Active Windows Explorer crashes, AV software disabled - caused by virus?

Looks as if you have provided a report from the Uniblue Registry Booster program.

Please be aware that the usage of Registry cleaning tools is not something recommended, for the following reasons:

• Registry tools can cause irreparable damage to an Operating System. This could include making the computer inoperable.
• These programs generally only delete "orphaned" or "dead" entries. This merely removes entries that point to files that no longer exist on your computer. Registry entries do not take up a significant amount of hard drive space. The program itself (and its own registry entries) likely occupy relatively more space.
• The amount of improvement in performance you gain is minimal.

Miekiemoes, an Expert in the malware arena, has created a excellent blog on Registry cleaners and other tweaking tools and why they are so dangerous. She also explains what they are, and what they do: Registry Cleaners and System Tweaking Tools

However, if you feel that you can use this tool safely, it is your choice to do so.



As far as the RSIT report provided, please do the following:

Please launch Notepad (Start > All Programs >Accessories > Notepad)
Copy/paste all the text inside the code box below to Notepad

Code:

@echo off
sc config IKB start= disabled
sc stop IKB
sc delete IKB
sc config IOY start= disabled
sc stop IOY
sc delete IOY
sc config SCFEUP start= disabled
sc stop SCFEUP
sc delete SCFEUP
sc config XHIDYIL start= disabled
sc stop XHIDYIL
sc delete XHIDYIL
sc config YE start= disabled
sc stop YE
sc delete YE
sc config YETHHYOX start= disabled
sc stop YETHHYOX
sc delete YETHHYOX
sc config YLL start= disabled
sc stop YLL
sc delete YLL
Exit

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: fixsvc.bat
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on fixsvc.bat
A window should open and close. That is fine.


Restart your computer.

Now, please run RSIT once again, and post the new log.txt in your reply.

 

How is it going here?

Do you have any questions?

 

hi aaflac,
Sorry for not responding a couple days. Because of ascension day we had some free days. But now i am goining to work hard and tying to follow your lead

 

everthing goes well. But when i restart my computer, the program is not responding.
the computer can´t shutdown.

 

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pc at 2009-05-25 11:58:42
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 12 GB (30%) free of 40 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:48, on 25-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Pc\Desktop\RSIT.exe
C:\Program Files\trend micro\Pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Startup: Canon IJ Status Monitor Canon MP520 series Printer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: APUP - Unknown owner - C:\Users\Pc\AppData\Local\Temp\APUP.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5790 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc "=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD "=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"CanonSolutionMenu "=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter "=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"zBrowser Launcher "=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
"NvSvc "=C:\Windows\system32\nvsvc.dll [2007-09-11 86016]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2007-09-11 8497696]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2007-09-11 81920]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2009-03-16 24095528]
"LDM "=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-08-14 16384]
"Uniblue RegistryBooster 2009 "=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Canon IJ Status Monitor Canon MP520 series Printer.lnk - C:\Windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA "=0
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-05-19 13:05:00 ----D---- C:\rsit
2009-05-19 13:05:00 ----D---- C:\Program Files\trend micro
2009-05-18 14:15:57 ----SHD---- C:\$RECYCLE.BIN
2009-05-18 14:02:23 ----A---- C:\Windows\system32\CF9621.exe
2009-05-18 14:02:07 ----D---- C:\32788R22FWJFW
2009-05-18 13:59:27 ----A---- C:\Windows\system32\CF9047.exe
2009-05-18 13:58:07 ----A---- C:\Windows\system32\CF8782.exe
2009-05-18 13:57:59 ----A---- C:\Bug.txt
2009-05-18 13:57:57 ----A---- C:\Windows\system32\cmd.execf
2009-05-18 13:39:57 ----A---- C:\Windows\zip.exe
2009-05-18 13:39:57 ----A---- C:\Windows\vFind.exe
2009-05-18 13:39:57 ----A---- C:\Windows\SWXCACLS.exe
2009-05-18 13:39:57 ----A---- C:\Windows\SWSC.exe
2009-05-18 13:39:57 ----A---- C:\Windows\SWREG.exe
2009-05-18 13:39:57 ----A---- C:\Windows\sed.exe
2009-05-18 13:39:57 ----A---- C:\Windows\NIRCMD.exe
2009-05-18 13:39:57 ----A---- C:\Windows\grep.exe
2009-05-18 13:39:43 ----D---- C:\Windows\ERDNT
2009-05-18 13:39:43 ----D---- C:\ComboFix
2009-05-18 13:39:42 ----A---- C:\Windows\system32\swsc.exe
2009-05-18 13:39:42 ----A---- C:\Windows\system32\CF5174.exe
2009-05-18 13:39:35 ----D---- C:\Qoobox
2009-05-11 22:32:26 ----D---- C:\Program Files\UltraVNC
2009-05-11 19:30:36 ----A---- C:\Windows\ntbtlog.txt
2009-05-11 19:01:28 ----D---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-05-11 19:00:56 ----D---- C:\temp
2009-05-11 18:57:26 ----A---- C:\Windows\system32\aswBoot.exe
2009-05-11 18:57:25 ----D---- C:\Program Files\Alwil Software
2009-05-11 18:41:11 ----D---- C:\Program Files\HijackThis
2009-05-11 18:40:11 ----D---- C:\Program Files\CCleaner

 

2009-05-04 20:09:22 ----A---- C:\Windows\system32\DLAAPI_W.DLL
2009-05-04 20:09:22 ----A---- C:\Windows\DLA.EXE
2009-05-04 20:09:18 ----D---- C:\Windows\system32\DLA
2009-05-04 20:09:18 ----A---- C:\Windows\wininit.ini
2009-05-04 20:05:49 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-05-04 19:58:08 ----D---- C:\Program Files\Roxio
2009-05-04 19:58:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-05-04 19:57:54 ----D---- C:\Program Files\Common Files\Roxio Shared

======List of files/folders modified in the last 1 months======

2009-05-25 11:58:42 ----D---- C:\Windows\Temp
2009-05-25 11:57:09 ----HD---- C:\ProgramData
2009-05-25 11:10:12 ----SHD---- C:\Windows\Installer
2009-05-25 11:10:12 ----RD---- C:\Program Files
2009-05-18 14:02:23 ----D---- C:\Windows\System32
2009-05-18 14:02:22 ----D---- C:\Windows\system32\nl-NL
2009-05-18 13:58:07 ----D---- C:\Windows\system32\drivers
2009-05-18 13:57:34 ----D---- C:\Windows
2009-05-18 13:57:34 ----A---- C:\Windows\system.ini
2009-05-18 13:44:06 ----D---- C:\Windows\AppPatch
2009-05-18 13:44:05 ----D---- C:\Program Files\Common Files
2009-05-16 14:45:16 ----D---- C:\Windows\system32\catroot2
2009-05-14 18:52:08 ----D---- C:\Windows\Minidump
2009-05-11 19:48:32 ----D---- C:\Windows\inf
2009-05-11 19:48:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-11 19:01:28 ----RD---- C:\Users
2009-05-11 18:42:22 ----D---- C:\Windows\system32\LogFiles
2009-05-11 18:42:17 ----D---- C:\Windows\Debug
2009-05-11 18:38:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-11 18:37:57 ----D---- C:\Program Files\CyberLink
2009-05-11 18:37:20 ----D---- C:\Windows\Lhsp
2009-05-04 22:18:15 ----D---- C:\Windows\system32\Tasks
2009-05-04 21:27:22 ----D---- C:\Windows\Logs
2009-05-04 20:12:44 ----SHD---- C:\System Volume Information
2009-05-04 20:01:06 ----SD---- C:\Windows\Downloaded Program Files
2009-05-04 20:00:43 ----RSD---- C:\Windows\Fonts
2009-05-04 19:51:55 ----D---- C:\Windows\Prefetch
2009-05-01 12:58:56 ----D---- C:\Program Files\EA GAMES
2009-04-27 19:03:34 ----D---- C:\Windows\system32\Msdtc
2009-04-27 19:03:33 ----D---- C:\Windows\system32\wbem
2009-04-27 19:02:48 ----D---- C:\Windows\system32\config
2009-04-27 19:02:32 ----D---- C:\Windows\Tasks
2009-04-27 19:02:32 ----D---- C:\Windows\system32\spool
2009-04-27 19:02:28 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-05-15 38576]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9432]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
R3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-11 7623968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-05-15 118576]
S3 catchme;catchme; \??\C:\Users\Pc\AppData\Local\Temp\catchme.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-03 166648]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-03 310008]
S3 APUP;APUP; C:\Users\Pc\AppData\Local\Temp\APUP.exe []
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S4 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-03 887544]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

 

nfo.txt logfile of random's system information tool 1.06 2009-05-19 13:10:40

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\NuNInst.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Aangifte inkomstenbelasting 2008-->C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2008\ib2008u.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Canon MP Navigator EX 1.0--> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series--> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0013
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Foxit Reader-->D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gebruikersregistratie voor Canon MP520 series-->C:\Program Files\Canon\IJEREG\MP520 series\UNINST.EXE
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LEGO Star Wars Demo Disc-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F7D1D93A-B17A-41F8-9070-0B2A544C6165} /l1043
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x13 UNINSTALL
Logitech iTouch-software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x13 UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB929729)--> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0413-0000-0000000FF1CE}
Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
Microsoft Photo Premium 10--> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2005 Setup starten-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1043}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PunkBuster for Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0013 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x13
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio RecordNow 9 Music Lab Premier-->MsiExec.exe /I{71C874D6-617C-4DE0-8A72-A756A5E9AEE9}
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}
Sony Ericsson PC Suite-->C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}
Uniblue RegistryBooster 2009--> "C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live Mail-->MsiExec.exe /I{B38B1F86-8202-482F-A289-A4806DFA498D}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC_van_Pc
Event Code: 6
Message: Bestandssysteemfilter 'AvgMfx86' (6.0, 2009-02-24T11:31:56.000Z) is geladen en bij Filterbeheer geregistreerd.
Record Number: 191442
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090511115709.375000-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEEM

Computer Name: PC_van_Pc
Event Code: 6008
Message: De vorige afsluiting van het systeem om 13:28:51 op 11-5-2009 is onverwacht gebeurd.
Record Number: 191443
Source Name: EventLog
Time Written: 20090511115738.000000-000
Event Type: Fout
User:

Computer Name: PC_van_Pc
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.00. 6001 Service Pack 1 Multiprocessor Free.
Record Number: 191444
Source Name: EventLog
Time Written: 20090511115738.000000-000
Event Type: Informatie
User:

Computer Name: PC_van_Pc
Event Code: 6005
Message: De Event Log-service is gestart.
Record Number: 191445
Source Name: EventLog
Time Written: 20090511115738.000000-000
Event Type: Informatie
User:

Computer Name: PC_van_Pc
Event Code: 6013
Message: Het systeem is 38 seconden in gebruik.
Record Number: 191446
Source Name: EventLog
Time Written: 20090511115738.000000-000
Event Type: Informatie
User:

=====Application event log=====

Computer Name: PC_van_Pc
Event Code: 8210
Message: Het geplande herstelpunt kan niet worden gemaakt. Aanvullende gegevens: (0x81000101).
Record Number: 80803
Source Name: System Restore
Time Written: 20090519105643.000000-000
Event Type: Fout
User:

Computer Name: PC_van_Pc
Event Code: 6000
Message: De kennisgevingssubscriber van winlogon <SessionEnv> was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken.
Record Number: 80804
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090519110240.000000-000
Event Type: Informatie
User:

Computer Name: PC_van_Pc
Event Code: 1
Message: Client van Certificate Services is gestart.
Record Number: 80805
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090519110240.109063-000
Event Type: Informatie
User: PC_van_Pc\Pc

Computer Name: PC_van_Pc
Event Code: 1000
Message: Er is een aanvraag van een apparaat of programma. Apparaat of programma: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe. Berichttitel: Microsoft Visual C++ Runtime Library.
Record Number: 80806
Source Name: Interactive Services detection
Time Written: 20090519110244.000000-000
Event Type: Informatie
User:

Computer Name: PC_van_Pc
Event Code: 6000
Message: De kennisgevingssubscriber van winlogon <SessionEnv> was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken.
Record Number: 80807
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090519110247.000000-000
Event Type: Informatie
User:

=====Security event log=====

Computer Name: PC_van_Pc
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 89930
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519110508.624688-000
Event Type: Controle mislukt
User:

Computer Name: PC_van_Pc
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 89931
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519110508.655938-000
Event Type: Controle mislukt
User:

Computer Name: PC_van_Pc
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 89932
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519110508.671563-000
Event Type: Controle mislukt
User:

Computer Name: PC_van_Pc
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 89933
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519110508.702813-000
Event Type: Controle mislukt
User:

Computer Name: PC_van_Pc
Event Code: 5038
Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 89934
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090519110508.718438-000
Event Type: Controle mislukt
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION "=0f0d
"NUMBER_OF_PROCESSORS "=2
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

 

hope that i did it right this time

 

elsje,

The dubious services are gone from the report. Good job!!

See if you can download ComboFix and run it. Refer to Post #5 for instructions, however, delete the existing CF file on the Desktop, and also delete the C:\ComboFix folder. Then, download a fresh copy of ComboFix following the instructions already provided.

Let's see if it works now...

 

aaflac,

What do you mean by: Refer to Post #5 for instructions?

Is it a time code?

 

i delete the existing CF and dowload a fresh copy and run the program,
CF want to restart the computer, but still the computer don't respont.
If i want to shutdown (or restart) the computer i have to shutdown the eletic power
swich.
I hope the program still works after that.

 

ComboFix 09-05-25.A2 - Pc 26-05-2009 17:45.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2047.1246 [GMT 2:00]
Gestart vanuit: c:\users\Pc\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pc\AppData\Local\Temp\catchme.dll
.
---- Voorgaande Run -------
.
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1001\$IFZOFLV.jpg
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1001\$RFZOFLV.jpg
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$IJ0OD70.jpg
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\carma2.exe
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\CARMA2_HW.EXE
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\CARMA2_HW.icd
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\CARMA2_SW.EXE
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\CARMA2_SW.icd
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\Carstockalypse.exe
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\clcd16.dll
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\clcd32.dll
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\clokspl.exe
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\32X20X8\Fonts\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\32X20X8\Fonts\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\32X20X8\Fonts\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\64x48x8\FONTS\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\64x48x8\FONTS\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\64x48x8\FONTS\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\32X20X8\Fonts\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\32X20X8\Fonts\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\32X20X8\Fonts\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\64x48x8\FONTS\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\64x48x8\FONTS\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\64x48x8\FONTS\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\data\OPPONENT.OLD
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\OPPONENT.OLD
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\32X20X8\Fonts\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\32X20X8\Fonts\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\32X20X8\Fonts\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\64x48x8\FONTS\BIGFONT.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\64x48x8\FONTS\FONT7.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\64x48x8\FONTS\HEADUP.FNT
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\data\sound\data\OPPONENT.OLD
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\dplayerx.dll
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\Icon.ico
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\IFORCE2.dll
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\SMACKW32.DLL
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RC2URTB.2\Uninst.isu
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1002\$RJ0OD70.jpg
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$I09PK5U.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$I28XRO9.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$I3FWJXQ.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IA2NAB5.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IAKTKGS.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IDWA7QH.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IECBR0N.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IEF6B56.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IFH6G73.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IL7ECHT.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$ILJSRP5.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IQ69H9S.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$ISL78D4.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$ISUJ6B7.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IT6IYRN.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IUBDPEQ.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IV0Z65G.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IW9WU2Y.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IWBJS0T.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IWE3TRU.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$IYO0IS2.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$R09PK5U.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$R28XRO9.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$R3FWJXQ.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RA2NAB5.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RAKTKGS.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RDWA7QH.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RECBR0N.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$REF6B56.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RFH6G73.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RL7ECHT.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RLJSRP5.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RQ69H9S.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RSL78D4.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RSUJ6B7.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RT6IYRN.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RUBDPEQ.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RV0Z65G.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RW9WU2Y.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RWBJS0T.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RWE3TRU.JPG
c:\$recycle.bin\S-1-5-21-1567117089-719330088-941242685-1003\$RYO0IS2.JPG
c:\users\Pc\AppData\Local\Temp\catchme.dll
c:\windows\system32\mfc70.dll

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://sunmicro.ht.rd.llnw.net
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-26 to 2009-05-26 ))))))))))))))))))))))))))))))
.

2009-05-26 15:48 . 2009-05-26 15:48 -------- d-----w c:\users\Roelof\AppData\Local\temp
2009-05-26 15:48 . 2009-05-26 15:48 -------- d-----w c:\users\Kilian\AppData\Local\temp
2009-05-26 15:48 . 2009-05-26 15:48 -------- d-----w c:\users\Joran\AppData\Local\temp
2009-05-19 11:05 . 2009-05-25 09:58 -------- d-----w c:\program files\trend micro
2009-05-19 11:05 . 2009-05-19 11:10 -------- d-----w C:\rsit
2009-05-11 20:32 . 2009-05-11 20:55 -------- d-----w c:\program files\UltraVNC
2009-05-11 17:01 . 2009-05-26 15:34 -------- d-----w c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-05-11 17:01 . 2009-05-11 17:01 -------- d-----w c:\users\ReleaseEngineer.MACROVISION
2009-05-11 17:00 . 2009-05-11 17:00 -------- d-----w C:\temp
2009-05-11 17:00 . 2008-08-14 12:52 24576 ----a-w c:\temp\IadHide3.dll
2009-05-11 16:57 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-11 16:57 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-11 16:57 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-11 16:57 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-11 16:57 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-11 16:57 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-11 16:57 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-11 16:57 . 2009-05-11 16:57 -------- d-----w c:\program files\Alwil Software
2009-05-11 16:40 . 2009-05-11 16:40 -------- d-----w c:\program files\CCleaner
2009-05-07 12:04 . 2007-05-21 20:00 55296 ----a-w c:\users\Pc\cnmss Canon MP520 series Printer (Local).dll
2009-05-04 19:26 . 2009-05-04 19:26 -------- d-----w c:\users\Roelof\AppData\Roaming\Roxio
2009-05-04 19:26 . 2009-05-04 19:26 -------- d-----w c:\users\Roelof\AppData\Local\Roxio
2009-05-04 18:16 . 2009-05-04 18:16 -------- d-----w c:\users\Pc\AppData\Local\Roxio
2009-05-04 18:09 . 2007-02-09 10:34 51768 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS
2009-05-04 18:09 . 2007-02-08 18:05 28120 ----a-w c:\windows\system32\drivers\DLARTL_M.SYS
2009-05-04 18:09 . 2007-02-08 18:05 12856 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS
2009-05-04 18:09 . 2006-10-26 14:21 56056 ----a-w c:\windows\system32\DLAAPI_W.DLL
2009-05-04 18:09 . 2006-10-26 14:21 92920 ----a-w c:\windows\DLA.EXE
2009-05-04 18:09 . 2006-07-21 09:21 99176 ----a-w c:\windows\system32\drivers\DRVMCDB.SYS
2009-05-04 18:09 . 2009-05-04 18:15 -------- d-----w c:\windows\system32\DLA
2009-05-04 18:05 . 2009-05-04 18:05 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-04 17:58 . 2009-05-11 16:47 -------- d-----w c:\program files\Roxio
2009-05-04 17:58 . 2009-05-04 18:05 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-04 17:57 . 2009-05-04 18:01 -------- d-----w c:\program files\Common Files\Roxio Shared

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 09:06 . 2008-01-26 06:27 126088 ----a-w c:\users\Roelof\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-11 17:48 . 2006-11-02 16:11 680172 ----a-w c:\windows\system32\perfh013.dat
2009-05-11 17:48 . 2006-11-02 16:11 132614 ----a-w c:\windows\system32\perfc013.dat
2009-05-11 17:31 . 2008-01-24 13:58 2032 ----a-w c:\users\Pc\AppData\Local\d3d9caps.dat
2009-05-11 16:55 . 2008-01-24 13:58 126088 ----a-w c:\users\Pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-11 16:38 . 2008-01-24 14:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 16:37 . 2008-01-24 14:19 -------- d-----w c:\program files\CyberLink
2009-05-03 20:54 . 2008-08-20 15:45 0 ----a-w c:\users\Roelof\AppData\Local\prvlcl.dat
2009-05-01 10:58 . 2008-04-04 14:23 -------- d-----w c:\program files\EA GAMES
2009-05-01 10:58 . 2008-04-04 14:29 1618 ----a-w c:\windows\eReg.dat
2009-04-25 11:02 . 2009-04-25 11:02 -------- d-----w c:\program files\USB 2.0 Flash Drive
2009-04-18 19:09 . 2009-04-15 13:04 -------- d-----w c:\program files\Microsoft Works Suite 2005
2009-04-10 11:15 . 2008-01-26 15:43 110704 ----a-w c:\users\Joran\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 14:40 . 2008-07-07 11:09 -------- d-----w c:\program files\Microsoft Picture It! 10
2009-04-06 19:23 . 2008-01-28 11:48 110704 ----a-w c:\users\Kilian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-02 23:12 . 2009-04-02 23:12 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-17 03:38 . 2009-04-18 19:16 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-18 19:16 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-18 19:16 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-18 19:16 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-18 19:16 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-18 19:16 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-18 19:16 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-18 19:16 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-18 19:16 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-18 19:16 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-18 19:16 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-18 19:16 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-18 19:16 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-18 19:16 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-18 19:16 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-12-19 08:50 . 2008-04-10 09:20 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 08:50 . 2008-04-10 09:20 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 08:50 . 2008-04-10 09:20 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 08:50 . 2008-04-10 09:20 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 08:50 . 2008-04-10 09:20 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-14 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc "= "c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD "= "c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"zBrowser Launcher "= "c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2007-09-11 86016]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-09-11 8497696]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-09-11 81920]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon MP520 series Printer.lnk - c:\windows\system32\rundll32.exe [2006-11-2 44544]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-8-14 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1567117089-719330088-941242685-1000]
"EnableNotificationsRef "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C09EA1DF-5DAC-4128-80E1-FA5AF422FC83}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe "= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"UDP Query User{15686537-386B-4FBA-A4CB-F994644617C7}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe "= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"{0F736C85-1495-444C-B7A3-5A053121D9FA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6DFD70CD-2C92-4ACA-9005-E88DD2A112E6}c:\\program files\\windows live\\messenger\\msnmsgr.exe "= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{3C77F35A-61B8-47FC-AC9B-2D3A43471AFF}c:\\program files\\windows live\\messenger\\msnmsgr.exe "= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{01DE6367-276B-491F-9989-5FC4C5B27AD3}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe "= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"UDP Query User{3CFD6E9B-E51F-4616-8DF9-AC30DB8B884F}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe "= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11-5-2009 18:57 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11-5-2009 18:57 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11-5-2009 18:57 51792]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SafeBoot-procexp90.Sys


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = localhost
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.allow_platform_file_picker ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.urlbar.hideGoButton ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "signon.prefillForms ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.enabled ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.remoteLookups ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.updateURL ", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}& ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.lookupURL ", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}& ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.reportURL ", "http://sb.google.com/safebrowsing/report? ");
.

**************************************************************************
scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5988)
c:\temp\IadHide3.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\UI0Detect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\combofix\hidec.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Voltooingstijd: 2009-05-26 18:30 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-26 16:29

Pre-Run: 12.423.798.784 bytes beschikbaar
Post-Run: 13.324.910.592 bytes beschikbaar

297 --- E O F --- 2009-05-01 08:03

 

checked the meaning of #5. I understand that it is the 5th post from this `confersation`

 

After running ComboFix, are you still having problems with this?

 

Are you sure UPHClean v1.6d works on Windows Vista?



When looking at the CF report, the header section does not reflect that Avast is installed. It only shows Windows Defender.

There may be some WMI issues here, and causing the current problem.

 

UPHClean didnt work. Troubles with downloading the program.

 

the setup is the download folder. But when installing the program it dont work.
there is still a message "please wait ".

 

As it stands right now, malware does not appear on the report provided, and it looks as if any current issue will not be addressed by malware and virus removal tools.

A repair of the Operating System, using the Vista Recovery Environment, is an option that may take care of the current problem.

If there is a Windows Management Instrumentation (WMI) issue, and you wish to address it, the Window Vista forum would be the best place to continue troubleshooting.

It is up to you if you wish to pursue a Vista repair, or do something else. Let us know...