Solved Malware

Status
Not open for further replies.
H

hansvanderveeke

Posts: 16   +0
Hi.

I had a problem with my pc. Hidden iexplore and random sounds playing. A google search brought me here and I read about the solution to use CombiFix.
I downloaded this and ran it.
Now my pc seems to be free of the infection. No more hidden iexplore and random sounds. But...

as I read along I wonder if I have to do anything else now. Do I have ti uninstall combofix or anything else? Other threads I read people were instructed to do other steps.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
 
busy

Hi.

I am busy with the step. Step 4 takes ages. After 2 hours or so it was finished. I tried to save the log but it got the compuer hanging. I had to reset it. Even ctrl-alt-del did not work.
I started a second scan but it freezed the compuer also. I will try again tomorrow evening. Too late now.
 
Ok, I finished the steps. GMER still gave a problem but I managed to copy/paste the info to a text file. Somehow, after GMER, I was unable to close files and eventually the whole system had a hangup and I had to reboot.

Here are the files:

MALWARE
========================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4509

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30-8-2010 18:38:40
mbam-log-2010-08-30 (18-38-40).txt

Scantype: Snelle scan
Objecten gescand: 133367
Verstreken tijd: 5 minuut/minuten, 23 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
==================================================

GMER
=======================================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 21:22:35
Windows 5.1.2600 Service Pack 3
Running: e91cly7e.exe; Driver: C:\DOCUME~1\Hans\LOCALS~1\Temp\fxtiqpoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DA9086]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9DA9020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9DA9034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DA909A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DA90C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9DA9134]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9DA911E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9DA914A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9DA9176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DA9072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DA8FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DA8FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9DA91B2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9DA9108]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9DA90F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DA90B0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9DA919E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9DA918A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9DA905E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9DA904A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DA90DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DA900C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9DA9160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP B9DA8FE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP B9DA8FFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP B9DA904E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B9DA9038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B9DA9024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP B9DA9062 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B9DA9010 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP B9DA90F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP B9DA90E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP B9DA9164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP B9DA910C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B9DA90B4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP B9DA908A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B9DA909E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 3 Bytes JMP B9DA90CA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey + 4 80623E38 3 Bytes [39, 90, 90]
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP B9DA9138 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP B9DA9122 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP B9DA9076 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP B9DA91B6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP B9DA918E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 806255F8 7 Bytes JMP B9DA914E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP B9DA91A2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP B9DA917A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA74C4600, 0x25B0C, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[192] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----

rest in next part
 
part 2

===========================
DDS
===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Hans at 21:28:47,35 on di 31-08-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3316.2691 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\Hans\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/ig?hl=nl&source=iglk
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\hans\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\docume~1\hans\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: motive.com\ponltbc.onl
Trusted Zone: offlineregistration
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-18 340592]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-3-28 67904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-19 54960]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-18 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-18 42424]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-3-28 64432]

=============== Created Last 30 ================

2010-08-30 16:32:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 16:32:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 16:32:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 18:19:54 0 d-sha-r- C:\cmdcons
2010-08-29 18:17:24 98816 ----a-w- c:\windows\sed.exe
2010-08-29 18:17:24 77312 ----a-w- c:\windows\MBR.exe
2010-08-29 18:17:24 256512 ----a-w- c:\windows\PEV.exe
2010-08-29 18:17:24 161792 ----a-w- c:\windows\SWREG.exe
2010-08-29 17:37:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 17:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-29 17:12:00 0 d-----w- c:\docume~1\hans\applic~1\Malwarebytes
2010-08-29 17:11:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-08-12 11:28:29 504866 ----a-w- c:\windows\system32\perfh013.dat
2010-08-12 11:28:28 88512 ----a-w- c:\windows\system32\perfc013.dat
2010-07-11 19:22:22 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:59 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:48 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:43:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2004-01-31 18:54:10 331776 ----a-w- c:\windows\inf\pdfinst2.exe
2008-09-24 17:13:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 21:29:27,95 ===============

rest in part 3
 
part 3

attach



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18-4-2008 14:01:27
System Uptime: 31-8-2010 21:25:58 (0 hours ago)

Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | J3E1 | 2333/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 61,013 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 173,783 GiB free.
S: is FIXED (NTFS) - 173 GiB total, 90,525 GiB free.
Z: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP508: 1-6-2010 20:50:25 - Controlepunt van systeem
RP509: 4-6-2010 15:45:26 - Controlepunt van systeem
RP510: 6-6-2010 13:39:49 - Installed calibre
RP511: 6-6-2010 13:40:17 - Removed calibre
RP512: 6-6-2010 21:04:58 - Verwijderd: Microsoft Office Professional Editie 2003
RP513: 6-6-2010 21:09:28 - Installed Microsoft Office Enterprise 2007
RP514: 6-6-2010 21:15:49 - Printerstuurprogramma Send To Microsoft OneNot is geïnstalleerd
RP515: 6-6-2010 22:22:28 - Software Distribution Service 3.0
RP516: 7-6-2010 21:49:28 - Software Distribution Service 3.0
RP517: 10-6-2010 18:23:01 - Controlepunt van systeem
RP518: 11-6-2010 20:27:51 - Controlepunt van systeem
RP519: 13-6-2010 17:34:42 - Software Distribution Service 3.0
RP520: 19-6-2010 13:35:12 - Controlepunt van systeem
RP521: 20-6-2010 16:15:03 - Controlepunt van systeem
RP522: 21-6-2010 22:08:07 - Controlepunt van systeem
RP523: 23-6-2010 21:13:16 - Controlepunt van systeem
RP524: 23-6-2010 22:10:24 - Software Distribution Service 3.0
RP525: 25-6-2010 15:00:10 - Controlepunt van systeem
RP526: 26-6-2010 16:10:36 - Controlepunt van systeem
RP527: 27-6-2010 16:31:25 - Controlepunt van systeem
RP528: 29-6-2010 19:39:36 - Controlepunt van systeem
RP529: 1-7-2010 17:42:18 - Controlepunt van systeem
RP530: 3-7-2010 11:46:38 - Controlepunt van systeem
RP531: 4-7-2010 12:49:31 - Controlepunt van systeem
RP532: 6-7-2010 10:06:33 - Controlepunt van systeem
RP533: 7-7-2010 22:32:34 - Controlepunt van systeem
RP534: 9-7-2010 14:03:54 - Controlepunt van systeem
RP535: 11-7-2010 11:27:40 - Controlepunt van systeem
RP536: 12-7-2010 14:01:22 - Controlepunt van systeem
RP537: 13-7-2010 18:08:19 - Controlepunt van systeem
RP538: 13-7-2010 19:13:51 - Herstelbewerking
RP539: 13-7-2010 19:20:04 - Herstelbewerking
RP540: 14-7-2010 20:06:43 - Controlepunt van systeem
RP541: 14-7-2010 21:02:17 - Software Distribution Service 3.0
RP542: 23-7-2010 22:19:20 - Controlepunt van systeem
RP543: 26-7-2010 15:23:12 - Controlepunt van systeem
RP544: 27-7-2010 18:49:15 - Controlepunt van systeem
RP545: 30-7-2010 12:42:00 - Controlepunt van systeem
RP546: 31-7-2010 13:09:16 - Controlepunt van systeem
RP547: 5-8-2010 17:18:18 - Controlepunt van systeem
RP548: 5-8-2010 18:50:17 - Software Distribution Service 3.0
RP549: 7-8-2010 12:55:02 - Controlepunt van systeem
RP550: 10-8-2010 13:47:17 - Controlepunt van systeem
RP551: 12-8-2010 13:22:48 - Software Distribution Service 3.0
RP552: 13-8-2010 14:15:11 - Controlepunt van systeem
RP553: 14-8-2010 18:53:58 - Controlepunt van systeem
RP554: 17-8-2010 19:24:14 - Controlepunt van systeem
RP555: 18-8-2010 20:09:47 - Controlepunt van systeem
RP556: 20-8-2010 19:23:50 - Controlepunt van systeem
RP557: 22-8-2010 17:57:31 - Controlepunt van systeem
RP558: 24-8-2010 14:30:45 - Controlepunt van systeem
RP559: 26-8-2010 18:27:44 - Controlepunt van systeem
RP560: 28-8-2010 11:38:57 - Controlepunt van systeem
RP561: 29-8-2010 16:17:02 - Controlepunt van systeem

==== Installed Programs ======================


Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Digital Editions
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.2.4 - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Album Art Downloader XUI 0.21
Apple Software Update
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB936782)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Blokker V1.5.1.3
calibre
Cobian Backup 9
Connect
CutePDF Writer 2.7
DVD Shrink 3.2
EPSON Printer Software
ESET Online Scanner v3
Essentiële update voor Windows Media Player 11 (KB959772)
Exact Audio Copy 0.99pb3
FotoTime FotoAlbum Pro
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin TOPO Nederland
Garmin USB Drivers
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GrabIt 1.7.2 Beta 3 (build 996)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 15
KODAK EASYSHARE Gallery Upload ActiveX Control
kuler
Malwarebytes' Anti-Malware
MapSource
MapSource - City Select Europe v7 Update
MapSource - European City Select v6
Matrix Code Emulator 1.50
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Software Update for Web Folders (Dutch) 12
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mp3tag v2.41
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
OGA Notifier 2.0.0048.0
Onroute Fietskaart Nederland 1.62
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PoiEdit
Polar Precision Performance SW
ProtectDisc Driver, Version 11
PTAssembler
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SSC Service Utility v4.30
Suite Shared Configuration CS4
Taalpakket voor Microsoft .NET Framework 3.5 - NL
TeamViewer 3
TweakNow RegCleaner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update voor Windows Internet Explorer 8 (KB972636)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VMware Workstation
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live aanmeldhulp
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinGDB3 3.42
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================


Please let me know on how to proceed.

And of courrse : THANKS!

Hans
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
More logs

mbr log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0204000c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEA000 fltmgr.sys
0xB9ED8000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC1000 KSecDD.sys
0xB9EAE000 WudfPf.sys
0xB9E21000 Ntfs.sys
0xB9DF4000 NDIS.sys
0xB9DDA000 Mup.sys
0xB9D88000 mfehidk.sys
0xB8E73000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8E5F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8E45000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8E21000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8DDB000 \SystemRoot\system32\drivers\emu10k1m.sys
0xB8DB7000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xB8D94000 \SystemRoot\system32\drivers\ks.sys
0xBA168000 \SystemRoot\system32\drivers\sfmanm.sys
0xBA5D4000 \SystemRoot\system32\drivers\ctlfacem.sys
0xBA6EE000 \SystemRoot\system32\DRIVERS\ctljystk.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA450000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA460000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA188000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9499000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA6FA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9489000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D4F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9479000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9469000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA468000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D6C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9459000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA478000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8D3C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9449000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5D6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8CDE000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D33000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xB9D2F000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xB9429000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9409000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7B8000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA558000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA74BB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7462000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA1D8000 \SystemRoot\system32\drivers\mfetdik.sys
0xA743C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA7414000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA570000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA73F2000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA73C7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7357000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA2B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7317000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA664000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7347000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7AB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA3D0000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0xA7203000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6ECA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA704F000 \SystemRoot\system32\drivers\sysaudio.sys
0xA696F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6B24000 \??\C:\WINDOWS\system32\drivers\hcmon.sys
0xA6B94000 \??\C:\WINDOWS\system32\Drivers\vmci.sys
0xA6877000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0xA6834000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xBA368000 \SystemRoot\System32\drivers\aspi32.sys
0xA678D000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA390000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0xA6685000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0xA63BD000 \SystemRoot\system32\drivers\mfebopk.sys
0xA627C000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA6267000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA60E6000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5FA3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
732 C:\WINDOWS\system32\smss.exe
800 csrss.exe
824 C:\WINDOWS\system32\winlogon.exe
868 C:\WINDOWS\system32\services.exe
880 C:\WINDOWS\system32\lsass.exe
1060 C:\WINDOWS\system32\svchost.exe
1108 svchost.exe
1756 C:\WINDOWS\system32\svchost.exe
1796 C:\WINDOWS\system32\svchost.exe
1876 svchost.exe
244 svchost.exe
504 C:\WINDOWS\system32\spoolsv.exe
1028 C:\WINDOWS\explorer.exe
1716 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
1732 C:\WINDOWS\system32\igfxtray.exe
1740 C:\WINDOWS\system32\hkcmd.exe
1748 C:\WINDOWS\system32\igfxpers.exe
1848 C:\WINDOWS\system32\igfxsrvc.exe
1928 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
2024 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2036 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
136 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
256 C:\Program Files\Cobian Backup 9\Cobian.exe
628 C:\WINDOWS\system32\ctfmon.exe
1384 C:\Program Files\Cobian Backup 9\cbInterface.exe
1484 C:\WINDOWS\system32\devldr32.exe
2004 svchost.exe
1356 C:\Program Files\Java\jre6\bin\jqs.exe
724 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
1496 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
2240 C:\Program Files\Common Files\Motive\McciCMService.exe
2264 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
2288 naPrdMgr.exe
2304 C:\WINDOWS\system32\mfevtps.exe
2716 C:\WINDOWS\system32\vmnat.exe
2908 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
3032 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
3064 mfeann.exe
3368 C:\WINDOWS\system32\vmnetdhcp.exe
3424 C:\Program Files\McAfee\Common Framework\McTray.exe
3168 alg.exe
2712 C:\Program Files\Outlook Express\msimn.exe
3972 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2944 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3672 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3564 C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1264 C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000049`3db14600 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
And another one: Combofix log

ComboFix 10-08-31.02 - Hans 01-09-2010 17:19:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3316.2644 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))))
.

2010-08-30 16:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 16:32 . 2010-08-30 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 16:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 17:37 . 2010-08-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 17:37 . 2010-08-29 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 17:12 . 2010-08-29 17:12 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes
2010-08-29 17:11 . 2010-08-29 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 11:10 . 2010-08-13 11:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 19:26 . 2008-10-24 10:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-08-31 19:26 . 2008-10-24 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-08-31 18:23 . 2008-10-24 10:45 -------- d-----w- c:\documents and settings\Hans\Application Data\VMware
2010-08-29 19:27 . 2010-07-09 10:44 -------- d-----w- c:\documents and settings\Hans\Application Data\QuickScan
2010-08-29 13:51 . 2008-04-19 18:38 -------- d-----w- c:\documents and settings\Hans\Application Data\PTAssembler
2010-08-12 11:29 . 2008-04-18 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 11:28 . 2001-09-07 12:00 504866 ----a-w- c:\windows\system32\perfh013.dat
2010-08-12 11:28 . 2001-09-07 12:00 88512 ----a-w- c:\windows\system32\perfc013.dat
2010-07-11 19:22 . 2010-07-11 19:22 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-11 19:22 . 2010-07-11 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-11 18:10 . 2010-07-06 16:41 354784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-11 12:18 . 2010-07-11 12:18 -------- d-----w- c:\program files\ESET
2010-07-09 11:23 . 2010-07-09 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-18 11:58 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 17:09 . 2008-04-20 13:07 73680 ----a-w- c:\documents and settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_18.33.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 19:26 . 2010-08-31 19:26 16384 c:\windows\Temp\Perflib_Perfdata_bd8.dat
+ 2010-08-31 19:26 . 2010-08-31 19:26 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-12 133104]
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2008-07-03 579584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-18 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30-7-2008 7:51 277736]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [29-9-2008 9:07 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [28-3-2009 12:24 67904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19-9-2008 0:12 54960]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28-3-2009 12:24 64432]
.
Inhoud van de 'Gedeelde Taken' map

2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:22]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:22]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003Core.job
- c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:48]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003UA.job
- c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:48]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/ig?hl=nl&source=iglk
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: motive.com\ponltbc.onl
Trusted Zone: offlineregistration
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,33,bb,58,8e,aa,e9,46,b7,cb,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,33,bb,58,8e,aa,e9,46,b7,cb,ad,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(180)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-09-01 17:24:24
ComboFix-quarantined-files.txt 2010-09-01 15:24
ComboFix2.txt 2010-08-29 18:35

Pre-Run: 65.515.294.720 bytes beschikbaar
Post-Run: 65.500.479.488 bytes beschikbaar

- - End Of File - - 1F9B1F2C4B1003E2836804E3D625B140

Thanks again!

Hans
 
All looks good, so far :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Otl.log part 1

Ok, done. I am not sure what exactly I am doing but your guidence is great!


OTL logfile created on: 2-9-2010 19:43:43 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Hans\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 60,93 Gb Free Space | 62,40% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 173,78 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 172,79 Gb Total Space | 90,53 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

Computer Name: DE-STILLE
Current User Name: Hans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
PRC - [2008-09-29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008-09-29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008-09-29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008-09-29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008-09-29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008-09-29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008-09-19 00:12:00 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008-09-19 00:11:36 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008-09-19 00:11:04 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008-07-03 13:21:42 | 002,747,392 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2008-07-03 13:21:38 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
PRC - [2008-04-21 20:05:18 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008-03-14 05:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008-03-14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008-03-14 05:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2001-09-06 21:27:14 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009-01-02 11:49:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-09-29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008-09-29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008-09-29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008-09-29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008-09-19 00:12:00 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008-09-19 00:11:36 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008-09-19 00:11:04 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008-08-25 22:56:44 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008-03-14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007-10-25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Hans\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008-12-29 21:45:01 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008-11-17 09:41:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008-11-17 09:41:53 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008-09-29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008-09-29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008-09-29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008-09-29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008-09-29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008-09-29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008-09-19 00:12:22 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008-09-19 00:12:22 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008-09-19 00:12:22 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008-09-19 00:12:20 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008-09-19 00:12:18 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008-09-18 17:49:42 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008-09-18 17:49:42 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008-09-18 17:49:42 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008-08-25 22:55:46 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008-07-30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008-04-18 17:43:51 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008-04-13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-01-15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2002-07-17 03:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager-stuurprogramma (WDM)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager-stuurprogramma (WDM)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-08-29 20:33:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Hans\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([ponltbc.onl] http in Trusted sites)
O15 - HKCU\..Trusted Domains: offlineregistration ([]https in Trusted sites)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.de/int/EasyUpload/ImgUploader.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-18 14:00:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
hmmm...

I am trying to postthe logs but somehow now the administrator has to approve them before they are visible.

The OTL.txt about 7000 chars long. I have to post it in separate messages. Is there a way in which I can attach the files?
 
part 2

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010-09-02 19:42:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
[2010-08-30 18:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-08-30 18:32:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-08-30 18:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-08-30 18:27:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\TFC.exe
[2010-08-29 20:19:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-08-29 20:17:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-08-29 20:17:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-08-29 20:17:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-08-29 20:17:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-08-29 20:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-29 20:16:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-29 19:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-08-29 19:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-08-29 19:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\Malwarebytes
[2010-08-29 19:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-08-16 21:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\Kopie van hans
[2010-08-15 14:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\saskia
[2010-08-14 19:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Bureaublad\hans
[2010-08-13 13:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010-08-12 13:27:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-07-11 21:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-07-11 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-09 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-07-09 12:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hans\Application Data\QuickScan
[2010-07-08 20:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010-07-08 20:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010-07-08 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010-06-06 21:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-06-06 21:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010-06-06 21:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008-04-20 12:56:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Hans\Application Data\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010-09-02 19:42:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\OTL.exe
[2010-09-02 19:37:00 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-02 18:48:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003UA.job
[2010-09-02 18:48:00 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-507921405-839522115-1003Core.job
[2010-09-01 17:25:08 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\Hans\NTUSER.DAT
[2010-09-01 17:24:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-01 17:22:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-09-01 17:14:16 | 003,830,025 | R--- | M] () -- C:\Documents and Settings\Hans\Bureaublad\ComboFix.exe
[2010-09-01 17:13:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe
[2010-08-31 21:28:21 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\dds.scr
[2010-08-31 21:27:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-31 21:26:18 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-31 21:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-30 18:55:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\e91cly7e.exe
[2010-08-30 18:32:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-08-30 18:28:20 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Hans\ntuser.ini
[2010-08-30 18:27:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hans\Bureaublad\TFC.exe
[2010-08-29 20:33:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010-08-25 22:02:11 | 000,280,858 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Princess_Of_Thieves-[cdcovers_cc]-front.jpg
[2010-08-25 21:58:54 | 002,664,078 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Lovely_Bones_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:57:35 | 001,802,439 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Night_At_The_Museum_2_Dutch_Thinpack_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:56:10 | 001,745,071 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Shrek_3_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:55:12 | 000,988,209 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Shutter_Island_Dutch_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:54:16 | 003,088,891 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Paranormal_Activity_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:50:58 | 000,489,492 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Boat_That_Rocked_R2_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:50:25 | 002,978,377 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\Alice_In_Wonderland_2010_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:44:58 | 000,898,800 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Road_Dutch_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:43:07 | 001,028,258 | ---- | M] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Book_Of_Eli_Dutch_R2_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 20:59:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-08-24 14:48:26 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Hans\Bureaublad\Google Chrome.lnk
[2010-08-24 14:48:26 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-08-12 14:06:26 | 002,156,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-12 13:29:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-08-12 13:28:29 | 000,504,866 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-08-12 13:28:28 | 001,069,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-12 13:28:28 | 000,438,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-12 13:28:28 | 000,088,512 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-08-12 13:28:28 | 000,069,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010-07-11 21:22:22 | 000,011,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-07-01 17:25:38 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-07 19:09:03 | 000,073,680 | ---- | M] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-06-06 22:23:50 | 000,000,800 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-06-06 21:30:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010-06-06 13:40:08 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\calibre - E-book management.lnk
 
part 3

========== Files Created - No Company Name ==========

[2010-09-01 17:14:13 | 003,830,025 | R--- | C] () -- C:\Documents and Settings\Hans\Bureaublad\ComboFix.exe
[2010-09-01 17:13:14 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\MBRCheck.exe
[2010-08-31 21:28:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\dds.scr
[2010-08-30 18:55:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hans\Bureaublad\e91cly7e.exe
[2010-08-30 18:32:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-08-29 20:43:46 | 000,011,160 | ---- | C] () -- C:\Documents and Settings\Hans\log van scan.txt
[2010-08-29 20:19:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-08-29 20:19:54 | 000,261,936 | ---- | C] () -- C:\cmldr
[2010-08-29 20:17:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-08-29 20:17:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-29 20:17:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-29 20:17:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-08-29 20:17:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-25 22:02:11 | 000,280,858 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Princess_Of_Thieves-[cdcovers_cc]-front.jpg
[2010-08-25 21:58:54 | 002,664,078 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Lovely_Bones_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:57:35 | 001,802,439 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Night_At_The_Museum_2_Dutch_Thinpack_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:56:10 | 001,745,071 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Shrek_3_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:55:12 | 000,988,209 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Shutter_Island_Dutch_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:54:16 | 003,088,891 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Paranormal_Activity_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:50:58 | 000,489,492 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Boat_That_Rocked_R2_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:50:25 | 002,978,377 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\Alice_In_Wonderland_2010_Dutch_R2-[cdcovers_cc]-front.jpg
[2010-08-25 21:44:58 | 000,898,800 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Road_Dutch_Custom-[cdcovers_cc]-front.jpg
[2010-08-25 21:43:07 | 001,028,258 | ---- | C] () -- C:\Documents and Settings\Hans\Mijn documenten\The_Book_Of_Eli_Dutch_R2_Custom-[cdcovers_cc]-front.jpg
[2010-07-11 21:22:21 | 000,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-07-11 20:28:13 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2010-07-06 18:41:22 | 000,354,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-06-06 21:30:07 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-03-14 17:50:35 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009-03-09 21:55:46 | 000,006,930 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\PrimoPDFSet.xml
[2009-03-09 21:54:38 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-12-29 21:45:01 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008-05-09 21:58:46 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Hans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-05-09 21:58:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-04-20 12:57:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-04-20 12:56:26 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.log
[2008-04-20 12:56:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\ezpinst.exe
[2008-04-20 12:56:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.cat
[2008-04-20 12:56:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Hans\Application Data\pcouffin.inf
[2008-04-20 12:53:23 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008-04-19 20:38:15 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008-04-18 17:44:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008-04-18 15:42:08 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-04-18 14:25:25 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008-04-18 14:08:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_3.dll
[2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_2.dll
[2007-10-10 13:37:54 | 000,278,528 | ---- | C] () -- C:\WINDOWS\ImgUploaderLang_1.dll
[2007-06-27 11:22:54 | 000,692,224 | ---- | C] () -- C:\WINDOWS\libcurl.dll
[2003-08-17 11:26:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

========== LOP Check ==========

[2009-05-09 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\albelli photo book creator Extra
[2008-04-19 21:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FotoTime
[2008-10-17 09:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010-07-11 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009-11-16 20:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008-07-29 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\albumart
[2010-03-12 17:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Belastingdienst
[2009-04-13 19:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Bret Taylor
[2010-03-24 22:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\calibre
[2008-04-19 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\FotoTime
[2009-05-29 21:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\GARMIN
[2008-04-19 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\GrabIt
[2009-08-03 21:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\IrfanView
[2008-04-20 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Mp3tag
[2008-10-02 19:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Opera
[2008-10-21 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\ProtectDisc
[2010-08-29 15:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\PTAssembler
[2010-08-29 21:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\QuickScan
[2010-04-04 16:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Softland
[2008-10-02 20:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Softplicity
[2008-04-20 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TeamViewer
[2008-06-29 12:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TuFuse Pro
[2010-01-25 19:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\TweakNow RegCleaner
[2010-04-18 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hans\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< * >
[2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- \.rnd
[2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- \38-index-4.4.6.txt
[2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- \39-index-4.5.4.txt
[2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.8.txt
[2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.9.txt
[2008-09-15 08:57:58 | 000,024,576 | ---- | M] () -- \ash_spti.dll
[2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- \assistant.exe
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \AUTOEXEC.BAT
[2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- \Boot.bak
[2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- \boot.ini
[2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- \Bootfont.bin
[2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- \ca-bundle.crt
[2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- \cmldr
[2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- \ComboFix.txt
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \CONFIG.SYS
[2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- \fpxjpeg.dll
[2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- \ident.xml
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \IO.SYS
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \libcurl.dll
[2009-07-16 15:10:38 | 001,032,192 | ---- | M] () -- \libeay32.dll
[2008-09-15 08:58:00 | 000,319,488 | ---- | M] () -- \libhunspell.dll
[2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- \libssh2.dll
[2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- \libssl32.dll
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- \NTDETECT.COM
[2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- \ntldr
[2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () --
[2008-09-15 08:58:02 | 000,163,840 | ---- | M] () -- \picn1020.dll
[2008-09-15 08:58:02 | 000,188,416 | ---- | M] () -- \picn1120.dll
[2008-09-15 08:58:02 | 000,118,784 | ---- | M] () -- \picn1320.dll
[2008-09-15 08:58:04 | 000,180,224 | ---- | M] () -- \picn20.dll
[2008-09-15 08:58:04 | 000,159,744 | ---- | M] () -- \picn2720.dll
[2008-09-15 08:58:06 | 001,511,424 | ---- | M] () -- \picn6620.dll
[2008-09-15 08:58:06 | 001,507,328 | ---- | M] () -- \picn6720.dll
[2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- \Pixum EasyBook.exe
[2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- \QtCLucene4.dll
[2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- \QtCore4.dll
[2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- \QtGui4.dll
[2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- \QtHelp4.dll
[2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- \QtNetwork4.dll
[2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- \QtSql4.dll
[2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- \QtSvg4.dll
[2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- \QtWebKit4.dll
[2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- \QtXml4.dll
[2008-09-15 08:57:56 | 000,450,560 | ---- | M] () -- \RecDev.dll
[2008-09-15 08:57:56 | 000,085,504 | ---- | M] () -- \RedEye.dll
[2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- \RootRepeal report 07-11-10 (13-33-19).txt
[2008-09-15 08:58:08 | 000,753,664 | ---- | M] () -- \sadw.dll
[2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- \safpx.dll
[2008-09-15 08:57:56 | 000,077,824 | ---- | M] () -- \SAFPXLB.dll
[2008-09-15 08:57:56 | 000,147,456 | ---- | M] () -- \SoftCore.dll
[2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- \sqmdata00.sqm
[2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- \sqmdata01.sqm
[2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- \sqmdata02.sqm
[2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- \sqmdata03.sqm
[2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- \sqmdata04.sqm
[2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- \sqmdata05.sqm
[2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- \sqmdata06.sqm
[2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- \sqmdata07.sqm
[2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- \sqmdata08.sqm
[2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- \sqmdata09.sqm
[2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- \sqmdata10.sqm
[2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- \sqmdata11.sqm
[2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- \sqmdata12.sqm
[2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- \sqmdata13.sqm
[2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- \sqmdata14.sqm
[2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- \sqmdata15.sqm
[2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- \sqmdata16.sqm
[2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- \sqmdata17.sqm
[2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- \sqmdata18.sqm
[2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- \sqmdata19.sqm
[2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt00.sqm
[2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- \sqmnoopt01.sqm
[2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- \sqmnoopt02.sqm
[2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- \sqmnoopt03.sqm
[2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- \sqmnoopt04.sqm
[2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- \sqmnoopt05.sqm
[2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- \sqmnoopt06.sqm
[2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- \sqmnoopt07.sqm
[2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt08.sqm
[2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt09.sqm
[2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt10.sqm
[2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- \sqmnoopt11.sqm
[2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- \sqmnoopt12.sqm
[2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- \sqmnoopt13.sqm
[2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- \sqmnoopt14.sqm
[2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- \sqmnoopt15.sqm
[2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- \sqmnoopt16.sqm
[2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- \sqmnoopt17.sqm
[2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- \sqmnoopt18.sqm
[2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt19.sqm
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \ssleay32.dll
[2008-09-15 08:58:08 | 002,723,264 | ---- | M] () -- \vcredist_x86.exe
[2008-09-15 08:58:10 | 000,077,824 | ---- | M] () -- \wnaspi32.dll
[2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- \XMPFiles.dll
[2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- \XMPToolkit.dll
[2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- \zlib1.dll
[2008-09-15 08:57:58 | 001,053,696 | ---- | M] () -- \_ISource30.dll
[2008-09-15 08:57:58 | 000,081,920 | ---- | M] () -- \_SAFPX10.dll
[2008-09-15 08:57:58 | 000,368,640 | ---- | M] () -- \_SAJ2K10.dll
[2008-09-15 08:57:58 | 000,225,280 | ---- | M] () -- \_SARAW10.dll
 
part 4

< %SYSTEMDRIVE%\*.* >
[2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- C:\38-index-4.4.6.txt
[2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.4.txt
[2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.8.txt
[2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- C:\39-index-4.5.9.txt
[2008-09-15 08:57:58 | 000,024,576 | ---- | M] (ashampoo) -- C:\ash_spti.dll
[2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- C:\assistant.exe
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- C:\ca-bundle.crt
[2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- C:\cmldr
[2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- C:\ComboFix.txt
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- C:\fpxjpeg.dll
[2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- C:\ident.xml
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] (The cURL library, http://curl.haxx.se/) -- C:\libcurl.dll
[2009-07-16 15:10:38 | 001,032,192 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\libeay32.dll
[2008-09-15 08:58:00 | 000,319,488 | ---- | M] (http://hunspell.sourceforge.net/) -- C:\libhunspell.dll
[2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- C:\libssh2.dll
[2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- C:\libssl32.dll
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-09-15 08:58:02 | 000,163,840 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1020.dll
[2008-09-15 08:58:02 | 000,188,416 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1120.dll
[2008-09-15 08:58:02 | 000,118,784 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn1320.dll
[2008-09-15 08:58:04 | 000,180,224 | ---- | M] (Pegasus Imaging Corp.) -- C:\picn20.dll
[2008-09-15 08:58:04 | 000,159,744 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn2720.dll
[2008-09-15 08:58:06 | 001,511,424 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn6620.dll
[2008-09-15 08:58:06 | 001,507,328 | ---- | M] (Pegasus Imaging Corporation) -- C:\picn6720.dll
[2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- C:\Pixum EasyBook.exe
[2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- C:\QtCLucene4.dll
[2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- C:\QtCore4.dll
[2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- C:\QtGui4.dll
[2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- C:\QtHelp4.dll
[2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- C:\QtNetwork4.dll
[2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- C:\QtSql4.dll
[2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- C:\QtSvg4.dll
[2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- C:\QtWebKit4.dll
[2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- C:\QtXml4.dll
[2008-09-15 08:57:56 | 000,450,560 | ---- | M] (RecDev GmbH) -- C:\RecDev.dll
[2008-09-15 08:57:56 | 000,085,504 | ---- | M] (FotoNation Inc.) -- C:\RedEye.dll
[2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 07-11-10 (13-33-19).txt
[2008-09-15 08:58:08 | 000,753,664 | ---- | M] (ashampoo Technology GmbH & Co KG) -- C:\sadw.dll
[2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- C:\safpx.dll
[2008-09-15 08:57:56 | 000,077,824 | ---- | M] (Smaller Animals Software, Inc) -- C:\SAFPXLB.dll
[2008-09-15 08:57:56 | 000,147,456 | ---- | M] (RecDev GmbH) -- C:\SoftCore.dll
[2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\ssleay32.dll
[2008-09-15 08:58:08 | 002,723,264 | ---- | M] (Microsoft Corporation) -- C:\vcredist_x86.exe
[2008-09-15 08:58:10 | 000,077,824 | ---- | M] (RecDev GmbH) -- C:\wnaspi32.dll
[2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- C:\XMPFiles.dll
[2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- C:\XMPToolkit.dll
[2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- C:\zlib1.dll
[2008-09-15 08:57:58 | 001,053,696 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_ISource30.dll
[2008-09-15 08:57:58 | 000,081,920 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SAFPX10.dll
[2008-09-15 08:57:58 | 000,368,640 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SAJ2K10.dll
[2008-09-15 08:57:58 | 000,225,280 | ---- | M] (Smaller Animals Software, Inc.) -- C:\_SARAW10.dll

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008-04-18 15:34:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-04-18 15:34:34 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-04-18 15:34:34 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008-04-14 19:02:44 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=4CF588D2F2363B73EB4AF57967D46DFF -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008-04-14 19:02:45 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=520391367546218929749612ABFE840C -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008-04-14 19:02:45 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=7ED22EA6D840CD388BD68B68580468E1 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 11:29:52

< * >
[2009-03-14 17:50:03 | 000,001,024 | ---- | M] () -- \.rnd
[2009-01-22 21:43:22 | 000,000,416 | ---- | M] () -- \38-index-4.4.6.txt
[2009-05-09 20:27:15 | 000,000,674 | ---- | M] () -- \39-index-4.5.4.txt
[2009-11-27 21:53:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.8.txt
[2010-01-10 16:05:07 | 000,000,674 | ---- | M] () -- \39-index-4.5.9.txt
[2008-09-15 08:57:58 | 000,024,576 | ---- | M] () -- \ash_spti.dll
[2008-10-01 10:29:44 | 000,966,656 | ---- | M] () -- \assistant.exe
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \AUTOEXEC.BAT
[2008-04-18 13:56:51 | 000,000,211 | ---- | M] () -- \Boot.bak
[2010-08-29 20:19:58 | 000,000,281 | RHS- | M] () -- \boot.ini
[2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- \Bootfont.bin
[2008-09-15 08:57:58 | 000,242,475 | ---- | M] () -- \ca-bundle.crt
[2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- \cmldr
[2010-09-01 17:24:25 | 000,011,217 | ---- | M] () -- \ComboFix.txt
[2008-04-18 14:00:11 | 000,000,000 | ---- | M] () -- \CONFIG.SYS
[2008-09-15 08:57:58 | 000,131,072 | ---- | M] () -- \fpxjpeg.dll
[2009-03-27 19:05:00 | 000,000,154 | ---- | M] () -- \ident.xml
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \IO.SYS
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \libcurl.dll
[2009-07-16 15:10:38 | 001,032,192 | ---- | M] () -- \libeay32.dll
[2008-09-15 08:58:00 | 000,319,488 | ---- | M] () -- \libhunspell.dll
[2008-09-15 08:58:00 | 000,170,496 | ---- | M] () -- \libssh2.dll
[2008-09-15 08:58:00 | 000,322,990 | ---- | M] () -- \libssl32.dll
[2008-04-18 14:00:11 | 000,000,000 | RHS- | M] () -- \MSDOS.SYS
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- \NTDETECT.COM
[2008-09-24 18:40:30 | 000,251,712 | RHS- | M] () -- \ntldr
[2010-08-31 21:26:14 | 2145,386,496 | -HS- | M] () --
[2008-09-15 08:58:02 | 000,163,840 | ---- | M] () -- \picn1020.dll
[2008-09-15 08:58:02 | 000,188,416 | ---- | M] () -- \picn1120.dll
[2008-09-15 08:58:02 | 000,118,784 | ---- | M] () -- \picn1320.dll
[2008-09-15 08:58:04 | 000,180,224 | ---- | M] () -- \picn20.dll
[2008-09-15 08:58:04 | 000,159,744 | ---- | M] () -- \picn2720.dll
[2008-09-15 08:58:06 | 001,511,424 | ---- | M] () -- \picn6620.dll
[2008-09-15 08:58:06 | 001,507,328 | ---- | M] () -- \picn6720.dll
[2009-11-27 13:48:00 | 005,558,272 | ---- | M] () -- \Pixum EasyBook.exe
[2009-07-16 15:10:20 | 001,052,672 | ---- | M] () -- \QtCLucene4.dll
[2009-07-16 15:10:22 | 002,076,672 | ---- | M] () -- \QtCore4.dll
[2009-11-27 13:48:34 | 007,671,808 | ---- | M] () -- \QtGui4.dll
[2009-07-16 15:10:32 | 000,413,696 | ---- | M] () -- \QtHelp4.dll
[2009-07-16 15:10:32 | 000,921,600 | ---- | M] () -- \QtNetwork4.dll
[2009-07-16 15:10:34 | 000,200,704 | ---- | M] () -- \QtSql4.dll
[2009-07-16 15:10:34 | 000,270,336 | ---- | M] () -- \QtSvg4.dll
[2009-07-16 15:10:34 | 009,318,400 | ---- | M] () -- \QtWebKit4.dll
[2009-07-16 15:10:38 | 000,364,544 | ---- | M] () -- \QtXml4.dll
[2008-09-15 08:57:56 | 000,450,560 | ---- | M] () -- \RecDev.dll
[2008-09-15 08:57:56 | 000,085,504 | ---- | M] () -- \RedEye.dll
[2010-07-11 13:33:19 | 000,000,016 | ---- | M] () -- \RootRepeal report 07-11-10 (13-33-19).txt
[2008-09-15 08:58:08 | 000,753,664 | ---- | M] () -- \sadw.dll
[2008-09-15 08:58:08 | 000,380,928 | ---- | M] () -- \safpx.dll
[2008-09-15 08:57:56 | 000,077,824 | ---- | M] () -- \SAFPXLB.dll
[2008-09-15 08:57:56 | 000,147,456 | ---- | M] () -- \SoftCore.dll
[2010-08-06 17:35:16 | 000,000,232 | -H-- | M] () -- \sqmdata00.sqm
[2010-08-07 12:26:26 | 000,000,232 | -H-- | M] () -- \sqmdata01.sqm
[2010-08-07 17:26:46 | 000,000,232 | -H-- | M] () -- \sqmdata02.sqm
[2010-08-08 13:38:18 | 000,000,232 | -H-- | M] () -- \sqmdata03.sqm
[2010-08-09 16:57:08 | 000,000,232 | -H-- | M] () -- \sqmdata04.sqm
[2010-08-09 22:34:41 | 000,000,232 | -H-- | M] () -- \sqmdata05.sqm
[2010-08-12 12:56:02 | 000,000,232 | -H-- | M] () -- \sqmdata06.sqm
[2010-08-12 13:22:27 | 000,000,232 | -H-- | M] () -- \sqmdata07.sqm
[2010-08-29 13:38:16 | 000,000,232 | -H-- | M] () -- \sqmdata08.sqm
[2010-08-29 19:31:16 | 000,000,232 | -H-- | M] () -- \sqmdata09.sqm
[2010-07-21 19:51:50 | 000,000,232 | -H-- | M] () -- \sqmdata10.sqm
[2010-07-21 21:26:39 | 000,000,232 | -H-- | M] () -- \sqmdata11.sqm
[2010-07-23 22:27:32 | 000,000,232 | -H-- | M] () -- \sqmdata12.sqm
[2010-07-26 17:21:43 | 000,000,232 | -H-- | M] () -- \sqmdata13.sqm
[2010-07-27 22:05:09 | 000,000,232 | -H-- | M] () -- \sqmdata14.sqm
[2010-07-29 20:30:23 | 000,000,232 | -H-- | M] () -- \sqmdata15.sqm
[2010-07-30 12:50:32 | 000,000,232 | -H-- | M] () -- \sqmdata16.sqm
[2010-07-30 19:53:17 | 000,000,232 | -H-- | M] () -- \sqmdata17.sqm
[2010-07-31 16:01:22 | 000,000,232 | -H-- | M] () -- \sqmdata18.sqm
[2010-08-05 18:49:50 | 000,000,232 | -H-- | M] () -- \sqmdata19.sqm
[2010-08-06 17:35:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt00.sqm
[2010-08-07 12:26:26 | 000,000,244 | -H-- | M] () -- \sqmnoopt01.sqm
[2010-08-07 17:26:46 | 000,000,244 | -H-- | M] () -- \sqmnoopt02.sqm
[2010-08-08 13:38:18 | 000,000,244 | -H-- | M] () -- \sqmnoopt03.sqm
[2010-08-09 16:57:08 | 000,000,244 | -H-- | M] () -- \sqmnoopt04.sqm
[2010-08-09 22:34:40 | 000,000,244 | -H-- | M] () -- \sqmnoopt05.sqm
[2010-08-12 12:56:02 | 000,000,244 | -H-- | M] () -- \sqmnoopt06.sqm
[2010-08-12 13:22:27 | 000,000,244 | -H-- | M] () -- \sqmnoopt07.sqm
[2010-08-29 13:38:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt08.sqm
[2010-08-29 19:31:16 | 000,000,244 | -H-- | M] () -- \sqmnoopt09.sqm
[2010-07-21 19:51:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt10.sqm
[2010-07-21 21:26:39 | 000,000,244 | -H-- | M] () -- \sqmnoopt11.sqm
[2010-07-23 22:27:32 | 000,000,244 | -H-- | M] () -- \sqmnoopt12.sqm
[2010-07-26 17:21:43 | 000,000,244 | -H-- | M] () -- \sqmnoopt13.sqm
[2010-07-27 22:05:09 | 000,000,244 | -H-- | M] () -- \sqmnoopt14.sqm
[2010-07-29 20:30:23 | 000,000,244 | -H-- | M] () -- \sqmnoopt15.sqm
[2010-07-30 12:50:31 | 000,000,244 | -H-- | M] () -- \sqmnoopt16.sqm
[2010-07-30 19:53:17 | 000,000,244 | -H-- | M] () -- \sqmnoopt17.sqm
[2010-07-31 16:01:22 | 000,000,244 | -H-- | M] () -- \sqmnoopt18.sqm
[2010-08-05 18:49:50 | 000,000,244 | -H-- | M] () -- \sqmnoopt19.sqm
[2009-07-16 15:10:38 | 000,212,992 | ---- | M] () -- \ssleay32.dll
[2008-09-15 08:58:08 | 002,723,264 | ---- | M] () -- \vcredist_x86.exe
[2008-09-15 08:58:10 | 000,077,824 | ---- | M] () -- \wnaspi32.dll
[2008-09-15 08:57:58 | 000,299,008 | ---- | M] () -- \XMPFiles.dll
[2008-09-15 08:57:58 | 000,327,680 | ---- | M] () -- \XMPToolkit.dll
[2008-09-15 08:58:10 | 000,069,632 | ---- | M] () -- \zlib1.dll
[2008-09-15 08:57:58 | 001,053,696 | ---- | M] () -- \_ISource30.dll
[2008-09-15 08:57:58 | 000,081,920 | ---- | M] () -- \_SAFPX10.dll
[2008-09-15 08:57:58 | 000,368,640 | ---- | M] () -- \_SAJ2K10.dll
[2008-09-15 08:57:58 | 000,225,280 | ---- | M] () -- \_SARAW10.dll
< End of report >
 
and the extras.log part 1 of 2

OTL Extras logfile created on: 2-9-2010 19:43:43 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Hans\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 60,93 Gb Free Space | 62,40% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 173,78 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 172,79 Gb Total Space | 90,53 Gb Free Space | 52,39% Space Free | Partition Type: NTFS

Computer Name: DE-STILLE
Current User Name: Hans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{220C5102-2566-337F-9E9B-C81C5C761BA2}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4277D135-5E38-4A5C-B5FB-F6EA03B72283}" = calibre
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7FF37D98-A8A1-4C24-860B-C0D20E601A6E}" = FotoTime FotoAlbum Pro
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{88AD4F45-AF1E-4A47-A9CE-8A542C6B3728}" = MapSource - European City Select v6
"{8C788975-88ED-3C52-A188-6C944E9BD07D}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
 
extras.log part2

"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}" = Windows Live Messenger
"{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A395750A-78D7-36D1-A59D-1A0B601D4BDC}" = Microsoft .NET Framework 3.5 Language Pack - nld
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A82000000003}" = Adobe Reader 8.2.4 - Nederlands
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B116E95E-01B1-420A-AECB-B2B330B9BD97}" = Polar Precision Performance SW
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE90F8E-17F5-434C-8446-E4BAD4C851EA}" = MapSource - City Select Europe v7 Update
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5F6A0E6-77EE-49C3-85B5-BD3B435F35CC}_is1" = Onroute Fietskaart Nederland 1.62
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_131f70761d1fd2ae00481a75aed0ccc" = Adobe Photoshop CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Album Art Downloader XUI" = Album Art Downloader XUI 0.21
"Blokker_is1" = Blokker V1.5.1.3
"CobBackup9" = Cobian Backup 9
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Digital Editions" = Adobe Digital Editions
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"Garmin TOPO Nederland_is1" = Garmin TOPO Nederland
"GrabIt_is1" = GrabIt 1.7.2 Beta 3 (build 996)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{88AD4F45-AF1E-4A47-A9CE-8A542C6B3728}" = MapSource - European City Select v6
"InstallShield_{CFE90F8E-17F5-434C-8446-E4BAD4C851EA}" = MapSource - City Select Europe v7 Update
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 3.5 Language Pack - nld" = Taalpakket voor Microsoft .NET Framework 3.5 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.41
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Picasa 3" = Picasa 3
"PoiEdit" = PoiEdit
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PTAssembler_is1" = PTAssembler
"SSC Service Utility_is1" = SSC Service Utility v4.30
"TeamViewer 3" = TeamViewer 3
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGDB3" = WinGDB3 3.42
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-7-2010 3:59:34 | Computer Name = DE-STILLE | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 11-7-2010 3:59:34 | Computer Name = DE-STILLE | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 11-7-2010 16:10:45 | Computer Name = DE-STILLE | Source = McLogEvent | ID = 259
Description = Er zijn detecties gevonden. Scanprogrammaversie 5400.1158 met DAT-versie
6040.

Error - 13-7-2010 15:02:57 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



Error - 17-8-2010 12:42:03 | Computer Name = DE-STILLE | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: MyMoza.exe, versie: 0.0.0.0, vastgelopen module:
hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 21-8-2010 15:22:57 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



Error - 25-8-2010 14:55:00 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



Error - 29-8-2010 8:38:56 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



Error - 29-8-2010 14:24:02 | Computer Name = DE-STILLE | Source = McLogEvent | ID = 259
Description = In het bestand C:\DOCUME~1\Hans\LOCALS~1\Temp\Av-test.txt is EICAR
test file Testen aangetroffen. De opschoonfunctie is niet beschikbaar. Het bestand
is verwijderd. Gedetecteerd met behulp van scanprogramma versie 5400.1158 met DAT-versie
6089.0000.

Error - 31-8-2010 12:44:11 | Computer Name = DE-STILLE | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: S:\Virtual machines\workstation\workstation.vmx



[ OSession Events ]
Error - 1-8-2008 10:36:45 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3697
seconds with 540 seconds of active time. This session ended with a crash.

Error - 29-8-2008 15:26:29 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88890
seconds with 480 seconds of active time. This session ended with a crash.

Error - 19-9-2008 14:43:54 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 170990
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 11-10-2008 14:30:15 | Computer Name = DE-STILLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 560
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 30-8-2010 14:34:34 | Computer Name = DE-STILLE | Source = Print | ID = 23
Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
Easy PDF Creator stuurprogramma werd aangetroffen.

Error - 30-8-2010 14:34:54 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
Description = De HID Input Service-service is gestopt met de volgende foutcode:
%%126.

Error - 30-8-2010 15:48:25 | Computer Name = DE-STILLE | Source = Print | ID = 23
Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
Easy PDF Creator stuurprogramma werd aangetroffen.

Error - 30-8-2010 15:48:52 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
Description = De HID Input Service-service is gestopt met de volgende foutcode:
%%126.

Error - 30-8-2010 16:15:35 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
op de netwerkkaart met netwerkadres 001CC033FED6.

Error - 31-8-2010 15:26:20 | Computer Name = DE-STILLE | Source = Print | ID = 23
Description = Kan printer Easy PDF Creator niet initialiseren, omdat geen geschikt
Easy PDF Creator stuurprogramma werd aangetroffen.

Error - 31-8-2010 15:26:46 | Computer Name = DE-STILLE | Source = Service Control Manager | ID = 7023
Description = De HID Input Service-service is gestopt met de volgende foutcode:
%%126.

Error - 1-9-2010 11:12:46 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
op de netwerkkaart met netwerkadres 001CC033FED6.

Error - 1-9-2010 12:46:33 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
op de netwerkkaart met netwerkadres 001CC033FED6.

Error - 2-9-2010 12:46:11 | Computer Name = DE-STILLE | Source = Dhcp | ID = 1000
Description = Uw computer heeft de lease verloren van het IP-adres 192.168.2.30
op de netwerkkaart met netwerkadres 001CC033FED6.


< End of report >


Thanks again!

I wonder: Is there something I can read to understand what we are actually doing?
 
Well, we've been running different tools to find out, if your computer is clean.

OTL log is perfectly clean.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Logs

Ok, here are the logs. First the chekup.log


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
McAfee VirusScan Enterprise
McAfee Agent
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TweakNow RegCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.0.45.2
Adobe Reader 8.2.4 - Nederlands
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise SHSTAT.EXE
McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


And the Kaspersky.log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 03, 2010 07:35:37
Records in database: 4183813
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
S:\
Z:\

Scan statistics:
Objects scanned: 109674
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:54:36


File name / Threat / Threats count
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1
D:\Voor een CD\Keyfinder\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.g 1
D:\Voor een CD\Keyfinder\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a 1

Selected area has been scanned.



Aparently some infections still exists.

Hans
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Broni,

Thanks very much. You're the best. As a softwar engineer I knew a lot about computers already but you managed to educate me more.
I have completed all the steps and installed the recommended software.
This was the OTL log, in case it is important.


All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hans
->Temp folder emptied: 108955112 bytes
->Temporary Internet Files folder emptied: 51915019 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 81720576 bytes
->Flash cache emptied: 963 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71873085 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20007786 bytes

Total Files Cleaned = 319,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Hans
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error: Unable to interpret <---------> in the current context!

OTL by OldTimer - Version 3.2.11.0 log created on 09042010_142952

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Thanks again very much. The coputer is running fine now. No more popups and other stuff.
 
Status
Not open for further replies.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
Senius
What would my FPS be low with 4090?
Replies
1
Views
826
Nelson28
N
A
Russian USB malware spreads worldwide, beyond its Ukraine targets
Replies
8
Views
313
OortCloud
O

Latest posts

Back