Good job

Delete your GMER file, download fresh one and post new log.

Sorry, I had some problems doing a new GMER and saving it.

but finally here it is:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-25 20:09:26
Windows 5.1.2600 Service Pack 2
Running: oor3m5rw.exe; Driver: C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\awdorfoc.sys


---- System - GMER 1.0.15 ----

SSDT 826C41A8 ZwConnectPort
SSDT F8B786FE ZwCreateKey
SSDT F8B786F4 ZwCreateThread
SSDT F8B78703 ZwDeleteKey
SSDT F8B7870D ZwDeleteValueKey
SSDT F8B78712 ZwLoadKey
SSDT F8B786E0 ZwOpenProcess
SSDT F8B786E5 ZwOpenThread
SSDT F8B7871C ZwReplaceKey
SSDT F8B78717 ZwRestoreKey
SSDT F8B78708 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7093D18]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 10-07-24.04 - Richard Witter 25-07-2010 22:47:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.510.167 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Richard Witter\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\Cache\00144228
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\Pe
c:\program files\Pe\AEGAXS.dll
c:\program files\Pe\App.ico
c:\program files\Pe\CageDLL.dll
c:\program files\Pe\Configs.xml
c:\program files\Pe\dnscache.dll
c:\program files\Pe\HuD.xml
c:\program files\Pe\iexplore.exe
c:\program files\Pe\iexplore.exe.config
c:\program files\Pe\Lib\accllistbar.dll
c:\program files\Pe\Lib\AxInterop.SHDocVw.dll
c:\program files\Pe\Lib\Infragistics.Shared.v3.2.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Core.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Data.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Render.v4.1.d ll
c:\program files\Pe\Lib\Infragistics.UltraChart.Resources.v4. 1.dll
c:\program files\Pe\Lib\Infragistics.Win.Misc.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinChart.v4.1.d ll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinDock.v3.2.dl l
c:\program files\Pe\Lib\Infragistics.Win.UltraWinEditors.v3.2 .dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinListBar.v3.2 .dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinTabControl.v 3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinToolbars.v3. 2.dll
c:\program files\Pe\Lib\Infragistics.Win.v3.2.dll
c:\program files\Pe\Lib\Interop.SHDocVw.dll
c:\program files\Pe\Lib\MessageBoxExLib.dll
c:\program files\Pe\Lib\pecomm.dll
c:\program files\Pe\Lib\PokerHUD.dll
c:\program files\Pe\Lib\shellstyle.dll
c:\program files\Pe\Lib\xpexplorerbar.dll
c:\program files\Pe\License.txt
c:\program files\Pe\Notes.xml
c:\program files\Pe\NTGA11X.dll
c:\program files\Pe\Readme.txt
c:\program files\Pe\S_MinerX.exe
c:\program files\Pe\Settings.xml
c:\windows\Fonts\acrsec.fon

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-25 to 2010-07-25 ))))))))))))))))))))))))))))))
.

2010-07-22 17:12 . 2010-07-22 17:12 -------- d-----w- c:\program files\Common Files\Skype
2010-07-21 19:40 . 2010-07-21 19:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-21 19:03 . 2010-07-21 19:03 388096 ----a-r- c:\documents and settings\Richard Witter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 19:03 . 2010-07-21 19:03 -------- d-----w- c:\program files\Trend Micro
2010-07-18 18:15 . 2010-07-18 18:15 -------- d-----w- c:\documents and settings\Richard Witter\Application Data\Malwarebytes
2010-07-18 18:15 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 18:15 . 2010-07-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-18 18:15 . 2010-07-18 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 18:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-17 22:12 . 2010-07-17 22:12 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-07-13 19:13 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-25 20:32 . 2007-01-17 00:26 -------- d-----w- c:\documents and settings\Richard Witter\Application Data\Skype
2010-07-25 15:52 . 2010-02-08 20:59 -------- d-----w- c:\documents and settings\Richard Witter\Application Data\skypePM
2010-07-21 21:16 . 2006-10-29 20:45 -------- d-----w- c:\program files\Lavasoft
2010-07-21 19:38 . 2008-04-09 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-19 18:47 . 2004-09-08 11:27 3624 ----a-w- c:\windows\system32\perfh013.dat
2010-07-19 18:47 . 2004-09-08 11:27 1406 ----a-w- c:\windows\system32\perfc013.dat
2010-07-17 22:12 . 2005-05-22 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 19:57 . 2009-11-05 21:33 -------- d-----w- c:\documents and settings\Richard Witter\Application Data\GrabIt
2010-07-13 20:20 . 2009-11-24 19:29 -------- d-----w- c:\program files\Swift Elite 4
2010-06-21 21:20 . 2009-08-30 17:48 -------- d-----w- c:\program files\KaraFun
2010-06-14 14:30 . 2004-08-04 08:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 21:12 . 2010-06-06 21:12 33820 ----a-w- c:\windows\system32\drivers\OldUsbkey.sys
2010-06-06 21:12 . 2009-11-24 19:30 8968 ----a-w- c:\windows\system32\KL2DLL.DLL
2010-06-06 21:12 . 2009-11-24 19:30 86016 ----a-w- c:\windows\system32\KL2DLL32.DLL
2010-06-06 21:12 . 2009-11-24 19:30 7440 ----a-w- c:\windows\system32\ppmon.dll
2010-06-06 21:12 . 2009-11-24 19:30 24136 ----a-w- c:\windows\system32\ppmon.exe
2010-06-06 21:12 . 2009-11-24 19:30 126976 ----a-w- c:\windows\system32\NWKL2_32.DLL
2010-06-06 21:12 . 2009-11-24 19:30 12480 ----a-w- c:\windows\system32\KL2N.DLL
2010-06-06 21:12 . 2004-08-04 08:00 33792 ----a-w- c:\windows\system32\regini.exe
2010-06-06 21:10 . 2009-10-09 19:02 737280 ----a-w- c:\windows\iun6002.exe
2010-05-06 10:37 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:27 . 2004-08-04 08:00 1851008 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-09-04 1938240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BlueSoleil.lnk - c:\program files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-7-16 626176]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-7-24 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"UserAccess7"=2 (0x2)
"LiveUpdate"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"49869:UDP"= 49869:UDPoort 49869
"28340:UDP"= 28340:UDPoort 28340
"28340:TCP"= 28340:TCPoort 28340 2
"49869:TCP"= 49869:TCP:POORT 49869

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29-3-2010 22:44 135336]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [15-9-2009 17:57 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [15-9-2009 17:57 234888]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
mSearch Bar = about:blank
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {12C03CC0-FEAB-4720-A2E5-8823F4290C7C} = 192.168.0.1,192.168.1.1
TCP: {C3F9F703-102F-4736-9744-56248EABF067} = 192.168.0.1,192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
ActiveSetup-{DCDCC50F-6279-DD74-4630-27E72B31A44B} - c:\program files\Navigon\Media.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-25 22:57
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-07-25 23:01:17
ComboFix-quarantined-files.txt 2010-07-25 21:01

Pre-Run: 30.599.991.296 bytes beschikbaar
Post-Run: 31.069.548.544 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F4BD5A643485CC389E2C355057F1CEC5

Uninstall AskBarDis as it's considered as adware.

Please, delete your GMER file, download fresh one and post new log.

New GMER log. I would like to add the files starting with Z:\SF are not reachable for me.

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-26 00:37:58
Windows 5.1.2600 Service Pack 2
Running: 25bemj9m.exe; Driver: C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\awdorfoc.sys


---- System - GMER 1.0.15 ----

SSDT 827D3E78 ZwConnectPort
SSDT F8C2B4EE ZwCreateKey
SSDT F8C2B4E4 ZwCreateThread
SSDT F8C2B4F3 ZwDeleteKey
SSDT F8C2B4FD ZwDeleteValueKey
SSDT F8C2B502 ZwLoadKey
SSDT F8C2B4D0 ZwOpenProcess
SSDT F8C2B4D5 ZwOpenThread
SSDT F8C2B50C ZwReplaceKey
SSDT F8C2B507 ZwRestoreKey
SSDT F8C2B4F8 ZwSetValueKey

Code \??\C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF783CD18]
? C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\catchme.sys Het systeem kan het opgegeven bestand niet vinden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Het systeem kan het opgegeven bestand niet vinden. !
? C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File Z:\SF 152 0 bytes
File Z:\SF 152\CHER - DOVE L'AMORE - SF 152-04.zip 3901791 bytes
File Z:\SF 152\GARBAGE - WORLD IS NOT ENOUGH - SF 152-09.zip 4020696 bytes
File Z:\SF 152\HONNIES - NEVER LET YOU DOWN - SF 152-08.zip 3474891 bytes
File Z:\SF 152\LIAM GALLAGHER AND S CRADOCK - CARNATION - SF 152-12.zip 3462764 bytes
File Z:\SF 152\MACEY GRAY - I TRY - SF 152-05.zip 3960649 bytes
File Z:\SF 152\MARTINE MCCUTCHEON - LOVE ME - SF 152-16.zip 4189366 bytes
File Z:\SF 152\MARTINE MCCUTCHEON - TALKING IN YOUR SLEEP - SF 152-01.zip 4179735 bytes
File Z:\SF 152\ROBBIE WILLIAMS - IT'S ONLY US - SF 152-02.zip 2882873 bytes
File Z:\SF 152\SEMISONIC - CLOSING TIME - SF 152-03.zip 4596273 bytes
File Z:\SF 152\STEPS - AFTER THE LOVE HAS GONE - SF 152-15.zip 4797207 bytes
File Z:\SF 152\STEREOPHONICS - HURRY UP AND WAIT - SF 152-13.zip 4484602 bytes
File Z:\SF 152\TAL BACHMAN - SHE'S SO HIGH - SF 152-07.zip 3734225 bytes
File Z:\SF 152\TIN TIN OUT AND EMMA BUNTON - WHAT I AM - SF 152-14.zip 3986131 bytes
File Z:\SF 152\TINA TURNER - WHEN THE HEARTACHE IS OVER - SF 152-06.zip 3596914 bytes
File Z:\SF 152\WESTLIFE - FLYING WITHOUT WINGS - SF 152-10.zip 3615040 bytes
File Z:\SF 152\WYCLEF JEAN FEAT BONO - NEW DAY - SF 152-11.zip 4316636 bytes
File Z:\SF 153 0 bytes
File Z:\SF 153\Billy Joel - Scenes From An Italian Restaurant - SF 153-11.zip 7342273 bytes
File Z:\SF 153\Cardigans & Tom Jones - Burnin' Down The House - SF 153-15.zip 4050357 bytes
File Z:\SF 153\Carpenters - Rainy Days And Mondays - SF 153-03.zip 3750150 bytes
File Z:\SF 153\Elvis - Did You Ever Have One Of Those Days - SF 153-09.zip 2780753 bytes
File Z:\SF 153\Elvis - His Latest Flame - SF 153-01.zip 2357991 bytes
File Z:\SF 153\Elvis - Old Shep - SF 153-14.zip 4212082 bytes
File Z:\SF 153\Garth Brooks - The Dance - SF 153-06.zip 3254657 bytes
File Z:\SF 153\George Harrison - Got My Mind Set On You - SF 153-13.zip 3711327 bytes
File Z:\SF 153\Jackson 5 - ABC - SF 153-05.zip 3089203 bytes
File Z:\SF 153\Joan Baez - The Night They Drove Old Dixie Down - SF 153-12.zip 3512751 bytes
File Z:\SF 153\Marlene Dietrich - Falling In Love Again - SF 153-07.zip 3104359 bytes
File Z:\SF 153\Olivia Newton John - Banks Of The Ohio - SF 153-08.zip 3357117 bytes
File Z:\SF 153\Perry Como - For The Good Times - SF 153-10.zip 3675344 bytes
File Z:\SF 153\Ricky Nelson - Sweeter Than You - SF 153-02.zip 2684907 bytes
File Z:\SF 153\Saw Doctors - N17 - SF 153-04.zip 4156679 bytes
File Z:\SF 154 0 bytes
File Z:\SF 154\Lauryn Hill & Bob Marley - Turn The Lights Down Low - SF 154-14.zip 4154686 bytes
File Z:\SF 154\5ive - Keep On Movin - SF 154-01.zip 3393188 bytes
File Z:\SF 154\Alanis Morrissette - That I Would Be Good - SF 154-12.zip 4276387 bytes
File Z:\SF 154\Apollo 440 - Heart Go Boom - SF 154-09.zip 4599048 bytes
File Z:\SF 154\Bryan Adams - Best Of Me - SF 154-16.zip 3621864 bytes
File Z:\SF 154\Coors - Radio - SF 154-02.zip 4485210 bytes
File Z:\SF 154\Diana Ross - Not Over You Yet - SF 154-05.zip 4044781 bytes
File Z:\SF 154\Jamiraqui - King For A Day - SF 154-07.zip 3741245 bytes
File Z:\SF 154\Lou Bega - I Got A Girl - SF 154-13.zip 3433846 bytes
File Z:\SF 154\Mel C - Northern Star - SF 154-03.zip 4619595 bytes
File Z:\SF 154\Offspring - She's Got Issues - SF 154-08.zip 3826752 bytes
File Z:\SF 154\Savage Garden - I Knew I Loved You - SF 154-10.zip 3880140 bytes
File Z:\SF 154\Steps - Say You'll Be Mine - SF 154-04.zip 3620508 bytes
File Z:\SF 154\Texas - When We Are Together - SF 154-11.zip 3508681 bytes
File Z:\SF 154\Travis - Turn - SF 154-06.zip 4138592 bytes
File Z:\SF 154\Venga Boys - Kiss (When The Sun Don't Shine) - SF 154-15.zip 3655412 bytes
File Z:\SF 155 0 bytes
File Z:\SF 155\Groove Armada - I See You Baby - SF 155-01.zip 3979220 bytes
File Z:\SF 155\A1 - Everytime - SF 155-05.zip 4682329 bytes
File Z:\SF 155\Ateens - Mama Mia - SF 155-14.zip 3861390 bytes
File Z:\SF 155\B Witched - I Shall Be There - SF 155-10.zip 4373013 bytes
File Z:\SF 155\Boyzone - Every Day I Love You - SF 155-02.zip 3522017 bytes
File Z:\SF 155\Cliff Richard - The Millennium Prayer - SF 155-09.zip 5053348 bytes
File Z:\SF 155\Enrique Iglesias - Rhythm Devine - SF 155-07.zip 3602896 bytes
File Z:\SF 155\George Michael - Roxanne - SF 155-03.zip 4111707 bytes
File Z:\SF 155\Mariah Carey - Thank God I Found You - SF 155-11.zip 4496471 bytes
File Z:\SF 155\Ocean Colour Scene - So Low - SF 155-06.zip 4040071 bytes
File Z:\SF 155\S Club 7 - Two In A Million - SF 155-12.zip 3622368 bytes
File Z:\SF 155\Shania Twain - Don't Be Stupid - SF 155-08.zip 3729336 bytes
File Z:\SF 155\TLC - Dear Lie - SF 155-04.zip 5294677 bytes
File Z:\SF 155\Wamdue Project - King Of My Castle - SF 155-15.zip 3814363 bytes
File Z:\SF 155\Westlife - I Have A Dream - SF 155-13.zip 4393398 bytes
File Z:\SF 155\Westlife - Seasons In The Sun - SF 155-16.zip 4600575 bytes
File Z:\SF 156 0 bytes
File Z:\SF 156\Blondie - Picture This - SF 156-015.zip 3031524 bytes
File Z:\SF 156\Blues Brothers - Rawhide - SF 156-07.zip 2706693 bytes
File Z:\SF 156\Bon Jovi - In These Arms - SF 156-03.zip 5230108 bytes
File Z:\SF 156\Cliff Richard - High Class Baby - SF 156-08.zip 2238674 bytes
File Z:\SF 156\Dusty Springfield - Wishin & Hopin' - SF 156-06.zip 2993622 bytes
File Z:\SF 156\Garth Brooks - Ain't Goin' Down 'till The Sun Comes Up - SF 156-01.zip 3165276 bytes
File Z:\SF 156\Garth Brooks - The Thunder Rolls - SF 156-14.zip 3564947 bytes
File Z:\SF 156\Jackson 5 - Rockin' Robin - SF 156-05.zip 2655063 bytes
File Z:\SF 156\Jimmy Hendrix - Purple Haze - SF 156-13.zip 2785762 bytes
File Z:\SF 156\Roy Orbison - Lana - SF 156-12.zip 2666811 bytes
File Z:\SF 156\Roy Orbison - Working For The Man - SF 156-11.zip 2642929 bytes
File Z:\SF 156\Spandau Ballet - Highly Strung - SF 156-10.zip 4262515 bytes
File Z:\SF 156\Squeeze - Tempted - SF 156-02.zip 4128279 bytes
File Z:\SF 156\U2 Feat BB King - When Love Came To Town - SF 156-04.zip 4201713 bytes
File Z:\SF 156\Village People - Cant Stop The Music - SF 156-09.zip 3796868 bytes
File Z:\SF 157 0 bytes
File Z:\SF 157\5ive - Don't Wanna Let You Go - SF 157-15.zip 3398980 bytes
File Z:\SF 157\Ann Lee - Voices - SF 157-06.zip 3622210 bytes
File Z:\SF 157\Backstreet Boys - Show Me The Meaning Of Being Lonely - SF 157-12.zip 4000898 bytes
File Z:\SF 157\Britney Spears - Born To Make You Happy - SF 157-03.zip 4222929 bytes
File Z:\SF 157\Celine Dion - That's The Way It Is - SF 157-01.zip 4131824 bytes
File Z:\SF 157\Christina Aguilera - What A Girl Wants - SF 157-13.zip 3912536 bytes
File Z:\SF 157\Leann Rimes - Crazy - SF 157-04.zip 2814137 bytes
File Z:\SF 157\Macy Gray - Do Something - SF 157-11.zip 5161723 bytes
File Z:\SF 157\Manic Street Preachers - Masses Against The Classes - SF 157-10.zip 3491516 bytes
File Z:\SF 157\Oasis - Go Let It Out - SF 157-16.zip 4588153 bytes
File Z:\SF 157\S Club 7 - You're My Number One - SF 157-09.zip 3857639 bytes
File Z:\SF 157\Steps - Better The Devil You Know - SF 157-08.zip 4035911 bytes
File Z:\SF 157\T. Jones & C. Matthews - Baby It's Cold Outside - SF 157-05.zip 3702898 bytes
File Z:\SF 157\Various - It's Only Rock & Roll - SF 157-07.zip 3837120 bytes
File Z:\SF 157\Westlife - Fool Again - SF 157-14.zip 4000876 bytes
File Z:\SF 157\Whitney Houston - I Learned From The Best - SF 157-02.zip 4481923 bytes
File Z:\SF 158 0 bytes
File Z:\SF 158\Billy Paul - Me & Mrs Jones - SF 158-13.zip 3559372 bytes
File Z:\SF 158\Cat Stevens - Morning Has Broken - SF 158-09.zip 3238419 bytes
File Z:\SF 158\Chicago - You're The Inspiration - SF 158-07.zip 3744463 bytes
File Z:\SF 158\Chris Rea - Fool If You Think It's Over - SF 158-02.zip 4304553 bytes
File Z:\SF 158\Diana Ross & Marvin ***e - You Are Everything - SF 158-05.zip 3222407 bytes
File Z:\SF 158\Gladys Knight - Help Me Make It Through The Night - SF 158-15.zip 4319858 bytes
File Z:\SF 158\Gordon Lightfoot - Sundown - SF 158-04.zip 3564532 bytes
File Z:\SF 158\Katrina & The Waves - Walkin On Sunshine - SF 158-03.zip 3775433 bytes
File Z:\SF 158\Kool & The Gang - Too Hot - SF 158-01.zip 4086126 bytes
File Z:\SF 158\Michael Jackson - Rock With You - SF 158-14.zip 3353567 bytes
File Z:\SF 158\Roger Whittaker - Last Farewell - SF 158-12.zip 3632652 bytes
File Z:\SF 158\Santana - Black Magic Woman - SF 158-08.zip 3579840 bytes
File Z:\SF 158\Steely Dan - Rikki Don't Loose That Number - SF 158-06.zip 4162976 bytes
File Z:\SF 158\Stevie Wonder - My Cheri Amour - SF 158-11.zip 3086076 bytes
File Z:\SF 158\Sting - Englishman In New York - SF 158-10.zip 3917115 bytes
File Z:\SF 159 0 bytes
File Z:\SF 159\Jennfier Lopez - Feeling So Good - SF 159-06.zip 0 bytes
File Z:\SF 159\All Saints - Pure Shores - SF 159-16.zip 4724457 bytes
File Z:\SF 159\Andreas Johnson - Glorious - SF 159-03.zip 0 bytes
File Z:\SF 159\Britney Spears - From The Bottom Of My Broken Heart - SF 159-02.zip 5291502 bytes
File Z:\SF 159\Eiffel '65 - Move Your Body - SF 159-08.zip 3667041 bytes
File Z:\SF 159\Fierce - Sweet Love 2K - SF 159-04.zip 3042186 bytes
File Z:\SF 159\Gabrielle - Rise - SF 159-01.zip 3565534 bytes
File Z:\SF 159\Hepburn - Deep Deep Down - SF 159-15.zip 2943781 bytes
File Z:\SF 159\Kellis - Caught Out There (I Hate You) - SF 159-11.zip 4436894 bytes
File Z:\SF 159\Macey Gray - Still - SF 159-05.zip 4202237 bytes
File Z:\SF 159\Madonna - American Pie - SF 159-13.zip 0 bytes
File Z:\SF 159\REM - The Great Beyond - SF 159-10.zip 4372579 bytes
File Z:\SF 159\Scooch - More Than I Need To Know - SF 159-07.zip 3984172 bytes
File Z:\SF 159\Simply Red - Your Eyes - SF 159-14.zip 3217489 bytes
File Z:\SF 159\Tamperer - Hammer To The Heart - SF 159-09.zip 3185799 bytes
File Z:\SF 159\Tom Jones & Mousee T - Sex Bomb - SF 159-12.zip 3662275 bytes
File Z:\SF 160 0 bytes
File Z:\SF 160\ALICE COOPER - POISON - SF 160 -07.zip 4760796 bytes
File Z:\SF 160\ARTFUL DODGER - REWIND - SF 160 -01.zip 4114798 bytes
File Z:\SF 160\BEE GEES - MASSACHUSETTS - SF 160 -15.zip 2369781 bytes
File Z:\SF 160\CHARLIE PRIDE - CRYSTAL CHANDELIERS - SF 160-11.zip 2713826 bytes
File Z:\SF 160\DEF LEPPARD - POUR SOME SUGAR ON ME - SF 160-03.zip 0 bytes
File Z:\SF 160\ELECTRIC LIGHT ORCHESTRA - EVIL WOMAN - SF 160-06.zip 4165866 bytes
File Z:\SF 160\GARTH BROOKS - SHE'S EVERY WOMAN - SF 160-12.zip 2817891 bytes
File Z:\SF 160\HOWARD KEEL - I WON'T SEND ROSES - SF 160-09.zip 3025980 bytes
File Z:\SF 160\HOWARD KEEL - SEND IN THE CLOWNS - SF 160-10.zip 3281890 bytes
File Z:\SF 160\JIMI HENDRIX - ALL ALONG THE WATCHTOWER - SF 160-02.zip 0 bytes
File Z:\SF 160\JOHN LENNON - IMAGINE - SF 160-05.zip 3177569 bytes
File Z:\SF 160\MICA PARIS - MY ONE TEMPTATION - SF 160-14.zip 0 bytes
File Z:\SF 160\MR MISTER - BROKEN WINGS - SF 160-08.zip 4729759 bytes
File Z:\SF 160\PAUL WELLER - BROKEN STONES - SF 160-04.zip 3188790 bytes
File Z:\SF 160\UB40 - MANY RIVERS TO CROSS - SF 160-13.zip 4011701 bytes
File Z:\SF 161 0 bytes
File Z:\SF 161\CHICANE AND BRYAN ADAMS - DON'T GIVE UP - SF 161 -13.zip 3631515 bytes
File Z:\SF 161\A1 - LIKE A ROSE - SF 161 -06.zip 4046650 bytes
File Z:\SF 161\ACDC - STIFF UPPER LIP - SF 161 -09.zip 3487974 bytes
File Z:\SF 161\ANDREAS JOHNSON - GAMES WE PLAY - SF 161 -05.zip 0 bytes
File Z:\SF 161\AQUA - CARTOON HEROES - SF 161 -15.zip 0 bytes
File Z:\SF 161\ARTFUL DODGER - MOVING TOO FAST - SF 161 -16.zip 3920801 bytes
File Z:\SF 161\BEWITCHED - JUMP DOWN - SF 161 -08.zip 2903566 bytes
File Z:\SF 161\CELINE DION - IF WALLS COULD TALK - SF 161 -01.zip 0 bytes
File Z:\SF 161\ETERNAL - I CRY REAL TEARS - SF 161 -04.zip 4114680 bytes
File Z:\SF 161\FILTER - TAKE A PICTURE - SF 161 -10.zip 3705150 bytes
File Z:\SF 161\GERI HALLIWELL - BAG IT UP - SF 161 -12.zip 3372966 bytes
File Z:\SF 161\RICKY MARTIN - PRIVATE EMOTION - SF 161 -07.zip 3796941 bytes
File Z:\SF 161\STEPS - DEEPER SHADE OF BLUE - SF 161 -14.zip 4099173 bytes
File Z:\SF 161\TOM JONES AND STEREOPHONICS - MAMMA TOLD ME NOT TO COME - SF 161 -11.zip 2853168 bytes
File Z:\SF 161\VENGABOYS - SHA LA LA LA - SF 161 -02.zip 3084719 bytes
File Z:\SF 161\WILL SMITH - FREAKIN' IT - SF 161 -03.zip 0 bytes
File Z:\SF 162 0 bytes
File Z:\SF 162\Africa - Hold The Line - SF 162 -11.zip 4045166 bytes
File Z:\SF 162\Beatles - Back In The U S S R - SF 162 -09.zip 2707922 bytes
File Z:\SF 162\Bread - Guitar Man - SF 162 -12.zip 3846764 bytes
File Z:\SF 162\Captain + Tennille - Love Will Keep Us Together - SF 162 -04.zip 3484027 bytes
File Z:\SF 162\Def Leppard - Love Bites - SF 162 -02.zip 5481149 bytes
File Z:\SF 162\Elton John - Can You Feel The Love Tonight - SF 162 -06.zip 0 bytes
File Z:\SF 162\Foundations - Baby, Now That I've Found You - SF 162 -13.zip 2792348 bytes
File Z:\SF 162\George Harrison - My Sweet Lord - SF 162 -07.zip 3926255 bytes
File Z:\SF 162\INXS - Mystify - SF 162 -14.zip 3256820 bytes
File Z:\SF 162\Kiki Dee - Ive Got The Music In Me - SF 162 -03.zip 5024474 bytes
File Z:\SF 162\Lobo - I'd Love You To Want Me - SF 162 -05.zip 3827040 bytes
File Z:\SF 162\N Sync - Bye Bye Bye - SF 162 -01.zip 3492535 bytes
File Z:\SF 162\Perry Como - Magic Moments - SF 162 -15.zip 2728696 bytes
File Z:\SF 162\Spandau Ballet - Ill Fly For You - SF 162 -08.zip 0 bytes
File Z:\SF 162\Styx - Babe - SF 162 -10.zip 0 bytes
File Z:\SF 163 0 bytes
File Z:\SF 163\AQUA - AROUND THE WORLD - SF 163 -13.zip 0 bytes
File Z:\SF 163\BLINK 182 - ALL THE SMALL THINGS - SF 163 -09.zip 0 bytes
File Z:\SF 163\CELINE DION - FIRST TIME EVER I SAW YOUR FACE - SF 163 -15.zip 3924110 bytes
File Z:\SF 163\DESTINY'S CHILD - SAY MY NAME - SF 163 -12.zip 0 bytes
File Z:\SF 163\FIVE - WE WILL ROCK YOU - SF 163 -14.zip 3056415 bytes
File Z:\SF 163\GABRIELLE - WHEN A WOMAN - SF 163 -11.zip 3145850 bytes
File Z:\SF 163\MEL C FEAT LEFT EYE - NEVER BE THE SAME AGAIN - SF 163 -08.zip 0 bytes
File Z:\SF 163\MOLOKO - TIME IS NOW - SF 163 -05.zip 4113836 bytes
File Z:\SF 163\OASIS - WHO FEELS LOVE - SF 163 -03.zip 5340865 bytes
File Z:\SF 163\PUFF DADDY FEAT R KELLY - SATISFY YOU - SF 163 -01.zip 4992445 bytes
File Z:\SF 163\R KELLY - ONLY THE LOOT CAN MAKE YOU HAPPY - SF 163 -02.zip 0 bytes
File Z:\SF 163\RICHARD ASHCROFT - SONG FOR LOVERS - SF 163 -16.zip 0 bytes
File Z:\SF 163\SANTANA AND ROB THOMAS - SMOOTH - SF 163 -07.zip 0 bytes
File Z:\SF 163\SEMISONIC - SINGING IN MY SLEEP - SF 163 -06.zip 4379777 bytes
File Z:\SF 163\WAMDUE PROJECT - YOU'RE THE REASON - SF 163 -04.zip 3617379 bytes
File Z:\SF 163\WESTLIFE - I DON'T WANNA FIGHT - SF 163 -10.zip 0 bytes
File Z:\SF 164 0 bytes

---- EOF - GMER 1.0.15 ----

Looks good

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================== =============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 26-7-2010 21:43:48 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Richard Witter\Bureaublad
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 29,06 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 931,51 Gb Total Space | 823,83 Gb Free Space | 88,44% Space Free | Partition Type: NTFS

Computer Name: PC223683069916
Current User Name: Richard Witter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-26 21:42:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Witter\Bureaublad\OTL.exe
PRC - [2010-04-21 21:57:36 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-03-02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-02-24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-09-04 15:11:52 | 001,938,240 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
PRC - [2008-07-07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-06-18 10:23:12 | 000,987,456 | ---- | M] (Packard Bell Services) -- C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
PRC - [2007-06-13 15:24:02 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-08-03 17:48:43 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006-07-16 18:33:36 | 000,626,176 | ---- | M] (IVT Corporation) -- C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
PRC - [2005-04-06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
PRC - [2005-04-05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004-12-17 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010-07-26 21:42:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Witter\Bureaublad\OTL.exe
MOD - [2006-08-25 17:51:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-04 10:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\VIRUSfighter\Nvc\BIN\nipsvc.exe -- (NipSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-04-21 21:57:36 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-02-24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-07-07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008-06-18 10:23:12 | 000,987,456 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe -- (Service1)
SRV - [2007-10-25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-10-18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006-08-03 17:48:43 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006-08-03 17:48:43 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planner voor Automatische LiveUpdate)
SRV - [2005-09-12 14:58:15 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2005-04-06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2005-04-05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003-10-22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060807.097\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-03-01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010-02-16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-05-11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006-09-15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006-07-16 17:06:16 | 000,023,040 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006-06-23 17:00:26 | 000,031,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006-04-14 10:14:12 | 000,014,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Sitecom\IVT BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006-02-28 17:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006-01-19 14:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005-08-31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005-07-29 1732 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005-04-05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005-04-05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005-04-05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005-04-05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005-04-05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004-12-21 23:33:14 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-12-02 18:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004-11-17 12:17:58 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004-11-17 12:17:14 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004-11-08 17:06:08 | 000,085,504 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004-11-04 20:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004-10-28 17:33:08 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004-10-28 17:30:36 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-10-28 17:29:48 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004-10-27 20:15:32 | 000,342,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004-10-19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-08-04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Stuurprogramma voor USB-audio (WDM)
DRV - [2004-07-08 12:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004-04-14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004-02-19 14:12:34 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2003-06-06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002-08-22 11:40:41 | 000,743,136 | R--- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002-06-06 11:14:32 | 000,053,168 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2001-09-06 2114 | 000,036,425 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001-08-17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001-08-17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-07-25 2228 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary...t.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} Welcome to Windows Live (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary...t.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} http://as.photoprintit.de/ips-opdata...SUploader4.cab (IPSUploader4 Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/ms...downloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary...o.cab32846.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary...n.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Richard Witter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard Witter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - pdvcodec.dll File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010-07-26 21:42:22 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Witter\Bureaublad\OTL.exe
[2010-07-26 20:36:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-07-25 23:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-07-25 22:45:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-25 22:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-22 19:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-07-21 21:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-07-21 21:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-07-18 22:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Witter\Bureaublad\NZB
[2010-07-18 20:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Witter\Application Data\Malwarebytes
[2010-07-18 20:15:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-18 20:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-07-18 20:15:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-18 20:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-18 00:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010-06-21 23:19:50 | 005,063,603 | ---- | C] (Recisio ) -- C:\Documents and Settings\Richard Witter\Bureaublad\karafun_118.exe
[2010-06-10 21:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005-08-25 13:04:31 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2005-08-25 13:04:29 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-07-26 21:42:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Witter\Bureaublad\OTL.exe
[2010-07-26 20:53:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-26 20:51:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-26 20:51:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-26 20:51:02 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-26 20:49:27 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Richard Witter\ntuser.dat
[2010-07-26 20:49:27 | 000,000,288 | -HS- | M] () -- C:\Documents and Settings\Richard Witter\ntuser.ini
[2010-07-26 20:48:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010-07-26 20:48:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010-07-26 20:48:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Bureaublad\netsvcs.doc
[2010-07-26 20:47:57 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010-07-26 00:57:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010-07-26 00:57:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010-07-26 00:41:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010-07-26 00:41:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010-07-26 00:39:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010-07-26 00:39:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010-07-25 23:16:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Bureaublad\25bemj9m.exe
[2010-07-25 23:14:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010-07-25 23:14:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010-07-25 22:58:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-25 2228 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-25 22:45:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-25 22:34:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010-07-25 22:34:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010-07-25 20:33:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010-07-25 20:33:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010-07-23 23:16:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010-07-23 23:16:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010-07-23 22:06:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010-07-23 22:06:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010-07-23 19:59:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010-07-23 19:59:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010-07-23 19:12:57 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Bureaublad\MBRCheck.exe
[2010-07-23 14:58:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010-07-23 14:58:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010-07-21 23:16:58 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Watch.lnk
[2010-07-21 23:16:57 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2010-07-21 21:12:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010-07-21 21:12:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010-07-21 21:11:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-07-21 21:11:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-07-21 21:06:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-07-21 21:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-07-21 21:03:28 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Bureaublad\HiJackThis.lnk
[2010-07-19 2314 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-07-19 2313 | 000,000,748 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-19 20:47:55 | 000,438,648 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-19 20:47:55 | 000,377,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-19 20:47:55 | 000,051,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-19 20:47:55 | 000,003,624 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-07-19 20:47:55 | 000,001,406 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-07-18 22:02:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-07-18 22:02:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-07-18 20:37:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-07-18 20:37:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-07-18 20:15:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-07-18 00:12:32 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\PC Inspector File Recovery.lnk
[2010-07-13 23:26:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-21 23:19:50 | 005,063,603 | ---- | M] (Recisio ) -- C:\Documents and Settings\Richard Witter\Bureaublad\karafun_118.exe
[2010-06-21 22:50:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-06-21 22:50:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-06-11 23:55:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-06-11 23:55:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-06-11 23:47:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010-06-11 23:47:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-06-11 22:57:12 | 000,341,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-07 21:52:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010-06-07 21:52:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010-06-06 23:12:59 | 000,004,571 | ---- | M] () -- C:\kl2log.htm
[2010-06-06 23:12:50 | 000,126,976 | ---- | M] (KEYLOK) -- C:\WINDOWS\System32\NWKL2_32.DLL
[2010-06-06 23:12:50 | 000,086,016 | ---- | M] (KEYLOK) -- C:\WINDOWS\System32\KL2DLL32.DLL
[2010-06-06 23:12:50 | 000,033,820 | ---- | M] () -- C:\WINDOWS\System32\drivers\OldUsbkey.sys
[2010-06-06 23:12:50 | 000,024,136 | ---- | M] () -- C:\WINDOWS\System32\ppmon.exe
[2010-06-06 23:12:50 | 000,012,480 | ---- | M] () -- C:\WINDOWS\System32\KL2N.DLL
[2010-06-06 23:12:50 | 000,008,968 | ---- | M] () -- C:\WINDOWS\System32\KL2DLL.DLL
[2010-06-06 23:12:50 | 000,007,440 | ---- | M] () -- C:\WINDOWS\System32\ppmon.dll
[2010-06-06 23:12:40 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Bureaublad\Swift Elite 4.lnk
[2010-06-06 23:10:55 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010-05-18 2341 | 000,086,186 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221988_5_cE5O[1].jpg
[2010-05-18 2319 | 000,095,419 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221303_5_tMvN[1].jpg
[2010-05-18 23:20:20 | 000,088,126 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963222441_5_iSXe[1].jpg
[2010-05-18 23:19:52 | 000,084,748 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221694_5_2ZpH[1].jpg
[2010-05-11 21:52:22 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-06 23:58:08 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Richard Witter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-26 20:48:20 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Bureaublad\netsvcs.doc
[2010-07-25 23:16:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Bureaublad\25bemj9m.exe
[2010-07-25 22:45:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-07-25 22:45:23 | 000,261,936 | ---- | C] () -- C:\cmldr
[2010-07-23 19:12:56 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Bureaublad\MBRCheck.exe
[2010-07-21 23:16:58 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Watch.lnk
[2010-07-21 23:16:57 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2010-07-21 21:03:05 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Bureaublad\HiJackThis.lnk
[2010-07-21 20:43:32 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
[2010-07-18 20:15:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2010-07-18 00:12:33 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010-07-18 00:12:32 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\PC Inspector File Recovery.lnk
[2010-06-06 23:12:56 | 000,033,820 | ---- | C] () -- C:\WINDOWS\System32\drivers\OldUsbkey.sys
[2010-06-06 23:12:40 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Bureaublad\Swift Elite 4.lnk
[2010-05-18 23:32:13 | 000,086,186 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221988_5_cE5O[1].jpg
[2010-05-18 23:27:25 | 000,084,748 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221694_5_2ZpH[1].jpg
[2010-05-18 23:26:47 | 000,095,419 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963221303_5_tMvN[1].jpg
[2010-05-18 2312 | 000,088,126 | ---- | C] () -- C:\Documents and Settings\Richard Witter\Mijn documenten\963222441_5_iSXe[1].jpg
[2009-11-24 21:30:08 | 000,033,820 | ---- | C] () -- C:\WINDOWS\System32\drivers\Usbkey.sys
[2009-11-24 21:30:03 | 000,012,480 | ---- | C] () -- C:\WINDOWS\System32\KL2N.DLL
[2009-11-24 21:30:03 | 000,008,968 | ---- | C] () -- C:\WINDOWS\System32\KL2DLL.DLL
[2009-11-24 21:30:03 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2008-03-21 12:57:35 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\SLIM.ini
[2008-03-21 12:55:26 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\hpgt21.dll
[2007-06-07 07:48:34 | 000,034,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\OxUSBTIMOUT.sys
[2007-02-05 20:18:34 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2006-09-07 04:36:43 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-04-14 10:14:12 | 000,014,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006-04-10 20:35:48 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2006-01-12 23:59:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2006-01-06 18:34:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-12-05 13:40:41 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\LDWRapp.DLL
[2005-11-08 14:50:54 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005-11-08 14:50:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005-09-21 12:42:29 | 000,003,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005-09-16 11:52:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005-08-25 13:04:31 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2005-08-25 13:04:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2005-08-25 13:04:30 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2005-08-25 1244 | 000,000,765 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005-08-25 1236 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005-08-25 1220 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2005-08-25 12:44:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005-07-29 1732 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005-06-02 12:00:36 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2005-06-02 12:00:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2005-06-02 1153 | 000,003,425 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005-06-02 1153 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005-06-02 11:55:30 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2005-06-02 11:54:33 | 000,013,541 | ---- | C] () -- C:\WINDOWS\hplj1320.ini
[2005-05-22 20:09:25 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005-05-21 17:52:53 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-02-14 05:19:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005-02-14 05:19:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005-02-14 05:19:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005-02-14 05:19:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005-02-14 05:19:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005-02-14 05:19:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005-02-14 05:11:24 | 000,000,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004-10-26 20:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004-09-08 13:32:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-09-08 13:25:32 | 000,000,818 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-04-02 15:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2003-04-07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-07-31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009-11-24 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ActivateMe
[2009-09-15 17:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007-02-09 14:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009-08-30 19:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2008-07-25 16:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ValuSoft
[2005-07-05 11:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009-08-02 11:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005-10-10 19:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\.bittorrent
[2009-11-24 00:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\Azureus
[2009-08-11 21:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\Belastingdienst
[2010-07-26 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\GrabIt
[2009-09-04 22:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\ICAClient
[2009-10-21 07:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\InterVideo
[2006-06-24 21:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\Leadertech
[2008-02-12 23:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\LimeWirePlus
[2009-08-02 10:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\Red Chair Software
[2006-11-10 04:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Witter\Application Data\Shareaza

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-07-19 2314 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-07-25 22:45:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-08-04 10:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007-05-31 14:54:58 | 000,000,238 | ---- | M] () -- C:\CDFE.log
[2006-04-27 17:09:00 | 000,000,832 | ---- | M] () -- C:\CLIEOP03.TXT
[2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- C:\cmldr
[2010-07-25 23:01:18 | 000,012,007 | ---- | M] () -- C:\ComboFix.txt
[2010-01-15 00:58:58 | 3755,673,100 | ---- | M] () -- C:\flaskOut.avi
[2010-07-26 20:51:02 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2008-03-08 20:05:27 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2005-09-16 11:52:42 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2006-09-06 14:04:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-06-06 23:12:59 | 000,004,571 | ---- | M] () -- C:\kl2log.htm
[2007-12-29 03:46:18 | 000,000,448 | ---- | M] () -- C:\lxcg.log
[2007-05-31 14:54:50 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv
[2007-05-31 14:55:33 | 000,001,004 | ---- | M] () -- C:\LXCGINST.csv
[2007-12-29 03:46:20 | 000,003,883 | ---- | M] () -- C:\lxcgscan.log
[2007-12-29 03:47:26 | 001,208,387 | ---- | M] () -- C:\lxcgunst.csv
[2006-09-06 14:04:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 10:00:00 | 000,047,564 | -HS- | M] () -- C:\NTDETECT.COM
[2004-08-04 10:00:00 | 000,251,184 | -HS- | M] () -- C:\NTLDR
[2004-02-29 17:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
[2010-07-26 20:50:56 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010-06-11 23:55:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-06-21 22:50:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-07-18 20:37:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-07-18 22:02:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-07-21 21:06:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-07-21 21:11:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-07-21 21:12:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010-07-23 14:58:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010-07-23 19:59:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010-07-23 22:06:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010-07-23 23:16:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010-07-25 20:33:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010-07-25 22:34:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010-07-25 23:14:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010-07-26 00:39:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010-07-26 00:41:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010-07-26 00:57:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010-07-26 20:48:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010-06-07 21:52:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010-06-11 23:47:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-06-11 23:55:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-06-21 22:50:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-07-18 20:37:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-07-18 22:02:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-07-21 21:06:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-07-21 21:11:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-07-21 21:12:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010-07-23 14:58:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010-07-23 19:59:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010-07-23 22:06:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010-07-23 23:16:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010-07-25 20:33:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010-07-25 22:34:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010-07-25 23:14:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010-07-26 00:39:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010-07-26 00:41:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010-07-26 00:57:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010-07-26 20:48:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010-06-07 21:52:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010-06-11 23:47:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006-01-10 17:35:17 | 000,001,368 | ---- | M] () -- C:\statusclient.log
[2005-10-31 1700 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010-01-15 01:02:18 | 000,000,904 | ---- | M] () -- C:\TriceraLog.log
[2001-05-24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004-04-15 21:43:08 | 000,061,952 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041 .DLL
[2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004-09-08 15:04:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-09-08 15:04:22 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-09-08 15:04:22 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007-03-08 17:39:10 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=CB18F701A5D55A6308FAB8D18322C060 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004-08-04 10:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=06EBCBE58321E924980148B7E3DBD753 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004-08-04 10:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=3B728289DFA923A2C12BE827382C2DB1 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

OTL Extras logfile created on: 26-7-2010 21:43:48 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Richard Witter\Bureaublad
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 29,06 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 931,51 Gb Total Space | 823,83 Gb Free Space | 88,44% Space Free | Partition Type: NTFS

Computer Name: PC223683069916
Current User Name: Richard Witter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"49869:UDP" = 49869:UDP:*:Enabledoort 49869
"28340:UDP" = 28340:UDP:*:Enabledoort 28340
"28340:TCP" = 28340:TCP:*:Enabledoort 28340 2
"49869:TCP" = 49869:TCP:*:Enabled:POORT 49869

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer Plus -- (RealNetworks, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe" = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68FF1199-3946-4413-A69A-4C920A067C5C}" = Microsoft Works Suite-invoegtoepassing Microsoft Word
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
"{80EF444D-E4DB-4978-9BDE-CB6DED7DEE85}" = GameShadow
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BD35570-F24B-4763-B8CD-42F93543D1E7}" = BlueSoleil 2.3.2.3 Release
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91CA0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Editie 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}" = Windows Live Messenger
"{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
"{A7A66CF3-3DB6-4150-87B1-D380869B8807}" = Championship Manager 2006
"{AC76BA86-7AD7-1043-7B44-A70500000002}" = Adobe Reader 7.0.8 - Nederlands
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{C2476360-D377-4052-A4AF-93A2EB0AB610}" = Movavi Video Converter 9
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C745447C-4000-4339-9C64-60EF550E839A}" = Microsoft Works
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED10343F-D30A-4200-9B00-665FC45F52B4}" = ArcSoft VideoImpression 1.6
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = ATI - Software-verwijderprogramma
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_30821 03C" = Conexant Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-97 Audio
"Everest Poker" = Everest Poker (Remove Only)
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"KaraFun_is1" = KaraFun 1.18
"Karaoke Song List Creator Professional KJ Edition" = Karaoke Song List Creator Professional KJ Edition
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Packard Bell Software Suite" = Packard Bell Software Suite
"PartyPokerNet" = PartyPokerNet
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PokerStars" = PokerStars
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SwiftElite40" = Swift Elite 4 Release 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TestPokerStars.com" = TestPokerStars.com
"Toernooiplanner_is1" = Toernooiplanner versie 1.0
"Trust 120 SpaceCam" = Trust 120 SpaceCam
"Tweak UI 2.10" = Tweak UI
"Verzoek of wijziging voorlopige aanslag 2009" = Verzoek of wijziging voorlopige aanslag 2009
"VST Bridge_is1" = VST Bridge 1.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Works2005Setup" = Microsoft Works 2005 Setup starten
"WorldPokerTour" = WorldPokerTour
"WYSIWYG_Web_Builder_6" = WYSIWYG Web Builder 6
"Zingamp Karaoke_is1" = Zingamp Karaoke 1.0.3
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18-7-2010 15:58:02 | Computer Name = PC223683069916 | Source = WmiAdapter | ID = 4099
Description = Kan service niet openen.

Error - 18-7-2010 15:58:07 | Computer Name = PC223683069916 | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 18-7-2010 15:58:08 | Computer Name = PC223683069916 | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 18-7-2010 15:58:46 | Computer Name = PC223683069916 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: SkypeSetup.exe, versie: 4.2.0.169, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 21-7-2010 14:46:12 | Computer Name = PC223683069916 | Source = WmiAdapter | ID = 4099
Description = Kan service niet openen.

Error - 23-7-2010 5:42:11 | Computer Name = PC223683069916 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: 6p50w6tc.exe, versie: 1.0.15.15281, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 23-7-2010 5:42:14 | Computer Name = PC223683069916 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: 6p50w6tc.exe, versie: 1.0.15.15281, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 23-7-2010 5:44:07 | Computer Name = PC223683069916 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: 6p50w6tc.exe, versie: 1.0.15.15281, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 23-7-2010 625 | Computer Name = PC223683069916 | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: 6p50w6tc.exe, versie: 1.0.15.15281, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 25-7-2010 17:01:43 | Computer Name = PC223683069916 | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: bluesoleil.exe, versie: 2.3.0.0, vastgelopen
module: mfc42.dll, versie: 6.2.4131.0, vastgelopen op: 0x000011c7.

[ System Events ]
Error - 26-7-2010 14:29:48 | Computer Name = PC223683069916 | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 26-7-2010 14:29:53 | Computer Name = PC223683069916 | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 26-7-2010 14:30:00 | Computer Name = PC223683069916 | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 26-7-2010 14:30:06 | Computer Name = PC223683069916 | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 26-7-2010 14:51:58 | Computer Name = PC223683069916 | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 26-7-2010 14:52:51 | Computer Name = PC223683069916 | Source = Service Control Manager | ID = 7023
Description = De HID Input Service-service is gestopt met de volgende foutcode:
%%126.

Error - 26-7-2010 14:53:15 | Computer Name = PC223683069916 | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: Cdrom PxHelp20

Error - 26-7-2010 14:57:09 | Computer Name = PC223683069916 | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1058' bij het starten van de LiveUpdate-service
met de argumenten '' om de server {03E0E6C2-363B-11D3-B536-00902771A435} te starten

Error - 26-7-2010 15:44:21 | Computer Name = PC223683069916 | Source = SRService | ID = 104
Description = Het initialisatieproces van Systeemherstel is mislukt.

Error - 26-7-2010 15:44:21 | Computer Name = PC223683069916 | Source = Service Control Manager | ID = 7023
Description = De System Restore-service-service is gestopt met de volgende foutcode:
%%2.


< End of report >