WiredWX Hobby Weather ToolsLog in

 


HD Diagnostic

2 posters

descriptionHD Diagnostic EmptyHD Diagnostic

more_horiz
By clicking on some google images picture (of a guitar I liked) I got the HDD Diagnostic virus, along with some red icon with a cross saying "Critical Error" and something about my ram being low. I tried removing it with anti-malware in safe mode, but it doesn't find anything. Please Help.

OLT.txt:

OTL logfile created on: 7-12-2010 0:38:46 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Huub\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 8,44 Gb Free Space | 10,80% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 7,25 Gb Free Space | 10,23% Space Free | Partition Type: NTFS

Computer Name: HUUB | User Name: Huub | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-07 00:38:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Huub\Bureaublad\OTL.com
PRC - [2010-07-15 22:10:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-04-29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-12-07 00:38:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Huub\Bureaublad\OTL.com
MOD - [2010-08-23 17:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-07-15 22:10:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009-01-21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009-01-07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008-06-19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm)
DRV - [2010-07-15 22:10:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-07-15 22:10:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-06-03 10:15:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009-03-27 09:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009-03-06 15:45:06 | 000,130,424 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008-10-16 23:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008-07-07 08:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-07-03 14:39:43 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-06-19 17:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007-04-10 12:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-01-18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005-01-31 11:20:03 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005-01-31 11:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-01-26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004-11-29 19:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004-11-25 17:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004-10-28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004-08-13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-04-01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001-07-12 12:23:38 | 000,237,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icm8D2.SYS -- (ICAM8USB) Intel(r)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-11-25 13:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-04 12:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-04 12:02:49 | 000,000,000 | ---D | M]

[2009-10-19 15:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Huub\Application Data\Mozilla\Extensions
[2009-07-21 19:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Huub\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-03-25 17:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Huub\Application Data\Mozilla\Firefox\Profiles\k0grkpey.default\extensions
[2009-10-02 17:49:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Huub\Application Data\Mozilla\Firefox\Profiles\k0grkpey.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-17 14:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-09 12:04:08 | 000,001,890 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2009-11-09 12:04:08 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2009-11-09 12:04:08 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2009-11-09 12:04:08 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2009-11-09 12:04:08 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2001-09-07 12:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe File not found
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe File not found
O4 - HKCU..\Run: [26274031] C:\Documents and Settings\Huub\Local Settings\Temp\26274031.exe (HDD Corporation)
O4 - HKCU..\Run: [IGwqNKmplw.exe] C:\Documents and Settings\Huub\Local Settings\Temp\IGwqNKmplw.exe (MEDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Huub\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194880443645 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Huub\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Huub\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-11-12 15:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7e1fcc1e-fbaa-11de-97ec-001d602b880e}\Shell - "" = AutoRun
O33 - MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\Shell - "" = AutoRun
O33 - MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\Shell\AutoRun\command - "" = H:\monkey.pif -- File not found
O33 - MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\Shell\AutoRun\command - "" = I:\monkey.pif -- File not found
O33 - MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\Shell - "" = AutoRun
O33 - MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\Shell\AutoRun\command - "" = G:\monkey.pif -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {220C5102-2566-337F-9E9B-C81C5C761BA2} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamische HTML met gegevensbinding voor Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {419C1D93-864B-8E68-8B83-FCC3AF015C6C} - Microsoft Windows Media Player
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Geavanceerd bewerken
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Beveiligingsupdate voor Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {87EB4379-E2D7-1773-A7CE-2BD36CAF3B8D} - Java (Sun)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taakplanner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010-12-07 00:38:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Huub\Bureaublad\OTL.com
[2010-12-07 00:07:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-12-01 14:42:30 | 000,000,000 | ---D | C] -- C:\Gilmore.Girls.S01
[2010-11-23 21:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010-11-20 17:40:07 | 000,000,000 | ---D | C] -- C:\Gilmore.Girls.Season.2
[2010-11-07 16:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-12-07 00:38:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Huub\Bureaublad\OTL.com
[2010-12-07 00:37:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-12-07 00:31:50 | 000,501,816 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-12-07 00:31:50 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-07 00:31:50 | 000,086,866 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-12-07 00:31:50 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-07 00:27:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-07 00:10:12 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\VPN Client.lnk
[2010-12-07 00:10:11 | 000,193,571 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-12-07 00:00:34 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\HDD Diagnostic.lnk
[2010-12-06 16:42:14 | 068,569,954 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-12-05 20:44:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-30 15:43:55 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\QUITCLAIM Jasper.doc
[2010-11-28 22:56:53 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Huub\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-25 23:05:42 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\Blackboard Academic Suite.url
[2010-11-24 17:29:51 | 001,959,877 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\Selling Hilversum perkament.pdf
[2010-11-24 17:20:13 | 002,963,328 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\HILVERSUM!!.docx
[2010-11-22 21:30:37 | 006,002,498 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\Robben_Ford_-_Blues_For_Guitar.zip
[2010-11-21 13:50:54 | 005,485,669 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\100OLYMP.rar
[2010-11-20 21:56:33 | 003,377,945 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\The Martin Harley Band - Darcy's Car.mp3
[2010-11-14 19:44:26 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\geheim document.doc
[2010-11-12 10:24:22 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Huub\Bureaublad\Songs Laurrhie.doc
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-12-07 00:00:34 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\HDD Diagnostic.lnk
[2010-11-30 15:43:54 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\QUITCLAIM Jasper.doc
[2010-11-24 17:29:50 | 001,959,877 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\Selling Hilversum perkament.pdf
[2010-11-23 20:39:16 | 002,963,328 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\HILVERSUM!!.docx
[2010-11-22 21:30:32 | 006,002,498 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\Robben_Ford_-_Blues_For_Guitar.zip
[2010-11-21 13:50:38 | 005,485,669 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\100OLYMP.rar
[2010-11-20 21:56:33 | 003,377,945 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\The Martin Harley Band - Darcy's Car.mp3
[2010-11-14 19:37:38 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\geheim document.doc
[2010-11-13 12:43:25 | 688,960,195 | ---- | C] () -- C:\Documents and Settings\Huub\Mijn documenten\D'angelo tribute.wmv
[2010-11-11 15:52:29 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Huub\Bureaublad\Songs Laurrhie.doc
[2010-06-04 12:00:59 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-06-04 11:22:44 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010-06-04 11:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009-04-05 20:42:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Huub\Application Data\AVSMediaPlayer.m3u
[2008-12-19 17:32:09 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008-12-19 17:20:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008-11-05 17:54:35 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-08-20 14:04:50 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2008-06-19 17:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008-06-19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007-12-04 16:52:25 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007-12-01 17:40:24 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Huub\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-11-30 12:20:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Huub\Application Data\AVSDVDPlayer.m3u
[2007-11-17 17:52:33 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007-11-15 14:00:17 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-11-12 16:25:29 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-11-12 15:56:51 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007-11-12 15:56:50 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-11-12 15:56:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-02-14 06:31:58 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-02-14 06:31:58 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-02-14 06:31:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-02-14 06:31:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-02-14 06:31:56 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-02-14 06:31:56 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004-08-04 00:03:14 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004-08-04 00:03:14 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004-08-04 00:03:14 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004-08-04 00:03:14 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004-08-04 00:03:14 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-06-14 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007-11-12 15:48:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003-06-18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007-11-12 15:56:05 | 000,000,131 | -HS- | M] () -- C:\Documents and Settings\Huub\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010-02-01 23:19:34 | 000,185,848 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010-02-01 23:19:34 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010-02-01 23:19:36 | 000,242,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008-07-03 14:39:43 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007-11-12 16:23:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-11-12 16:23:53 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-11-12 16:23:53 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001-09-07 12:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001-09-07 12:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001-09-07 12:00:00 | 000,004,864 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001-09-07 12:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004-08-03 21:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001-09-07 12:00:00 | 000,027,928 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001-09-07 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001-09-07 12:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001-09-07 12:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001-09-07 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004-08-03 21:45:32 | 000,033,920 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004-08-03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004-08-03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004-08-03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004-08-03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005-01-26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys
[2008-04-13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010-09-01 08:57:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008-04-14 18:02:21 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008-04-14 18:02:21 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008-04-14 18:02:21 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008-04-14 18:02:21 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008-04-14 18:02:21 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008-04-14 18:02:21 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008-04-14 18:02:21 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008-04-14 18:02:22 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008-04-14 18:02:22 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008-04-14 18:02:22 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008-04-14 18:02:22 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008-04-14 18:02:22 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008-04-14 18:02:23 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008-04-14 18:02:39 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008-04-14 18:02:44 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003-06-18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2007-11-12 15:48:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-11-12 15:44:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-09-07 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007-11-12 15:48:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-04 18:28:10 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2007-11-12 15:48:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-12-07 00:11:52 | 000,000,150 | ---- | M] () -- C:\mbam-error.txt
[2007-11-12 15:48:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-14 19:06:14 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010-12-07 00:27:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-10-19 11:17:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-10-19 11:17:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %PROGRAMFILES%\*. >
[2009-01-21 21:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008-10-19 20:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010-09-06 14:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2010-03-19 11:30:57 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009-06-10 20:14:34 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009-03-30 15:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2007-11-19 12:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\CleanUp!
[2010-08-01 21:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009-12-09 14:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2008-09-03 15:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010-11-30 11:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010-06-04 11:22:16 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007-11-12 15:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010-10-13 17:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008-10-19 20:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010-01-21 22:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010-06-04 13:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2008-12-19 17:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008-08-18 14:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010-12-07 00:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-10-14 19:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009-11-06 14:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007-11-12 15:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008-11-07 17:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010-10-01 08:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008-01-17 15:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009-10-21 08:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010-08-18 19:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010-12-03 12:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009-07-18 14:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010-11-23 21:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007-11-12 15:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008-10-14 19:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007-11-30 12:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010-05-13 10:10:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007-12-19 19:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Power Tab Software
[2008-08-15 16:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2008-10-19 20:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007-11-12 16:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009-07-18 14:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009-04-05 17:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2007-11-12 15:55:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010-09-29 11:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010-03-19 18:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009-11-06 14:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009-11-06 14:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009-06-10 19:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008-10-14 19:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007-11-12 15:47:29 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007-11-14 18:28:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007-11-12 15:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007-11-29 23:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Zetronome

< %appdata%\*.* >
[2010-11-01 21:11:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Huub\Application Data\AVSDVDPlayer.m3u
[2009-04-05 20:42:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Huub\Application Data\AVSMediaPlayer.m3u
[2007-11-12 16:25:08 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Huub\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004-08-04 00:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 00:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004-08-04 00:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004-08-03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008-04-13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008-04-13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 18:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 18:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 00:03:10 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004-08-04 00:03:18 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008-04-14 18:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 18:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 18:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 18:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 00:03:22 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004-08-04 00:14:26 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008-10-14 19:03:52 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004-08-03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008-04-13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008-04-13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008-04-13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 13:47:10

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Extras.txt:

OTL Extras logfile created on: 7-12-2010 0:38:46 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Huub\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 8,44 Gb Free Space | 10,80% Space Free | Partition Type: NTFS
Drive F: | 70,92 Gb Total Space | 7,25 Gb Free Space | 10,23% Space Free | Partition Type: NTFS

Computer Name: HUUB | User Name: Huub | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.14.10 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"F:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = F:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = F:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = F:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- File not found
"F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = F:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- File not found
"F:\Program Files\Spotify\spotify.exe" = F:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{220C5102-2566-337F-9E9B-C81C5C761BA2}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C788975-88ED-3C52-A188-6C944E9BD07D}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0413-0000-0000000FF1CE}" = Microsoft-invoegtoepassing Opslaan als PDF of XPS voor 2007 Microsoft Office-programma's
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools [GreekWarez.com]
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC29C33-E90F-4BCF-A1DA-6F7E9859B06E}" = teoria 2.0 EV
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A395750A-78D7-36D1-A59D-1A0B601D4BDC}" = Microsoft .NET Framework 3.5 Language Pack - nld
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CleanUp!" = CleanUp!
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EarMaster Pro 5_is1" = EarMaster Pro 5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Standard)
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - nld" = Taalpakket voor Microsoft .NET Framework 3.5 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"QcDrv" = Logitech® Camera-stuurprogramma
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"Spyware Doctor" = Spyware Doctor 6.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zetronome 1.01" = Zetronome

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3-10-2010 15:09:44 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: AVSDVDPlayer.exe, versie: 2.4.5.153, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-10-2010 12:55:14 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-10-2010 12:55:17 | Computer Name = HUUB | Source = Application Hang | ID = 1001
Description = Fout-bucket 1180947459.

Error - 22-10-2010 12:53:01 | Computer Name = HUUB | Source = ESENT | ID = 494
Description = wlcomm (2620) Tijdens het herstellen van de database treedt fout -1216
op, omdat er verwijzingen zijn gevonden naar een database, C:\Documents and Settings\Huub\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{55f1e8f3-3a09-458a-8926-bd8f00b0790e}\DBStore\contacts.edb,
die niet meer bestaat. De database is niet in een consistente staat gebracht voordat
deze is verwijderd (of verplaatst of hernoemd). De database-engine staat niet toe
dat de herstelbewerking voor deze sessie wordt voltooid, voordat de ontbrekende
database opnieuw is geïnstalleerd. Als de database echt niet meer beschikbaar is
en niet meer vereist is, neemt u contact op met PSS voor verdere instructies met
betrekking tot de stappen die vereist zijn om de herstelbewerking voort te zetten
zonder deze database.

Error - 22-10-2010 12:53:01 | Computer Name = HUUB | Source = ESENT | ID = 454
Description = wlcomm (2620) Het herstellen/terugzetten van de database is mislukt
vanwege de onverwachte fout -1216.

Error - 5-11-2010 16:10:38 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 5-11-2010 16:10:40 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-11-2010 10:52:29 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 6-11-2010 10:53:06 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 7-11-2010 13:40:52 | Computer Name = HUUB | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: mpc-hc.exe, versie: 1.3.1959.0, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

[ System Events ]
Error - 28-11-2010 15:22:41 | Computer Name = HUUB | Source = MRxSmb | ID = 8003
Description = De masterbrowser heeft een servermelding ontvangen van computer LEAPC
die
meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{8148E647-4ECD-437D-8FF.
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

Error - 29-11-2010 12:54:43 | Computer Name = HUUB | Source = MRxSmb | ID = 8003
Description = De masterbrowser heeft een servermelding ontvangen van computer LEAPC
die
meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{8148E647-4ECD-437D-8FF.
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

Error - 6-12-2010 19:07:42 | Computer Name = HUUB | Source = sfsync02 | ID = 262156
Description =

Error - 6-12-2010 19:08:01 | Computer Name = HUUB | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 6-12-2010 19:08:13 | Computer Name = HUUB | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 6-12-2010 19:27:50 | Computer Name = HUUB | Source = sfsync02 | ID = 262156
Description =

Error - 6-12-2010 19:27:59 | Computer Name = HUUB | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 6-12-2010 19:29:10 | Computer Name = HUUB | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: AvgLdx86 AvgMfx86
Fips
i8042prt
intelppm
SCDEmu

Error - 6-12-2010 19:37:47 | Computer Name = HUUB | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de wuauserv-service
met de argumenten '' om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten

Error - 6-12-2010 19:40:33 | Computer Name = HUUB | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service
met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten


< End of report >

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\Run: [26274031] C:\Documents and Settings\Huub\Local Settings\Temp\26274031.exe (HDD Corporation)
    O4 - HKCU..\Run: [IGwqNKmplw.exe] C:\Documents and Settings\Huub\Local Settings\Temp\IGwqNKmplw.exe (MEDIA Corporation)
    O33 - MountPoints2\{7e1fcc1e-fbaa-11de-97ec-001d602b880e}\Shell - "" = AutoRun
    O33 - MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\Shell - "" = AutoRun
    O33 - MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
    O33 - MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\Shell - "" = AutoRun
    O33 - MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\Shell\AutoRun\command - "" = H:\monkey.pif -- File not found
    O33 - MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\Shell - "" = AutoRun
    O33 - MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\Shell\AutoRun\command - "" = I:\monkey.pif -- File not found
    O33 - MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\Shell\AutoRun\command - "" = G:\monkey.pif -- File not found

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\26274031 deleted successfully.
C:\Documents and Settings\Huub\Local Settings\Temp\26274031.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IGwqNKmplw.exe deleted successfully.
C:\Documents and Settings\Huub\Local Settings\Temp\IGwqNKmplw.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1fcc1e-fbaa-11de-97ec-001d602b880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e1fcc1e-fbaa-11de-97ec-001d602b880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6b0dcee-f696-11dc-930e-001d602b880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6b0dcee-f696-11dc-930e-001d602b880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6b0dcee-f696-11dc-930e-001d602b880e}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f4f727-48fa-11dd-93e1-001d602b880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f4f727-48fa-11dd-93e1-001d602b880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f4f727-48fa-11dd-93e1-001d602b880e}\ not found.
File H:\monkey.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f4f729-48fa-11dd-93e1-001d602b880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f4f729-48fa-11dd-93e1-001d602b880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9f4f729-48fa-11dd-93e1-001d602b880e}\ not found.
File I:\monkey.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbcf9e70-f73c-11dc-9310-001d602b880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbcf9e70-f73c-11dc-9310-001d602b880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbcf9e70-f73c-11dc-9310-001d602b880e}\ not found.
File G:\monkey.pif not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes

User: Huub
->Temp folder emptied: 98014118 bytes
->Temporary Internet Files folder emptied: 1153610813 bytes
->Java cache emptied: 78901807 bytes
->FireFox cache emptied: 79659506 bytes
->Flash cache emptied: 1755019 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 932848 bytes
%systemroot%\System32 .tmp files removed: 3433245 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91230472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.438,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12072010_105450

Files\Folders moved on Reboot...
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\VGGX9U5S\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\VGGX9U5S\xmlProxy[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\SHEO1XZL\hd-diagnostic-t25197[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\QR4MHQJZ\xmlProxy[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\I90HGNW2\likebox[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\FHQSMMTM\resourcespreload[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\490UP9N4\LocalStorage[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\490UP9N4\Messenger[1].htm moved successfully.
C:\Documents and Settings\Huub\Local Settings\Temporary Internet Files\Content.IE5\0MAYGKZH\default[1].htm moved successfully.

Registry entries deleted on Reboot...

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Is it now gone?

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
It removed one trojan. HDD Diagnostic isn't active anymore, but theres still an icon in my start menu (in programs). Here is the log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Databaseversie: 5272

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8-12-2010 17:31:41
mbam-log-2010-12-08 (17-31-41).txt

Scantype: Snelle scan
Objecten gescand: 147402
Verstreken tijd: 6 minuut/minuten, 37 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Connection Wizard Setup Tool (Trojan.Downloader) -> Value: Internet Connection Wizard Setup Tool -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    HD Diagnostic CF_download_FF

    HD Diagnostic CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    HD Diagnostic Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    HD Diagnostic Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Thanks for the quick response. I disabled the resident shield of avg-9, but combofix told me to uninstall it before I could rund combofix. When I tried to uninstall avg-9, it said it wasn't possible because of some kind of problem. When I checked the details it said it was because it couldn't create some kind of registry key (access denied).

So now I can't run combofix because I can't install avg-9. What to do?

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Hello.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: avgremover.exe

Is AVG gone now?

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Great it's gone now. Here is the combo fix log:

ComboFix 10-12-09.04 - Huub 10-12-2010 18:12:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1615 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Huub\Bureaublad\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Huub\Menu Start\Programma's\HDD Diagnostic
c:\documents and settings\Huub\Menu Start\Programma's\HDD Diagnostic\HDD Diagnostic.lnk
c:\documents and settings\Huub\Menu Start\Programma's\HDD Diagnostic\Uninstall HDD Diagnostic.lnk
c:\windows\run.log
c:\windows\ST6UNST.000
c:\windows\system32\UNWISE.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((( Bestanden Gemaakt van 2010-11-10 to 2010-12-10 ))))))))))))))))))))))))))))))
.

2010-12-06 23:07 . 2010-12-06 23:08 -------- d-----w- c:\documents and settings\Administrator
2010-12-01 13:42 . 2010-12-01 13:53 -------- d-----w- C:\Gilmore.Girls.S01
2010-11-23 20:35 . 2010-11-23 20:35 -------- d-----w- c:\program files\MSECache
2010-11-20 16:40 . 2010-11-20 16:52 -------- d-----w- C:\Gilmore.Girls.Season.2

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2010-01-21 13:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-01-21 13:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 10:23 . 2004-08-03 23:03 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 23:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-09-07 11:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-09-07 11:00 953856 ------w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Huub\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-1 113664]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-1 113664]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-3-30 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5-4-2009 17:03 130424]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-11-2007 14:00 717296]
S3 ICAM8USB;Intel(r) PC Camera CS120;c:\windows\system32\drivers\Icm8D2.SYS [17-11-2007 22:58 237504]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5-4-2009 17:03 348752]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8148E647-4ECD-437D-8FF7-061EA9E77400} = 62.58.50.5,62.58.50.6
FF - ProfilePath - c:\documents and settings\Huub\Application Data\Mozilla\Firefox\Profiles\k0grkpey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Huub\Application Data\Mozilla\Firefox\Profiles\k0grkpey.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
Notify-avgrsstarter - avgrsstx.dll
Notify-WgaLogon - (no file)
AddRemove-Robin Hood: The Legend Of Sherwood - f:\program files\Robin Hood The Legend Of Sherwood
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1637723038-2147230659-1003\Software\SecuROM\License information*]
"datasecu"=hex:67,6d,2b,3d,f2,7a,c0,7b,6f,f3,62,e0,3d,82,ce,19,f4,ff,7c,21,06,
7d,14,28,58,5a,68,c9,c7,20,3e,f9,70,72,dd,f1,b1,63,95,f2,bf,7a,af,57,70,d6,\
"rkeysecu"=hex:96,eb,dd,e7,1b,bb,98,76,6a,15,ee,8b,29,1f,3b,9e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2010-12-10 18:22:48 - machine werd herstart
ComboFix-quarantined-files.txt 2010-12-10 17:22

Pre-Run: 9.948.393.472 bytes beschikbaar
Post-Run: 10.488.422.400 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 02A27ED5012A63BE7186D6CEC92D2560

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
was on vacation for a while but now back. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b49ab176e12a1f42983fd26a1e0bb59d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-25 04:36:17
# local_time=2010-12-25 05:36:17 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777214 0 2 24301184 24301184 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=84116
# found=2
# cleaned=2
# scan_time=2716
F:\_OTL\MovedFiles\12072010_105450\C_Documents and Settings\Huub\Local Settings\Temp\26274031.exe a variant of Win32/Kryptik.IXE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\_OTL\MovedFiles\12072010_105450\C_Documents and Settings\Huub\Local Settings\Temp\IGwqNKmplw.exe a variant of Win32/Kryptik.IRN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
Hello.

Download Security Check by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
I get this :

The document name you requested (/SecurityCheck.zip) could not be found on this server. However, we found documents with names similar to the one you requested.
Available documents:

/SecurityCheck.exe (common basename)

Should I download the .exe file?

descriptionHD Diagnostic EmptyRe: HD Diagnostic

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum