/09/17 22:13:24.0155 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/09/17 22:13:24.0186 mssmbios (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/17 22:13:24.0217 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/09/17 22:13:24.0249 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/09/17 22:13:24.0311 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/17 22:13:24.0342 NDIS (6e8dfface597629cef5df7d69217628f) C:\Windows\system32\drivers\ndis.sys
2010/09/17 22:13:24.0389 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/17 22:13:24.0420 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/17 22:13:24.0451 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/17 22:13:24.0498 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/09/17 22:13:24.0514 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/17 22:13:24.0561 netbt (231f6ccfdb7a604221f18fb0852c8560) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/17 22:13:24.0670 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/09/17 22:13:24.0717 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/17 22:13:24.0763 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/09/17 22:13:24.0810 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/17 22:13:24.0873 Ntfs (f08824715ca6076f5e73e005ab83b9c8) C:\Windows\system32\drivers\Ntfs.sys
2010/09/17 22:13:24.0904 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/17 22:13:24.0951 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/09/17 22:13:25.0185 nvlddmkm (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/17 22:13:25.0247 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/17 22:13:25.0294 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
2010/09/17 22:13:25.0325 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/17 22:13:25.0356 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
2010/09/17 22:13:25.0403 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
2010/09/17 22:13:25.0481 ohci1394 (8994cbfc215a9ef4495e6ae7992954fc) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/17 22:13:25.0543 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/17 22:13:25.0559 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/09/17 22:13:25.0606 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/17 22:13:25.0653 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/09/17 22:13:25.0684 pci (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
2010/09/17 22:13:25.0731 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
2010/09/17 22:13:25.0762 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/17 22:13:25.0840 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/17 22:13:25.0933 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/17 22:13:25.0965 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/17 22:13:26.0043 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/17 22:13:26.0089 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/17 22:13:26.0121 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/17 22:13:26.0167 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/17 22:13:26.0214 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/17 22:13:26.0245 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/17 22:13:26.0292 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/17 22:13:26.0339 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/17 22:13:26.0386 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/17 22:13:26.0417 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
2010/09/17 22:13:26.0448 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/17 22:13:26.0495 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2010/09/17 22:13:26.0526 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/17 22:13:26.0589 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/17 22:13:26.0620 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/17 22:13:26.0667 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/17 22:13:26.0713 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/17 22:13:26.0760 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/17 22:13:26.0791 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/17 22:13:26.0838 sermouse (2baf2abc0da0d50ebe8289c720977052) C:\Windows\system32\drivers\sermouse.sys
2010/09/17 22:13:26.0901 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
2010/09/17 22:13:26.0947 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/17 22:13:26.0979 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/17 22:13:27.0010 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/17 22:13:27.0057 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys
2010/09/17 22:13:27.0088 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2010/09/17 22:13:27.0119 SiRemFil (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
2010/09/17 22:13:27.0213 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
2010/09/17 22:13:27.0244 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/17 22:13:27.0275 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/17 22:13:27.0322 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2010/09/17 22:13:27.0400 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2010/09/17 22:13:27.0431 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/09/17 22:13:27.0509 srv (e86bf07b1d2ec33c52b3b31e5814001a) C:\Windows\system32\DRIVERS\srv.sys
2010/09/17 22:13:27.0571 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/17 22:13:27.0603 srvnet (8ae0f61f71e97ace067cdab67c98746b) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/17 22:13:27.0649 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys
2010/09/17 22:13:27.0696 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2010/09/17 22:13:27.0743 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2010/09/17 22:13:27.0774 swenum (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/17 22:13:27.0821 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/17 22:13:27.0852 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/17 22:13:27.0883 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/17 22:13:27.0961 Tcpip (2512b4d1353370d6688b1af1f5afa1cf) C:\Windows\system32\drivers\tcpip.sys
2010/09/17 22:13:28.0024 Tcpip6 (2512b4d1353370d6688b1af1f5afa1cf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/17 22:13:28.0086 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/17 22:13:28.0133 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/09/17 22:13:28.0164 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/17 22:13:28.0195 tdx (7973f7239486800cd79e4fdbab6a07df) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/17 22:13:28.0242 TermDD (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/17 22:13:28.0336 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/17 22:13:28.0367 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/17 22:13:28.0414 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/17 22:13:28.0461 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/17 22:13:28.0507 udfs (deea398a92952ccc421ba5b39662cabe) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/17 22:13:28.0570 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/17 22:13:28.0601 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/17 22:13:28.0632 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/17 22:13:28.0648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/17 22:13:28.0695 umbus (dc8828971d997de009647fce59e0ce8f) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/17 22:13:28.0741 usbccgp (3f795d59734259a00d385fbd65191bf4) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/17 22:13:28.0773 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/17 22:13:28.0819 usbehci (5555f6df13a1a1c327d67e9da7b99aee) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/17 22:13:28.0866 usbhub (8dabb8cb47e0736930cf6492aed361a6) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/17 22:13:28.0897 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/17 22:13:28.0929 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/17 22:13:28.0960 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/17 22:13:28.0991 usbuhci (718fdf0b0f16e1d3b992f95eadf1af75) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/17 22:13:29.0038 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/17 22:13:29.0069 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/09/17 22:13:29.0100 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
2010/09/17 22:13:29.0131 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/17 22:13:29.0178 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
2010/09/17 22:13:29.0209 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
2010/09/17 22:13:29.0241 volmgr (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
2010/09/17 22:13:29.0272 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/09/17 22:13:29.0319 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/09/17 22:13:29.0350 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/17 22:13:29.0397 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/17 22:13:29.0443 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/17 22:13:29.0459 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/17 22:13:29.0490 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/17 22:13:29.0537 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/17 22:13:29.0631 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/17 22:13:29.0677 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/17 22:13:29.0724 WUDFRd (ee0974d4042da9cf4c569ac4eca8c9c0) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/17 22:13:29.0771 ================================================================================
2010/09/17 22:13:29.0771 Scan finished
2010/09/17 22:13:29.0771 ================================================================================

Okay no TDL, good.
Now just to check for bootkit.

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  
• It will show a Black screen with some data on it.
  
• Right click on the screen and click Select All.
  
• Press CTRL C
  
• Open a Notepad and press CTRL V
  
• Post the output back here.
  

ok done , this is the result :

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition (build 6000), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`ee100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

Okay please do one more scan with MBAM and post the new log.

ok , done as well , this is it :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4639

Windows 6.0.6000
Internet Explorer 7.0.6000.16916

17/09/2010 22:49:08
mbam-log-2010-09-17 (22-49-08).txt

Scan type: Quick scan
Objects scanned: 129631
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Okay, last scan to do.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ok so scan in progress , he found 1 infected file so far (win32/OlmarikZC.trojan )

45% so far.

scan is done , that 1 infected file was all he found.

this is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=77f5191f0022614b8810cc8aa6ffa9b9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-09-17 09:33:23
# local_time=2010-09-17 11:33:23 (+0100, Romance (zomertijd))
# country="Belgium"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 26709983 122290103 0 0
# compatibility_mode=8192 67108863 100 0 109 109 0 0
# scanned=90367
# found=1
# cleaned=1
# scan_time=1828
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volsnap.sys.vir_ Win32/Olmarik.ZC trojan (cleaned - quarantined) AADE54C96E487B15EC810C1204397874 C

Okay, nearly done now.

Hello.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

and that volsnap.sys , I've seen this somewhere else as well , when I did a scan in the beginning , some program ( but I don't know which one anymore ) asked me to write this down cause we might need it , or something like that ..
don't know if it's of any use ?

Not really, probably just an infected TDL driver, but that's been fixed.

Please do my above instructions.

ok sorry !
this is the uninstall list :

7-Zip 9.16 beta
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 - Nederlands
Championship Manager 01-02
ESET Online Scanner v3
FirstSteps Diagnostics
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel Turbo Memory en Intel Matrix Storage Manager
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Junk Mail filter update
LimeWire 5.4.6
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
NVIDIA Drivers
OSDInstall
PC Connectivity Solution
PowerDV
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Unibet Poker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebCam
Winamp
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)

Hello.
Now we just need to remove some old outdated software and installed the new version, then were done.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 8.1.2 - Nederlands
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LimeWire 5.4.6

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.4

How is the machine running now?

yeah apparently my brother is using that , I never use it cause I had some problems with it in the past .

ok I'll do everything you told me and get back to you when I'm done .

the computer is running smoothly now !!!
so does this mean that the virus is gone and everything is fixed ??

ok so I guess it is ? please confirm ?

In 4 to 5 weeks I'll have money on my paypal and I'll buy your book , you've helped me a LOT !
thank you so much ! I'll be back to buy that book and I might subscribe to learn how to fight malware and viruses etc !

once again thanks !

Yep, it all is running well, this should be fine now.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

hmm for some reason I cant find what you mean with the system restore ?
could it be that it is different with vista ?
cause if I right click on computer in the start section I don't see any tabs ?

Sorry, yes it is. Ignore that bit, it's for XP.

oh ok , I'll wait for further instructions then :p

See here for Vista.

http://en.kioskea.net/faq/584-activation-deactivation-of-system-restore-under-windows-vista

That should be it.

ok sorry to bother you once more but when I try to update I get an error ?

it's error code 80072EFD , it says that there is an unknown error in windows update ?

well I'll go to bed now , hope to hear from you tomorrow mate
thanks a lot for the help already , now I just need to fix this minor problem

cheers and until then !

ok sorry to bother you once more but when I try to update I get an error ?

it's error code 80072EFD , it says that there is an unknown error in windows update ?

Have you added Windows Updates to the trusted sites list?

http://windows.microsoft.com/en-US/windows-vista/Windows-Update-error-80072efd

yeah but it's still like that , really weird , tried everything that the help pages are suggesting.

don't find what's wrong , but is it bad that the laptop doesn't have windows update ?