Hard Drive Diagnostic - Vista doesn't open MBAM after restart

View previous topic View next topic Go down

Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Tue Dec 28, 2010 3:35 pm

As I replied to your "Remove Hard Drive Diagnostic [Removal Guide]", I'm using Windows Vista Home Premium (Windows Task Manager).
At step 12 I got a message all selected items did get successfully removed instead of certain items could not be removed. A log file had been saved. Did I want to restart the computer to complete the process? - Yes.
After restart I noticed my background was still black although I was in Normal Mode now instead of Safe Mode with Networking and also that the shortcut Hard Disk Diagnostic had made on my desktop was still there but its layout (the picture) had changed. The Hard Disk Diagnostic Window did not open automatically, but neither did MBAM.
I did get a message on my system tray some programs were blocked. As administrator I gave permission to run MBAM... Nothing happened: MBAM didn't open, I didn't get any log,... Only thing that seemed to have changed (since giving permission) was the icon in the system tray telling me some programs were blocked: it was gone??? I decided to dubbelclick on MBAM's shortcut on the desktop, gave permission, than MBAM's main program just showed up...

OTL.Txt:
OTL logfile created on: 28/12/2010 14:31:01 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Anneke\Desktop\Hard Drive Diagnostic\Oplossing 2 (GeekPolice)\After-oplossingsprocedure 2\Download OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 98,27 Gb Free Space | 66,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 248,53 Gb Free Space | 83,37% Space Free | Partition Type: NTFS
Drive F: | 147,73 Gb Total Space | 131,03 Gb Free Space | 88,69% Space Free | Partition Type: NTFS

Computer Name: ANNEKES | User Name: Anneke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 22:49:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Anneke\Desktop\Hard Drive Diagnostic\Oplossing 2 (GeekPolice)\After-oplossingsprocedure 2\Download OTL\OTL.com
PRC - [2010/09/09 11:20:43 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/21 15:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 15:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/10 14:36:14 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/01 16:10:14 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/08 09:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 09:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/26 14:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 09:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/22 10:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/04/18 18:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008/04/18 18:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/04/17 09:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/16 15:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/04/14 22:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/04/11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/04/08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/31 18:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/03/19 12:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/25 12:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 14:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/09 09:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/12/05 09:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/26 09:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/28 15:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/08/15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 21:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/13 06:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/27 22:49:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Anneke\Desktop\Hard Drive Diagnostic\Oplossing 2 (GeekPolice)\After-oplossingsprocedure 2\Download OTL\OTL.com
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/17 12:27:36 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/09/09 11:20:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/09 14:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 09:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/26 09:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/11/07 08:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Stuurprogramma voor Intel(R)
DRV - [2008/04/23 16:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/09 17:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/08 01:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/19 10:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/02/15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/06 17:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/02 11:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/22 05:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 05:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 05:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 05:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 08:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/01/07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} [You must be registered and logged in to see this link.] (Apparaatdetectie)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.4 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Users\Anneke\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anneke\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cb51373c-a96b-11df-82cb-00037a94394a}\Shell - "" = AutoRun
O33 - MountPoints2\{cb51373c-a96b-11df-82cb-00037a94394a}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 13:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/12/28 13:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/12/28 13:48:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/12/28 12:32:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/12/24 14:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010/12/22 11:15:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/22 11:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/22 11:15:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/12/21 12:56:01 | 000,000,000 | ---D | C] -- C:\Users\Anneke\AppData\Roaming\Malwarebytes
[2010/12/21 12:53:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/21 12:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/21 12:53:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/21 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/20 12:55:54 | 007,622,280 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anneke\Desktop\mbam-setup.exe
[2010/12/19 15:19:54 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anneke\Desktop\AlvorensHDDTDSSKiller.com.exe
[2010/12/19 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\Anneke\Desktop\Hard Drive Diagnostic
[2010/12/17 11:39:10 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/17 11:39:07 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/17 11:39:05 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/17 11:39:04 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/17 11:39:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/17 11:38:59 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/17 11:38:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/17 11:38:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/17 11:38:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/17 11:38:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/17 11:38:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/17 11:38:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/17 11:38:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/17 11:38:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/17 11:38:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/17 11:38:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/17 11:38:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/17 11:38:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/17 11:38:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/17 11:38:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/17 11:38:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/17 11:38:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/17 11:38:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/17 11:38:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/17 11:38:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/17 11:38:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/06 15:57:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sst3B3E.sys
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/28 14:33:04 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CD84C335-872B-4F86-81AE-25F3500FCE74}.job
[2010/12/28 14:19:00 | 000,667,352 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/12/28 14:19:00 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/28 14:19:00 | 000,126,854 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/12/28 14:19:00 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/28 14:15:03 | 000,026,471 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/12/28 14:14:19 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 14:12:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 14:12:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 14:12:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 14:11:58 | 3219,128,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 13:54:30 | 000,391,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/28 13:37:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 22:31:39 | 000,020,970 | ---- | M] () -- C:\Users\Anneke\.recently-used.xbel
[2010/12/21 12:53:24 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 15:30:58 | 000,000,680 | ---- | M] () -- C:\Users\Anneke\AppData\Local\d3d9caps.dat
[2010/12/20 14:44:27 | 000,660,787 | ---- | M] () -- C:\Users\Anneke\Desktop\iExplore.exe
[2010/12/20 12:55:54 | 007,622,280 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anneke\Desktop\mbam-setup.exe
[2010/12/19 15:19:58 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anneke\Desktop\AlvorensHDDTDSSKiller.com.exe
[2010/12/06 15:58:41 | 000,000,792 | ---- | M] () -- C:\Users\Anneke\Desktop\Hard Drive Diagnostic.lnk
[2010/12/06 15:58:31 | 000,082,944 | ---- | M] () -- C:\Windows\System32\drivers\sst195D.sys
[2010/12/06 15:57:38 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sst3B3E.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 22:31:39 | 000,020,970 | ---- | C] () -- C:\Users\Anneke\.recently-used.xbel
[2010/12/21 15:26:53 | 3219,128,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/21 12:53:24 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 14:44:23 | 000,660,787 | ---- | C] () -- C:\Users\Anneke\Desktop\iExplore.exe
[2010/12/06 15:58:41 | 000,000,792 | ---- | C] () -- C:\Users\Anneke\Desktop\Hard Drive Diagnostic.lnk
[2010/12/06 15:58:31 | 000,082,944 | ---- | C] () -- C:\Windows\System32\drivers\sst195D.sys
[2010/05/27 19:23:28 | 000,000,680 | ---- | C] () -- C:\Users\Anneke\AppData\Local\d3d9caps.dat
[2010/02/12 21:59:32 | 000,000,179 | ---- | C] () -- C:\Users\Anneke\AppData\Roaming\setup.log
[2010/02/12 21:59:31 | 000,000,760 | ---- | C] () -- C:\Users\Anneke\AppData\Roaming\setup_ldm.iss
[2009/12/08 14:55:01 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/18 22:36:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 19:31:39 | 000,017,920 | ---- | C] () -- C:\Users\Anneke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 21:11:03 | 000,001,516 | ---- | C] () -- C:\Users\Anneke\AppData\Roaming\wklnhst.dat
[2008/10/04 17:55:51 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/10/04 17:55:51 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/10/04 17:55:51 | 000,010,149 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/10/04 17:55:51 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/08 09:42:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/01 16:24:45 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/07/01 16:02:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/01 16:02:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/01 16:02:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/01 16:02:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/01 16:02:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/01 16:02:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/01 15:33:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/07/01 14:46:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/12/28 12:50:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/06/11 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9B.DLL
[2008/06/11 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9B.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/10/27 23:34:00 | 000,862,397 | ---- | M] () -- C:\Windows\ConfigFree.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/29 11:45:08 | 000,000,286 | -HS- | M] () -- C:\Users\Anneke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/19 15:19:58 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anneke\Desktop\AlvorensHDDTDSSKiller.com.exe
[2010/12/20 14:44:27 | 000,660,787 | ---- | M] () -- C:\Users\Anneke\Desktop\iExplore.exe
[2010/12/20 12:55:54 | 007,622,280 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anneke\Desktop\mbam-setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/04 17:56:53 | 000,000,402 | -HS- | M] () -- C:\Users\Anneke\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/07 20:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Hard Drive Diagnostic - Vista doesn't open MBAM after restart - Part 2

Post by Diepzeeknikker on Tue Dec 28, 2010 3:41 pm

Continuance:
Contiuance OTL.Txt:
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/07 20:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 07:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/10/18 14:31:24 | 002,038,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/07 20:09:54 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/06/11 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9B.DLL
[2008/06/11 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9B.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/07/01 14:28:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/28 14:11:58 | 3219,128,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 14:11:56 | 3532,730,368 | -HS- | M] () -- C:\pagefile.sys
[2008/07/01 15:37:28 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2008/07/01 15:44:46 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008/08/22 09:15:25 | 000,000,176 | -H-- | M] () -- C:\SWSTAMP.TXT
[2008/08/08 09:19:55 | 000,025,272 | ---- | M] () -- C:\_wdsuef.dmp

< %PROGRAMFILES%\*. >
[2008/07/01 16:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/07/01 16:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/27 21:10:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/07/18 00:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/10/04 17:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2008/10/04 17:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/09/07 11:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/07/27 21:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/04 17:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\Camera Assistant Software for Toshiba
[2009/07/18 03:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/07/17 23:50:09 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/07 11:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/12/08 16:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\Fotoalbum
[2009/11/29 12:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/01/29 15:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/16 12:50:40 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/10/04 17:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/12/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/01 16:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/07/27 21:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/27 21:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/22 11:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/12 21:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/10/04 17:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/12/21 22:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/04 16:27:03 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2008/07/01 16:05:22 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/12/08 14:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/12/08 14:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/12/18 12:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/01 16:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/12/28 13:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/01 16:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\myphotobook
[2010/09/06 11:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/07/27 21:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/04 17:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/15 21:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/07/01 15:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/10/04 17:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2008/07/01 16:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba TEMPRO
[2008/07/01 15:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/16 21:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2010/12/28 13:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/12/28 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/12/28 13:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/12/28 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/12/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/07/01 16:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/12/28 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/04 17:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/12/28 13:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/12/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2010/07/17 11:26:47 | 000,083,496 | ---- | M] () -- C:\Users\Anneke\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010/02/12 21:59:33 | 000,000,179 | ---- | M] () -- C:\Users\Anneke\AppData\Roaming\setup.log
[2010/02/12 21:59:31 | 000,000,760 | ---- | M] () -- C:\Users\Anneke\AppData\Roaming\setup_ldm.iss
[2010/11/11 21:45:37 | 000,001,516 | ---- | M] () -- C:\Users\Anneke\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2008/04/15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-28 11:52:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 904 bytes -> C:\Users\Anneke\Documents\Adviesrapport Individuele Materiële Bijstand (Karen Vermeire).eml:OECustomProperty
@Alternate Data Stream - 506 bytes -> C:\Users\Anneke\Documents\Vermeire 1.eml:OECustomProperty
@Alternate Data Stream - 506 bytes -> C:\Users\Anneke\Documents\E.D.2.eml:OECustomProperty
@Alternate Data Stream - 506 bytes -> C:\Users\Anneke\Documents\D.E..eml:OECustomProperty

< End of report >



Extras.Txt:
OTL Extras logfile created on: 28/12/2010 14:31:01 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Anneke\Desktop\Hard Drive Diagnostic\Oplossing 2 (GeekPolice)\After-oplossingsprocedure 2\Download OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 98,27 Gb Free Space | 66,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 248,53 Gb Free Space | 83,37% Space Free | Partition Type: NTFS
Drive F: | 147,73 Gb Total Space | 131,03 Gb Free Space | 88,69% Space Free | Partition Type: NTFS

Computer Name: ANNEKES | User Name: Anneke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoalbum.be] -- "C:\Program Files\Fotoalbum\Fotoalbum.be\Fotoalbum.be.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26193CD7-EDCE-4314-8057-21D0FD7078F1}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{7B1B7AE6-9061-41B3-BC2F-283BB171231C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A4D0D7AD-F033-4886-A15A-E0A5B98D068C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FF3061B1-5B05-4BD3-A55E-80C5A12CE2F9}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0512B10A-23F9-4209-B6F7-17E5098B20FC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{2A1DD6D9-7B2D-48B3-8859-0A4F2B8EE618}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A785A8E-748C-4420-965E-F1E71A5EFAFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{683280AF-84C2-4B19-A42F-A27DDBE40281}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77B7846D-B31C-48F1-BC7C-A617E04AAE3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7999C7C9-231B-4BCC-A525-3C22B7F6163D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{804827A7-AED6-4DBE-808B-D341FC36EA4A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9955B4B9-2DBB-40BD-A4E2-F38CFCBF5A1B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DD86361-13D7-4DEC-A3F9-FD987D92F880}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5158F1F5-FA1B-4D49-B546-55A5004B89BD}" = Microsoft Works
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8A8EECC0-FECF-42BF-B414-D8E2F884E5AF}" = TOSHIBA-handleidingen
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90110413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Dutch)
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Geluiddemper v. cd/dvd-station
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1043-7B44-A81200000003}" = Adobe Reader 8.1.2 - Nederlands
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DWG TrueView 2011" = DWG TrueView 2011
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"Fotoalbum.be" = Fotoalbum.be
"Gebruikersregistratie voor Canon MP980 series" = Gebruikersregistratie voor Canon MP980 series
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.5
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/11/2010 8:41:33 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4758

Error - 22/11/2010 8:41:35 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/11/2010 8:41:35 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6989

Error - 22/11/2010 8:41:35 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6989

Error - 22/11/2010 8:41:37 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/11/2010 8:41:37 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 22/11/2010 8:41:37 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

Error - 22/11/2010 13:41:43 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/11/2010 13:41:43 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18014356

Error - 22/11/2010 13:41:43 | Computer Name = Annekes | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18014356


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Tue Dec 28, 2010 10:22 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Dec 31, 2010 11:38 am

I'm not sure, but I think there's a misunderstanding. Let me think
As I was convinced my computer was infected with Hard Drive Diagnostic, I followed the instructions in your "Remove Hard Drive Diagnostic [Removal Guide]": I ran Windows in Safe Mode with Networking, downloaded MBAM from the link in your "Remove Hard Drive Diagnostic [Removal Guide]", installed it, it automatically updated itself after the installation, I performed a quick scan, when the scan was finished a message box appeared, I clicked OK to continue, I clicked Show Results, I was presented with a screen showing me (229) malware infections, I clicked on Remove selected.

At that time I didn't notice, but afterwards I got convinced - for some reason - MBAM left 2 of 229 infected objects unselected and therefore these objects were not removed. If I would have noticed, I would have left it anyway... I don't know anything about computers, even less about (anti-)virusses... Annoyed or Unimpress

I got a message all selected items did get successfully removed instead of certain items could not be removed. A log file had been saved. Did I want to restart the computer to complete the process? - Yes.

I'll copy and paste this results below as "MBAM-log Removal Guide".

The computer restarted, but my background was still black although I was in Normal Mode now instead of Safe Mode with Networking. I also noticed the shortcut Hard Drive Diagnostic had made on my desktop was still there but its layout (the picture) had changed. The Hard Drive Diagnostic Window did not open automatically Hooray! , but neither did MBAM Let me think .
I did get a message on my system tray some programs were blocked. As administrator I gave permission to run MBAM... Nothing happened: MBAM didn't open, I didn't get any log,... Only thing that seemed to have changed (since giving permission) was the icon in the system tray telling me some programs were blocked: it was gone??? I decided to dubbelclick on MBAM's shortcut on the desktop, gave permission, than MBAM's main program just showed up...

Because a long explanation usually scares, I hadn't mentioned yet that at that point I let MBAM perform another quick scan anyway. This scan resulted in 2 infected objects - which I'm convinced MBAM already detected during the first scan (while following your "Remove Hard Drive Diagnostic [Removal Guide]"), but for some reason weren't selected for removal.
I clicked Remove selected anyway (although nothing was selected), than I got a message all selected items were successfully removed. A log file had been saved. That was it. No restart asked, no nothing else. I closed MBAM, shut down the computer and decided to ask for your help later.

I'll copy and past this results below as "MBAM-log after restart".

Meanwhile I closed and restarted the computer several times.
Let me think As my computer has always taken his time to boot or shutdown, I'm not sure whether he's taking more time or it's just me paying more attention to it. What I'm convinced is new, is that - especially at shutdown - he "blinks" a shortcut. It's not always the same one. More and more I'm getting the impression it is the last shortcut I've selected that "blinks" at shutdown.
Let me think The shortcut Hard Disk Diagnostic had made on my desktop (but which layout (the picture) was changed after restarting the computer at the almost end of your "Remove Hard Drive Diagnostic [Removal Guide]") is still there.
Cheesy Grin (sparkly As my background remained black, I selected a picture to put on it. Thus far I've noticed no further problems with that.
Let me think In the past, when surfing on the internet, every now and then I got a dialup screen. Since following your "Remove Hard Drive Diagnostic [Removal Guide]", I get it about every time I start the computer. When I open Internet Explorer I mostly have to uncheck work offline, make connection a number of times until the dialup no longer emerges. Once I'm in however, we're back to the old days: ones in a while... Cheesy Grin (sparkly
As I really know very little about computer, I just listed the things I noticed. Possibly (some of) these things are irrelevant, maybe other things which are relevant, aren't listed... I'm doing the best I can... Please, tell me what to look for! Annoyed or Unimpress



MBAM-log Removal Guide:
Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Databaseversie: 5365

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18999

21/12/2010 15:01:20
mbam-log-2010-12-21 (15-01-20).txt

Scantype: Snelle scan
Objecten gescand: 153046
Verstreken tijd: 4 minuut/minuten, 34 seconde(n)

Geheugenprocessen geďnfecteerd: 0
Geheugenmodulen geďnfecteerd: 0
Registersleutels geďnfecteerd: 126
Registerwaarden geďnfecteerd: 15
Registerdata geďnfecteerd: 0
Mappen geďnfecteerd: 15
Bestanden geďnfecteerd: 73

Geheugenprocessen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geďnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geďnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uiPGGcQmqy.exe (Trojan.FakeAlert) -> Value: uiPGGcQmqy.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9860869 (Rogue.HDDScan) -> Value: 9860869 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registerdata geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geďnfecteerd:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden geďnfecteerd:
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Anneke\AppData\Local\Temp\uipggcqmqy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Anneke\AppData\Local\Temp\9860869.exe (Rogue.HDDScan) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\spool\prtprocs\w32x86\103195C.tmp (Trojan.Tibs) -> Quarantined and deleted successfully.
c:\Windows\System32\spool\prtprocs\w32x86\1033B1F.tmp (Trojan.Tibs) -> Quarantined and deleted successfully.
c:\Users\Anneke\AppData\Local\Temp\eqgviowkun.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Anneke\AppData\Local\Temp\tmp13B1.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Anneke\AppData\Local\Temp\tmpCBF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Anneke\local settings\temporary internet files\Content.IE5\13XXDFUF\442-direct[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



MBAM-log after restart:
Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Databaseversie: 5365

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

21/12/2010 22:14:34
mbam-log-2010-12-21 (22-14-34).txt

Scantype: Snelle scan
Objecten gescand: 156936
Verstreken tijd: 6 minuut/minuten, 23 seconde(n)

Geheugenprocessen geďnfecteerd: 0
Geheugenmodulen geďnfecteerd: 0
Registersleutels geďnfecteerd: 0
Registerwaarden geďnfecteerd: 0
Registerdata geďnfecteerd: 0
Mappen geďnfecteerd: 0
Bestanden geďnfecteerd: 2

Geheugenprocessen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geďnfecteerd:
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Fri Dec 31, 2010 12:56 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Dec 31, 2010 2:08 pm

As I already downloaded and installed MBAM following your "Remove Hard Drive Diagnostic [Removal Guide]" (http://www.GeekPolice.net/t25181-remove-hard-drive-diagnostic-removal-guide), why not just dubbelclick on the shortcut, give permission to update and afterwards perform another quick scan?

Is there a difference between the MBAM downloaded from the link in your "Remove Hard Drive Diagnostic [Removal Guide]" and the MBAM downloaded from the link you posted in Post 3? Should I get rid of the MBAM I already downloaded and installed from your "Remove Hard Drive Diagnostic [Removal Guide]" and afterwards download and install the MBAM from the link you posted in Post 3? What's the best way to do that?

I posted both MBAM-logs made by letting MBAM scan in Post 4. Are you sure I should check those 2 items to "remove selected", although they were both, both times, automatically unchecked to "remove selected" by MBAM?

Is it possible the background (which was set by default when I bought the computer and wasn't changed ever since) turned into a black screen by running MBAM or would that rather be an indication Hard Drive Diagnostic wasn't beat completely? Something else? What? - Should I just leave the picture I selected and put on the desktop background as it is now or should I do something else? What?

How come the shortcut Hard Drive Diagnostic made on my desktop is still there, but has changed? - Should I just throw it in the trash and empty? Something else? What?

What about the "blinking" shortcuts at shutdown?

What about the dialup?

Is there a way to know for sure whether or not Hard Drive Diagnostic has been completely removed from the computer? Even better: a way to know for sure your computer is OK? At least a point at which you say to leave it behind, just move on (I'd prefer certainty! :smile2: )? What do I do to come to that?
!!!!! It is very important to me I can use my E-mail without having to worry and most important to be able to manage my bankaccount over the internet without risking my money!!!!! (Gunsmoke)

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Dec 31, 2010 2:20 pm

I'm sorry!
I didn't expect an answer that quick!
I'll certainly try and follow your instructions in Post 5 as soon as possible, but if I hadn't shut down about an hour ago, I was getting into trouble!
Thank you soo much for helping me out as soon as possible! Soo sorry I have to interrupt at this moment! Hope to "talk" to you soon!

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sat Jan 01, 2011 12:49 am

Okay standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Mon Jan 03, 2011 2:51 pm

Sincere apologies for having to leave like that the other day! Sad tearing
Due to that I'm afraid you might have overlooked my questions in post 6... Would you be so kind? Laughing

As since running MBAM I saw neither Hard Drive Diagnostic window (it didn't open itself and I didn't dare to dubbelclick the icon - which was changed but not gone - to see what would happen) nor bunch fake alerts, I keep asking myself whether or not Hard Drive Diagnostic would have been completely removed from my computer. Is there a way to know? If so, what about the blinking shortcuts, the dialup, the black background, the "rest-"icon? Maybe my computer has other problems (too)?

As I quickly read the other day I might have to disable anti-virus/malware... I planned to respond as fast as possible (sorry it took so long!), knowing that would be problematic... As embarrassing as it may be, it is the truth...
When I bought this computer some kind of temporary McAfee was on it. As I knew VERY LITTLE about anti-virus/malware... I just kept my hands of... After a while a got messages from the system tray telling me to pay if I wanted to stay protected... As I knew VERY LITTLE about anti-virus/malware... I just kept my hands of... For quite some time now I'm getting messages from the system tray telling me my computer is not protected... As I... I just... Annoyed or Unimpress
Since getting convinced I caught a virus called "Hard Drive Diagnostic" on my computer I downloaded, installed and ran MBAM following your "Remove Hard Drive Diagnostic [Removal Guide]". (I also did download TDSSKiller, RKill and MBAM from Bleeping Computer planning to follow their removal guide, but didn't install nor use as I ran into your removal guide, which seemed so much simpeler... How much more embarrassing can it get? Sad tearing )
That's about all I know... Read: I'm not sure when asked to disable this kind of things whether or not there is something to disable/delete...
I made printscreens of my Add/Remove Programs, hoping (together with the MBAM-logs and OTL-log) you would be able and willing to help me out: Annoyed or Unimpress





As I'm not sure what to do next (trying removal guide Bleeping Computer, MBAM, disabling/deleting anti-stuff, ComboFix,...), I'll wait patiently for your respons.
Once again: I'm very sorry for the mess I made! Thank you very much for being willing to help me out anyway!

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Tue Jan 04, 2011 1:30 am

Hello.
Please don't run tools that I don't tell you to run, they can cause more harm than good if you aren't under the supervision of an expert.

Are you sure I should check those 2 items to "remove selected", although they were both, both times, automatically unchecked to "remove selected" by MBAM?
Yes please.

What about the "blinking" shortcuts at shutdown?
Not sure

What about the dialup?
Wow, dial-up, I can only really suggest upgrading to broadband.


Please run Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sat Jan 08, 2011 10:01 pm

I'm sorry... As pressure increases instead of getting reduced on all sides, the virus-removal has to cease much more often than I want it to... On top of that my disability and ignorance when it comes to computer... Sorry!!! Sad tearing

1) I keep wondering whether or not (remnants of) Hard Drive Diagnostic (are) is still on my computer. Is there a way to know?

2) As for the "blinking" shortcuts at shutdown you're not sure, but what about the background - which was set by default when I bought the computer and wasn't changed ever since - being turned into a black screen after running MBAM?
How come the shortcut Hard Drive Diagnostic made on my desktop is still there, but has changed?
As for the dial-up: I do have broadband, but ever since having exchanged information with a bleutooth-device, every now and then I got a dialup screen... Annoyed or Unimpress

3) Do I first run MBAM or ComboFix?
a) For MBAM: Should I delete/uninstall and start all over again with downloading, installing,... or can I just dubbelclick on the shortcut, give permission to update, perform another quick scan and afterwards check all items to "remove selected"?
b) For ComboFix:
1) In my previous post I tried to tell you I'm not able to "Disable your AntiVirus and AntiSpyware applications..." as I don't know what exactly is on my computer... I tried to explain as well as I could what I did know and pasted printscreens of my Add/Remove Programs, hoping (together with logs I already provided) you might be able to tell me what to disable/delete...
2) "Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel": do I copy and paste that literally, or do "%userprofile%" or "commy.exe" /stepdel" have a meaning and do I have to fill in? If so, what's the meaning, how do I fill in?



Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sat Jan 08, 2011 11:26 pm

1) I keep wondering whether or not (remnants of) Hard Drive Diagnostic (are) is still on my computer. Is there a way to know?

HDD rogue is a simple program to remove, so it looks good from here.

2) As for the "blinking" shortcuts at shutdown you're not sure, but what about the background - which was set by default when I bought the computer and wasn't changed ever since - being turned into a black screen after running MBAM?

If it's just a background, that can be easily changed in the Desktop settings.

How come the shortcut Hard Drive Diagnostic made on my desktop is still there, but has changed?

Delete that, it's a leftover.

As for the dial-up: I do have broadband, but ever since having exchanged information with a bleutooth-device, every now and then I got a dialup screen...

Are you wireless or hard wired to a router?

3) Do I first run MBAM or ComboFix?

Combofix please.

a) For MBAM: Should I delete/uninstall and start all over again with downloading, installing,... or can I just dubbelclick on the shortcut, give permission to update, perform another quick scan and afterwards check all items to "remove selected"?

Just open it and do an update, it will download the latest.

1) In my previous post I tried to tell you I'm not able to "Disable your AntiVirus and AntiSpyware applications..." as I don't know what exactly is on my computer... I tried to explain as well as I could what I did know and pasted printscreens of my Add/Remove Programs, hoping (together with logs I already provided) you might be able to tell me what to disable/delete...

It's it's complaining of Mcafee as I see Mcafee is installed, then see [You must be registered and logged in to see this link.] for how to disable your AV.

2) "Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel": do I copy and paste that literally, or do "%userprofile%" or "commy.exe" /stepdel" have a meaning and do I have to fill in? If so, what's the meaning, how do I fill in?

Copy and paste the command as one whole line.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sun Jan 09, 2011 2:00 pm

1) Thanks for the appeasement! Hooray!

2) As I already chose a picture and put it on the desktop background and thus far havn't noticed any further problems with that, I can leave it the way it is now, just forget about it?
About the shortcut Hard Drive Diagnostic made on my desktop and is still there but has changed: just throw in recycle bin and empty?
About the dial-up: I'm wireless.

3) a) For MBAM: After having run ComboFix, I just (update and) run MBAM, perform quick scan, than check all items - regardless of how many or which have come out - for "remove selected" and just remove all?
b) For ComboFix:
1) If I understand correctly, in McAfee I have to just turn off everything what's under "Computer and files" and everything what's under "Internet and network"? As for the others - "E-mail and express" included - I just leave everything as it is (on)?
2) As for the Microsoft Windows Recovery Console: when I bought this computer, there were NO CD/DVD's with it. Is it - in this case - save to just skip Microsoft Windows Recovery Console? Should I manually install? If so, before or after running Combofix? How?
3) Do I run ComboFix/install Microsoft Windows Recovery Console/MBAM in Safe Mode (with networking) or can I just boot and work in Normal Mode?



Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sun Jan 09, 2011 11:49 pm

2) As I already chose a picture and put it on the desktop background and thus far havn't noticed any further problems with that, I can leave it the way it is now, just forget about it?

Yep.

About the shortcut Hard Drive Diagnostic made on my desktop and is still there but has changed: just throw in recycle bin and empty?

Yes.

About the dial-up: I'm wireless.

Try hardwire, wireless speed tends to drop based on the signal streanght.

3) a) For MBAM: After having run ComboFix, I just (update and) run MBAM, perform quick scan, than check all items - regardless of how many or which have come out - for "remove selected" and just remove all?

Yes, remove whatever it finds.

1) If I understand correctly, in McAfee I have to just turn off everything what's under "Computer and files" and everything what's under "Internet and network"? As for the others - "E-mail and express" included - I just leave everything as it is(on)?

Turn off everything possible.

2) As for the Microsoft Windows Recovery Console: when I bought this computer, there were NO CD/DVD's with it. Is it - in this case - save to just skip Microsoft Windows Recovery Console? Should I manually install? If so, before or after running Combofix? How?

Allow Combofix to install the RC for you. It's there for a safety reason should something bad happen when CF is running.

3) Do I run ComboFix/install Microsoft Windows Recovery Console/MBAM in Safe Mode (with networking) or can I just boot and work in Normal Mode?

Either mode should work, but preferably normal mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sat Jan 15, 2011 2:14 pm

As for the wireless/hardwire: I’m afraid I’m not the one to decide… As the majority loves the advantages of wireless (quite frankly: me too), that’s probably not going to be changed back into hardwire…

Next things I did/happened:
1) I tried to turn off everything possible in McAfee. I even made printscreens of what I did:


2) I downloaded ComboFix from the Bleepingcomputer-link in Post 5 and saved as commy.exe on my desktop.

3) I clicked Start then copy pasted “"%userprofile%\desktop\commy.exe" /stepdel” into the search box & hit enter. UAC asked for permission, I gave it. I got “DISCLAIMER OF WARRANTY ON SOFTWARE”, I clicked Yes. I got “Backing up registry…”-window, it automatically closed when ready. After that I’m convinced ComboFix just started scanning. (I’m not 100% certain, nevertheless pretty convinced Microsoft Windows Recovery Console was not mentioned.) ComboFix was going to reboot – do NOT do it yourself, Combofix will – and did so. ComboFix was prepairing Log Report – Do not run any programs until ComboFix has finished. After a while ComboFix-window was closed and Notepad-window presenting ComboFix-log was opened. I’ll copy paste below as “ComboFix-log".
BUT, I also got an error-box:


Not having a clue what “CEC_MAIN.exe” would mean, but assuming this would start the Microsoft Windows Recovery Console, I just clicked OK… Nothing happened.
While waiting patiently for something to happen, I did notice the shortcut Hard Drive Diagnostic made on my desktop and was still there but had changed, was changed again! This time it has been turned into an Internet Explorer-shortcut. The background on the other hand - which was set by default when I bought the computer and wasn't changed ever since until I ran MBAM (it turned into a black screen after running MBAM) seems unmoved by ComboFix: the picture I chose and put it on the desktop background (to replace the black screen) is still there.
As just waiting for something to happen after having clicked OK-button had failed, I decided to prepair another post.
Meanwhile I had some urgent presents which had to come first. Virus-removal had to cease for a while, although I felt insecure about the status of my computer (having disabled every possible protection, having run ComboFix but not knowing what about the error, what about Microsoft Windows Recovery Console…).
As I wanted to go on the internet, I was prompted with a message Internet Explorer was not my standard browser, did I want to alter it into my standard browser? Although I couldn’t remember Internet Explorer not being my standard browser, I just clicked Yes. Ever since having done that, this message doesn’t seem to appear anymore.
More of a concern however, I was presented with a message I was going to leave save internetconnection. The information you send, could be watched by others. Do you want to continue?

This message keeps appearing, every time I open Internet Explorer.
When I want to open GMail (thus far I only noticed for GMail, possibly it's for some other things too, I just don't know it yet) an other message appears stating I'm going to display pages through a safe connection. The information you exchange with this website can be viewed by nobody else on the internet.


Thinking that would be it, yesterday at shutdown I noticed McAfee-icon being checked in taskbar: apparently McAfee did a scan anyway although I tried my best to disable completely (1)) and hadn't changed back because I wanted to ask you first.

So far I think that shall be it.
Wat do I do now? Annoyed or Unimpress



ComboFix-log:
ComboFix 11-01-10.07 - Anneke 11/01/2011 9:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1811 [GMT 1:00]
Gestart vanuit: c:\users\Anneke\Desktop\commy.exe
gebruikte Opdracht switches :: /stepdel
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic
c:\windows\system32\drivers\sst3B3E.sys
c:\program files\Internet Explorer\msimg32.dll
c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
c:\users\Anneke\Desktop\Hard Drive Diagnostic.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\arp.exe
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst3B3E
-------\Service_sst3B3E


(((((((((((((((((((( Bestanden Gemaakt van 2010-12-11 to 2011-01-11 ))))))))))))))))))))))))))))))
.

2011-01-11 08:39 . 2011-01-11 08:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\ca-ES
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\eu-ES
2010-12-28 12:48 . 2010-12-28 12:49 -------- d-----w- c:\windows\system32\vi-VN
2010-12-28 11:32 . 2010-12-28 11:32 -------- d-----w- c:\windows\system32\EventProviders
2010-12-24 13:55 . 2010-12-24 13:55 -------- d-----w- c:\programdata\IsolatedStorage
2010-12-21 11:56 . 2010-12-21 11:56 -------- d-----w- c:\users\Anneke\AppData\Roaming\Malwarebytes
2010-12-21 11:53 . 2010-12-21 11:53 -------- d-----w- c:\programdata\Malwarebytes
2010-12-21 11:53 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 11:53 . 2010-12-21 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-21 11:53 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 10:39 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-17 10:39 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 10:39 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-17 10:39 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 10:39 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-17 10:39 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-17 10:39 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-17 10:39 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-17 10:39 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-17 10:39 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 14:58 . 2010-12-06 14:58 82944 ----a-w- c:\windows\system32\drivers\sst195D.sys
2010-12-06 14:58 . 2010-12-06 14:58 0 ----a-w- c:\windows\system32\drivers\sst195D.tmp
2010-12-06 14:57 . 2010-12-06 14:57 0 ----a-w- c:\windows\system32\drivers\sst3B3E.tmp
2010-11-12 17:53 . 2010-05-14 10:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Skytel"="Skytel.exe" [2007-11-20 1826816]

c:\users\Anneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-12 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:17]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:17]

2008-08-08 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-05 11:32]

2009-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-05 11:32]

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{CD84C335-872B-4F86-81AE-25F3500FCE74}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Bijkomende Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - [You must be registered and logged in to see this link.]
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - [You must be registered and logged in to see this link.]
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - [You must be registered and logged in to see this link.]
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



**************************************************************************
scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????*???P?y?x?y???y???y??

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4600)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\Power Saver\TPwrMain.exe
c:\program files\Toshiba\SmoothView\SmoothView.exe
c:\program files\Toshiba\FlashCards\TCrdMain.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\BTWLANDP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-11 09:47:18 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-11 08:47

Pre-Run: 101.037.477.888 bytes beschikbaar
Post-Run: 105.179.316.224 bytes beschikbaar

- - End Of File - - 3F66BE5A4B8E6E2EEC6A787C13068B06

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sun Jan 16, 2011 1:47 am

Hello.
Could you translate the pics for me? I only speak English and not whatever language that's in.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Jan 28, 2011 10:22 pm

Hi…
I’m very sorry for another – way too long! – interruption… As urgent presents keep piling up it’s getting increasingly difficult to keep my priorities straight… On the one hand there are things that really can’t wait, on the other hand I need my computer for some of those things and therefore it’s important to get and keep him as ‘healthy’ as possible…
I was a fool to believe I was almost there and to plan not having to spend much more time on this case: just run ComboFix - don’t worry about Microsoft Windows Recovery Console, it will be self-evident while running Combofix – and post the log, delete the shortcut-leftover, than run MBAM once again, delete whatever it finds and post the log… Possibly some finalization and off we go… Yaehhh… Annoyed or Unimpress

As for the pictures… They are in Dutch…
As you might have noticed, English is not my first language… Sometimes it’s quite difficult for me to explain in another language – even in English, especially in cases like this I know so few about it would be even difficult to explain in my own language!
I open a translator next to my reply-window, spending a lot of precious time trying to explain as well as I can… in English…
Apparently the result is not according to the efforts… I’m very sorry! Sad tearing
I do, however, appreciate you making the effort to tell me you don’t understand what I mean much more than just ignoring the peaces you don’t understand… Please, keep doing so and thank you very much for making so many efforts to help me out! Right On!


As I’m convinced you do understand the McAfee-printscreen-scheme and the ComboFix-log, I’m going to skip them for now. They’re going to take quite some time I’m afraid and if it’s useless… If, however, you think a translation of either would be of use to you, please, just tell me so, I’ll work on it as fast (and as well) as I can! Cheesy Grin (sparkly

As for the others:
1)

In English would be something in the sense of


2)

In English would be something in the sense of


3)

In English would be something in the sense of



Before proceeding with ESET Online Scan, I’d like to ask you what about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console.
In Post 5 you told me
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
As I expressed my concerns about no CD/DVD’s were with this computer when I bought it, in Post 14 you told me to
Allow Combofix to install the RC for you. It's there for a safety reason should something bad happen when CF is running.
As I told you in Post 15 MWRC was not mentioned while running ComboFix, I’m wondering whether or not MWRC was already installed on my computer? Is there a way to know?

1) Do I install MWRC yet? How?
2) What about the error-box (picture 1))?
3) What about the Internet Explorer-boxes (pictures 2) and 3))?
4) What about McAfee – which seems to keep performing some kind of scan although I havn’t changed settings since making efforts to disable completely in order to run ComboFix? For several days now I also get

In English would be something in the sense of

Do I change McAfee-settings? Into what?
I did (accidentally) order a trial version of McAfee Total Protection (but didn’t download nor install)… Do I install it? When?
5) What about the ‘mystery shortcut’ Hard Drive Diagnostic made on my desktop - which had changed but was still there after MBAM and which I planned to just throw in recycle bin and empty after having run ComboFix, but apparently turned into a Internet Explorer-shortcut? Can I just use it or do I throw in recycle bin and empty anyway just to be certain?
N.B.: As desktop background seems unmoved by ComboFix I assume that case just stays solved. I was however pleasantly surprised getting the impression also the ‘blinking shortcut’-problem seems eliminated.
6) About the ESET Online Scan: Is there something I preferably do before/during/…? Do I disable anti-stuff? Do I close all windows? Do I perform in Safe Mode (with networking) or in Normal Mode?...???

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Jan 28, 2011 10:34 pm

Where is the "solved" coming from?

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Fri Jan 28, 2011 10:44 pm

I'm very sorry!
As I saw "solved" in front of the title, I thought the case might be closed for some reason I didn't know, too late with next post maybe?
As I would really want to solve the case before closing, it's an appeasement seeing it isn't there anymore...
Once again my apologies for this misunderstanding!

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Tue Feb 01, 2011 9:33 pm

Bump?

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Thu Feb 03, 2011 1:29 am

Hello.
Allows Mcafee to check for updates.

Delete the the HDD diagnostic icon, it's overleft.
Perform the ESET scan in normal mode and leave protection stuff enabled, ESET can run while they are active.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Thu Feb 03, 2011 10:27 pm

Hi,

1) About the mess:
A) Did I do something wrong? What (trying to avoid doing it again)?
One Cool Dude Can I please get my “edit”-buttons back? How?

2) About what you already know I did/happened:
A) Were the picture-translations satisfying? Do you want me to translate McAfee-printscreen-scheme or ComboFix-log anyway?
One Cool Dude What about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console?
C) What about the error-boxes?

3) About next I did/happened:
Since my Post 15 I kept my hands of protection stuff, because I didn’t knew – and still don’t know – what to do with it. As in your Post 21 you didn’t actually reply to my Post 17 (would you be so kind? Cheesy Grin (sparkly ), but told me to delete the icon and perform ESET scan, I guessed (hopefully right!) you wanted me to do them first…
A) About the “mystery shortcut”: In right-click-menu I chose “delete”, thinking I would throw in recycle bin and planning to empty afterwards. I did get a “Are you sure?”, but was too anxious to click “Yes” and didn’t read the lines underneath properly. I think it said something like I could restore afterwards in Control Panel, Personal Preferences...
Anyway, when I wanted to empty recycle bin, I saw there wasn’t anything in it…
I’d rather think that would mean it had become a “real” Internet Explorer shortcut than a virus-remnant now possibly wouldn’t be completely removed, but as I’m not sure, I thought to mention it anyway…
One Cool Dude About ESET Online scanner: I accepted Terms of Use, Start, Install ActiveX for all users, Install, UAC permission, than got what I printscreened and will paste below as Printscreen 1 and Printscreen 2.
After that Internet Explorer crashed… “The webpage has expired”, so I just closed and decided to prepare this post.
1) Can I just start over?
2) Do I leave all settings as they are automatically (also for what I havn't seen yet)?
3) Where is Windows Defender (Printscreen 2) coming from?

Printscreen 1:


Printscreen 2:

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sat Feb 05, 2011 3:07 pm

Hi,

As I had a little time, I was stupid enough to think to just try and see how far I’d come… Annoyed or Unimpress
I clicked the link in your Post 16, ESET Online Scan, Agree Terms of Use, Start, than got window I pasted in two parts in my Post 22 above.
Although I had second thoughts about the “Scan for potentially unwanted applications” being checked, but meantime the “Scan for potentially unsafe applications” being unchecked, I left all settings as they were automatically and clicked Start. I got Initialization, than Scanning.
(As threats were found and I wanted to make some printscreens, I did accidentally press ALT+F12 instead of ALT+PRTSC… Seemingly nothing happened, so I just let the scan continue. As I can’t find a proper log, I mention it just to be sure.)
After about an hour I got


As I wanted to see “List of found threats” I clicked on it and got


As I just wanted to go back to take a look at “Manage quarantine”, I clicked Back-button, but I’m afraid my (largely overpaid fancy Logitech mouse (Gunsmoke) ) granted me (another!) favour by forcing the click not only on Back-button, but also on Finish-button in the screen I wanted to click “Manage quarantine” in… I got a ‘want-to-buy ESET-products’-window instead and didn’t seem able to go back… “The webpage has expired”…
As you told me in your Post 16
•Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
I closed ESET Online Scanner windows and went to C:\Program Files\... ESET because there wasn’t any esetonlinescanner directly under Program Files, so ESET\ESET Online Scanner\log.
I tried to make a printscreen so you could clearly see I went to the right place:


Apparently it’s not all that clear, but hopefully clear enough to see the log should have been in the file I opened…
Copypaste of what’s in the log (so you could read):
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Let me think Let me think Let me think Let me think Let me think
Bow or Thanks Posted this to "keep you up to date"... Would you be so kind answering my questions in my previous Post 22 as well? Thank You!

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sat Feb 05, 2011 9:40 pm

Hmm.
Did you get the full filepath for the file that's in the C:\Windows\system32\drivers folder by any chance?

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sun Feb 06, 2011 2:31 pm

Hi,

Once again I'm afraid I'll have to make excuse for my incompetence: I'm not sure what you mean by
Did you get the full filepath for the file that's in the C:\Windows\system32\drivers folder by any chance?
, but I think I didn't. At least not for as far as I'm aware of.

As far as I know the machine is still running as it was before performing ESET Online Scan. I tried my best to describe as well as I could in previous posts... Also my questions do remain... Cheesy Grin (sparkly Would you be so kind? Cheesy Grin (sparkly

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Mon Feb 07, 2011 1:29 am

Hello.

B) Can I please get my “edit”-buttons back? How?

On your posts do you mean?

A) Were the picture-translations satisfying? Do you want me to translate McAfee-printscreen-scheme or ComboFix-log anyway?

No thanks, there good enough now.

B) What about the consequences of not having been able to execute the ComboFix-procedure properly, especially the Microsoft Windows Recovery Console?

Aslong as nothing unexpected happens, doesn't matter, the RC is so if anything goes wrong, we can fix it.

I’d rather think that would mean it had become a “real” Internet Explorer shortcut than a virus-remnant now possibly wouldn’t be completely removed, but as I’m not sure, I thought to mention it anyway…

It's fine, aslong as it's gone.

If the machine is running fine, then all should be well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Diepzeeknikker on Sat Feb 26, 2011 7:38 pm

Hi...

Yes on my posts I mean (get my "edit"-buttons back).
If you'd ever like some help to make a mess... Cheers Mate LMBO or ROFL



OVERVIEW: (D from Done, C from Consequence, Q from Question)

D1) Windows in Safe Mode with Networking -> MBAM -> quick scan (1) -> 229 infected objects (MBAM left 2 of them unselected and therefore these objects were not removed). -> At restart to complete process system tray displays message some programs are blocked. -> Administrator permission -> nothing happens -> dubbelclick MBAM's shortcut on desktop -> main program -> quick scan (2) -> 2 infected objects (which I'm convinced MBAM already detected during first scan, but for some reason weren't selected for removal).

D1C1) Background desktop turned black -> selected picture to put on it. => Thus far no further problems with that. Right On!

D1C2) Layout (the picture) shortcut Hard Drive Diagnostic made on desktop changed -> ComboFix turned into "Real?" Internet Explorer-shortcut (Post 15) -> "deleted" previous to running ESET-scan (Post 22). => Thus far no further problems with that. Right On!

D1C3) "Blinking" shortcuts (especially at shutdown) -> ComboFix => Ever since having run ComboFix I havn't noticed any "blinking" shortcuts anymore (at least so far). Right On!

D1C4) Dial-up more likely to emerge -> From your comments it seems to me that probably has to do more with my wireless connection than with my computer being infected.
=> Q1) Do I have to live with the dial-up or is there something (other than switching to hardwire) that can fix or at least improve the situation? Let me think (F.e.: Internet Explorer -> Extra -> Internet Options -> tab Connections -> alter "Dial whenever there is no network connection" into "Never dial a connection"?) Annoyed or Unimpress


D2) Making efforts to disable AntiVirus and AntiSpyware applications (Posts 9-15) -> ComboFix (your Post 5 and my Post 15).

D2C1) Microsoft Windows Recovery Console was not mentioned. -> Googled MWRC and found something like the MWRC in earlier versions of Windows has been removed in Vista and replaced by several tools: The System Recovery Options menu.
=> Q2) Do I understand correctly ComboFix does install the MWRC in earlier versions of Windows, but not in Vista because in Vista the MWRC has been replaced by the SROM - which should be either on the Windows installation disc or preinstalled (hopefully so in my case, as I told before there was NOT A SINGLE DISC with my computer) - and together with the fact "nothing unexpected (?<=>? D2C2 & D2C3) happened" running ComboFix I shouldn't worry? (For now?) Shouldn't I check whether SROM (or any other piece of recovery you'd recommend) is installed on my computer - and if not take precautions - in case something would go wrong in the futur? Let me think

D2C2) At ComboFix-reboot “CEC_MAIN.exe”-error-box appears (Posts 15 & 17)

-> Googled “CEC_MAIN.exe”: probably would have something to do with the build-in-webcam on my Toshiba (which I havn't used so far, although would like to be able to whenever it suits me).
=> Q3) What do I do with that? Let me think

D2C3) Ever since having run ComboFix I get Security-Warning-windows using Internet Explorer (Posts 15 &17)
and
=> Q4) Do I have to live with continuously Yes, OK, Yes,... or is there something that can fix or at least improve the situation? Let me think (F.e.: Internet Explorer -> Extra -> Internet Options -> tab Advanced -> uncheck "Warn if it switches between secured and unsecured mode"?) Annoyed or Unimpress


D3) ESET Online Scanner, leaving all the default settings as they were (Post22) -> scan -> 4 files infected and cleaned -> take a look at “List of found threats” (Post 23) -> click on Back-button (wanting to take a look at “Manage quarantine”) forced on Finish-button too -> log traceless.

Being convinced ‘want-to-buy ESET-products’-window appeared by pressing through click on Back-button onto Finish-button, both "Uninstall application on close" and "Delete quarantined files" should have stayed as they were: unchecked.

Consequently I'd think the (4) files (infected and cleaned) should still be somewhere on my computer - be it in quarantine.
=> Q5) Where do I find these quarantined files and what do I do with them? Let me think


Q6) If I understand correctly, scans do quarantine items they consider possibly harmful, but not delete them in case an item should be "misinterpreted" so it could be placed back. What happens to the quarantine (and the quarantined items in it) once the program which has quarantined gets deleted/uninstalled from the computer? Let me think

Q7) Should I perform another ESET-scan? If so, should I check “Scan for potentially unsafe applications”? At finish check "Uninstall application on close" and/or "Delete quarantined files"? Let me think

Q8) Should I perform another quick scan with MBAM, check all items - regardless of how many or which have come out - for "remove selected" and remove all? Let me think


As I didn't know exactly which "anti-stuff" was on my computer and tried to figure out in order to run ComboFix (Posts 9-12), I got convinced only such thing on my computer was from McAfee. Although having made efforts to disable completely (Post 15)(and not having changed back ever since) scan continued to be done (only thing that seems to have changed, is I started getting (and still am getting) messages on my system tray (Post 17) "Check for updates should already have taken place"). Consequently I was rather surprised noticing ESET-scan state (next to McAfee also) Windows Defender "may affect the performance and the quality of the scan".

=> Q9) Is Windows Defender (active) on my computer? Let me think

Q10) Do I change McAfee settings back into what they were before (Post 15)? Let me think

Q11) Do I do anything else with protection stuff? Let me think

Q12) Should I "clean up"? What do I do with which of the quarantines/quarantined items/programs? Let me think

Diepzeeknikker
Novice
Novice

Posts Posts : 28
Joined Joined : 2010-12-18
OS OS : Vista
Points Points : 22070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hard Drive Diagnostic - Vista doesn't open MBAM after restart

Post by Belahzur on Sun Feb 27, 2011 11:10 pm

Hello.

Q1) Do I have to live with the dial-up or is there something (other than switching to hardwire) that can fix or at least improve the situation?

Nope, and to be honest, if your not living in the middle of nowhere, then you should be able to get broadband

Do I understand correctly ComboFix does install the MWRC in earlier versions of Windows, but not in Vista because in Vista the MWRC has been replaced by the SROM

Yep, that's for XP only.

and together with the fact "nothing unexpected (?<=>? D2C2 & D2C3) happened" running ComboFix I shouldn't worry? (For now?) Shouldn't I check whether SROM (or any other piece of recovery you'd recommend) is installed on my computer - and if not take precautions - in case something would go wrong in the futur?

Honestly no, if there is no new problems, then no need to worry.

=> Q3) What do I do with that?

Do you have the drivers for it? like it says, reinstall the drivers.

Do I have to live with continuously Yes, OK, Yes,... or is there something that can fix or at least improve the situation?

Tick the boxes for not showing the warning anymore and they will stop bothering you.

=> Q5) Where do I find these quarantined files and what do I do with them?

They should be under C:\Program File\Eset, you can leave them if you wish, they are dead items.

Q6) If I understand correctly, scans do quarantine items they consider possibly harmful, but not delete them in case an item should be "misinterpreted" so it could be placed back. What happens to the quarantine (and the quarantined items in it) once the program which has quarantined gets deleted/uninstalled from the computer?

They will either get left behind, or are removed as well.

Q7) Should I perform another ESET-scan? If so, should I check “Scan for potentially unsafe applications”? At finish check "Uninstall application on close" and/or "Delete quarantined files"?

Leave "Scan for potentially unsafe applications" unticked, but tick the other two if you wish.

Q8) Should I perform another quick scan with MBAM, check all items - regardless of how many or which have come out - for "remove selected" and remove all?

If you want to, but I doubt it will find anything.

=> Q9) Is Windows Defender (active) on my computer?

Yep.

Q10) Do I change McAfee settings back into what they were before (Post 15)?

Yes please.

Q11) Do I do anything else with protection stuff?

No, we may install little extras later once I give you my prevention speech.

Q12) Should I "clean up"? What do I do with which of the quarantines/quarantined items/programs?

Yes, other scanners may also pick up the quarantined items as actual threats.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum