Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black screen with cursor, even in safe mode


  • Please log in to reply

#1
belgianguy

belgianguy

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

My operating system is the following:

Windows XP Home SP3 OEM (Dutch)



I have a very weird issue, one which has me dumbfounded and I'm running out of ideas.
The friend I got it from said the last thing he saw were a lot of popups featuring women after which it rebooted/crashed and didn't function anymore. SO my guess is malware is the culprit.

The machine boots, the BIOS beep plays and its splash screen shows. The loading Windows animation plays, but then it becomes weird:
A cursor (_) flickers in the top left of the screen for some seconds, which then disappears and a black screen becomes visible with the arrow cursor in the middle.
I can move the arrow cursor, but can't start a Task Manager through Ctrl-Alt-Del or Ctrl-Shift-Esc, so there's no way I can launch explorer.exe or any other file for that matter.
So I'm pretty much out of options in Normal mode.

One would think Safe Mode would be a better bet, sadly it isn't... It shows exactly the same black screen, with the arrow cursor showing and in the four corners of the screen the words "Safe Mode". No TaskManager here either... So my options here are non-existant, too.

So I dug up an Ubuntu disk, loaded that into RAM and used it to backup all my stuff to my external harddisk. I could verify that all hardware still worked, and that Windows must be broken.

Next I set out to do an "XP Repair", as described in great detail in a topic on this forum (The one where you press ENTER first and then, once the program detects an earlier installation, you can pick Repair). Sadly, it doesn't detect my OEM installation (I even acquired an XP SP3 OEM disk to try and boot it). But it never offers me to repair an existing installation.

Then I though of doing a manual system restore, by manually copying a recent snapshot to the registry location (the COPY _registry_machine_xxx code). While the actions themselves were succesful, they did not solve my problem. Windows XP's Recovery Console (on the cd) isn't very powerful and terribly limited in its actions, so all I could do was a CHKDSK. Out of sheer lack of options I even tried FIXMBR and FIXBOOT, to no avail.

Booted it back in Ubuntu (at least there I have a Desktop and Internet to work with), so I checked the ntbtlog.txt, it contains a lot of lines stating that drivers cannot be found. But I don't know if that's exceptional or if that file contains such data even on stable systems.

I'm a bit baffled, and don't really know where to go next, except for just installing a clean version over the older one, breaking installed software in the process.

So any ideas are welcome!


Thanks!

PS: just to haunt my dreams I just saw the machine "Windows is starting" loadscreen appear, but it seems to hang there. And now it shows me Administrator and User login options, what the...
I'll click Administrator, and see what other rather unsuspected events might happen...

Edit. I started a boot environment called OTLPE on the dead pc, I did a scan, output below:

OTL.txt

OTL logfile created on: 9/11/2011 4:30:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 133.79 Gb Total Space | 25.04 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive D: | 133.79 Gb Total Space | 29.49 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
Drive E: | 30.50 Gb Total Space | 17.51 Gb Free Space | 57.42% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.85 Gb Free Space | 98.95% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] -- -- (NVSvc)
SRV - File not found [On_Demand] -- -- (NMIndexingService)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (C-DillaCdaC11BA)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2010/12/21 04:00:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] () [Auto] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/02/09 07:27:40 | 000,111,104 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/09 07:27:40 | 000,111,104 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2003/05/14 13:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (eeCtrl)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/08/04 11:59:23 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20110817.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 11:59:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20110817.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/01 19:07:58 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20110816.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/09/18 11:00:53 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/16 08:49:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\symefa.sys -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\symds.sys -- (SymDS)
DRV - [2007/12/08 05:09:29 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/04/23 06:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 04:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/02/15 22:27:10 | 000,044,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Gebruiker_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\Gebruiker_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gebruiker_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2011/07/20 05:09:59 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PP8 Reminder] C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe (ScanSoft, Inc.)
O4 - HKU\Gebruiker_ON_C..\Run: [563843] File not found
O4 - HKU\Gebruiker_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Gebruiker_ON_C..\Run: [Rwajogapogaxe] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gebruiker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gebruiker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1197105372468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.3 195.130.130.131
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 04:50:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: EventLog - C:\WINDOWS\system32\services.exe ()
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - C:\WINDOWS\system32\services.exe ()
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: EventLog - C:\WINDOWS\system32\services.exe ()
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - File not found
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - C:\WINDOWS\system32\services.exe ()
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {168F8BAC-A269-48E9-BB7A-A51B594CF6FF} - .NET Framework
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamische HTML met gegevensbinding voor Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Geavanceerd bewerken
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Beveiligingsupdate voor Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taakplanner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D610D81C-36EE-4E1B-8346-1F515A5AF032} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 06:47:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/10 17:21:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/09/10 17:21:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/09/10 17:21:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/09/10 17:21:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten
[2011/09/10 17:21:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start
[2011/09/10 17:21:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programma's\Bureau-accessoires
[2011/09/10 17:21:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/09/10 17:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Sjablonen
[2011/09/10 17:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Onlangs geopend
[2011/09/10 17:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
[2011/09/10 17:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/09/10 17:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/09/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Mijn documenten
[2011/09/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/09/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorieten
[2011/09/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bureaublad
[2011/09/10 13:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\InstallWietse
[2011/09/09 22:09:51 | 001,174,617 | ---- | C] (Magical Jelly Bean ) -- C:\KeyFinderInstaller.exe
[2011/09/08 12:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla
[2011/09/08 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\AMozilla
[2011/09/08 12:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\AMozilla
[2011/09/08 12:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ComObject
[2011/09/08 02:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Menu Start\Programma's\CyberLink PowerDVD
[2011/09/07 14:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\XnView
[2011/09/07 14:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2011/09/03 06:17:18 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/10 17:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/10 17:33:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 22:08:39 | 001,174,617 | ---- | M] (Magical Jelly Bean ) -- C:\KeyFinderInstaller.exe
[2011/09/08 14:25:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1698013690
[2011/09/08 12:37:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 12:35:05 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB0D4A07-DC15-4732-A8B3-69BBEC90E2CD}.job
[2011/09/08 12:21:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/08 12:09:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 11:01:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011/09/08 02:22:01 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 14:55:46 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\XnView.lnk
[2011/09/07 14:55:46 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2011/09/07 14:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programma's\XnView
[2011/09/07 14:50:58 | 000,057,157 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\RWZI bekkens met brug.skp
[2011/09/03 17:09:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk
[2011/09/03 06:17:18 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/27 20:36:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/24 19:10:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 17:21:21 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programma's\Hulp op afstand.lnk
[2011/09/10 17:21:21 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programma's\Windows Media Player.lnk
[2011/09/08 12:21:07 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/08 12:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1698013690
[2011/09/08 12:15:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/07 14:55:46 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\XnView.lnk
[2011/09/07 14:55:46 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2011/09/07 14:50:53 | 000,057,157 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Mijn documenten\RWZI bekkens met brug.skp
[2010/12/21 18:02:30 | 000,897,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/26 02:59:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/26 02:59:56 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/10 05:51:29 | 000,074,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/18 11:05:19 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/18 10:57:10 | 000,020,827 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2010/09/18 10:57:10 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2010/01/25 07:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/12/08 08:25:31 | 000,000,160 | ---- | C] () -- C:\WINDOWS\vdgwwin.ini
[2007/12/08 08:09:16 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/08 06:05:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\fusioncache.dat
[2007/12/08 05:32:27 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/08 05:31:35 | 000,440,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/08 05:04:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/08 04:51:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/08 04:48:51 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/28 12:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 12:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/06/28 12:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 12:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/06/28 12:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 12:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/28 12:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 12:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/06/28 12:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/02 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 08:00:00 | 000,510,464 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2006/03/02 08:00:00 | 000,509,646 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2006/03/02 08:00:00 | 000,441,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 08:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2006/03/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 08:00:00 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\services.exe
[2006/03/02 08:00:00 | 000,091,242 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2006/03/02 08:00:00 | 000,071,618 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 08:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2006/03/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/16 16:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/07 01:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2002/07/02 07:35:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 10:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2011/09/08 12:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\AMozilla
[2011/01/13 14:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Autodesk
[2010/10/23 04:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\EPSON
[2011/07/20 05:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\HS+FS Experte 2.6
[2010/09/18 11:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\InterTrust
[2007/12/10 14:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\IsolatedStorage
[2011/01/06 16:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Leadertech
[2010/10/23 04:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Nikon
[2011/06/25 17:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Tific
[2011/01/31 15:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\WindSolutions
[2011/01/13 14:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/08/14 06:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/12/01 04:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/07 16:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/31 15:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/10/10 05:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/08 12:35:05 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB0D4A07-DC15-4732-A8B3-69BBEC90E2CD}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2011/09/09 22:08:39 | 001,174,617 | ---- | M] (Magical Jelly Bean ) -- C:\KeyFinderInstaller.exe


< MD5 for: AGP440.SYS >
[2006/03/02 08:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/14 07:03:02 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/08/14 07:03:02 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 08:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/08/14 07:03:02 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/08/14 07:03:02 | 023,899,725 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 13:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 13:02:25 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/02 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 14:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:47:23 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/03/02 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 13:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 13:02:33 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 13:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 13:02:39 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll
[2006/03/02 08:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 13:03:17 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 13:03:17 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\userinit.exe
[2006/03/02 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=DE7A0EE4A6A28E6DFE3118EB22468DA6 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/08 05:30:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/12/08 05:30:38 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/12/08 05:30:38 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/06/23 14:31:51 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/06/23 14:31:52 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 13:02:33 | 000,278,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 13:02:34 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:07 | 008,509,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB12347$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
< End of report >

Edited by belgianguy, 11 September 2011 - 07:45 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP