View Full Version : Got rid of redirected hosts but.....
Jointducky
2011-03-05, 22:26
Dear Volunteers from Spybot,
My computer was infected with the Fraud.WindowsProtectionSuite and Microsoft.Windows.RedirectedHosts.
As usual Spybot saw them, but could not fix the problems.
After scanned with a lot of anti spyware programs wich also could not fix or even see the problem, i installed Windows Defender.
This program saw a redirected host entry and fixed it.
After reboot i run Spybot S&D and the 2 red entry's were gone, all was ok according to S&D.
However when i open my internet i cant connect to Google!
Also my computer is verrryyy slooowww.
Also i saw in the DDS.txt file host entry's detected.
Can someone please look at the .txt file and tell me if everything is ok or not??
I hope i mede the post better this time.
I'd like to thank u all for the time and effort u'll spent on me. Regards,
Erik.
Here is the DDS.txt file:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ronald at 22:00:30,73 on vr 04-03-2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.231 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ronald\Bureaublad\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpagina.nl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/
uInternet Settings,ProxyServer = http=127.0.0.1:25493
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: dance-tunes.com\.www
Trusted Zone: google.nl\.www
Trusted Zone: hanze.nl\intranet
Trusted Zone: one.com\webmail
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
Hosts: 204.152.194.148 www.google.com.au
Hosts: 204.152.194.148 google.ca
Hosts: 204.152.194.148 www.google.ca
Hosts: 204.152.194.148 google.ch
Hosts: 204.152.194.148 www.google.ch
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ronald\applic~1\mozilla\firefox\profiles\yiec8jtw.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ronald\application data\mozilla\firefox\profiles\yiec8jtw.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\ronald\application data\mozilla\firefox\profiles\yiec8jtw.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: IE Tab Plus: coralietab@mozdev.org - %profile%\extensions\coralietab@mozdev.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-25 2253688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 gupdate;Google Updateservice (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [2007-9-29 408064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-03-04 13:07:15 -------- d--h--r- c:\documents and settings\ronald\Onlangs geopend
2011-03-04 12:15:05 -------- d-----w- c:\windows\system32\winrm
2011-03-04 12:14:45 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-03-04 12:12:18 -------- d-----w- c:\docume~1\ronald\applic~1\Windows Desktop Search
2011-03-04 12:09:54 -------- d-----w- c:\program files\Windows Desktop Search
2011-03-04 12:09:52 -------- d-----w- c:\windows\system32\GroupPolicy
2011-03-04 12:07:32 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-03-04 12:07:32 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-03-04 12:07:31 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-03-04 12:05:42 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-04 11:55:07 -------- d-----w- c:\windows\system32\URTTEMP
2011-03-04 10:47:13 2321288 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-04 10:47:03 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{8e49a0eb-9eb9-4b76-9266-cd4446d94a65}\mpengine.dll
2011-03-04 10:47:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-03 21:33:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-03 21:33:23 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-03 21:32:23 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-03 21:32:22 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-03 21:31:29 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-03 19:40:12 -------- d-----w- c:\windows\l2schemas
2011-03-03 19:40:09 -------- d-----w- c:\windows\system32\nl
2011-03-03 19:40:09 -------- d-----w- c:\windows\system32\bits
2011-03-03 19:23:29 -------- d-----w- c:\windows\network diagnostic
2011-03-03 18:30:30 592 ----a-w- c:\windows\chgkey.vbs
2011-02-28 20:34:34 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-28 20:33:23 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-28 20:32:46 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-28 20:32:46 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-28 20:32:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-28 20:32:46 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-28 20:32:46 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-28 20:32:46 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-28 20:32:45 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-28 20:32:45 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-28 20:24:07 -------- d-----w- c:\program files\MSXML 6.0
2011-02-28 15:07:14 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-02-28 15:07:00 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2011-02-28 15:07:00 17024 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-02-28 15:06:59 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-02-28 15:06:59 29184 ----a-w- c:\windows\system32\irmon.dll
2011-02-28 15:06:59 153088 ----a-w- c:\windows\system32\irftp.exe
2011-02-28 15:06:43 18944 ----a-w- c:\windows\system32\drivers\bthusb.sys
2011-02-28 07:05:52 -------- d-----w- c:\windows\ServicePackFiles
2011-02-28 07:00:12 -------- d-----w- c:\program files\MSXML 4.0
2011-02-27 22:06:36 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2011-02-27 22:06:03 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2011-02-27 22:04:59 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2011-02-27 21:53:47 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys
2011-02-27 21:53:47 13824 ------w- c:\windows\system32\drivers\atinttxx.sys
2011-02-27 21:53:47 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys
2011-02-27 21:53:46 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys
2011-02-27 21:53:46 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys
2011-02-27 20:35:27 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-27 20:35:17 272640 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-27 20:31:46 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-27 20:29:29 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-27 20:29:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-27 20:28:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-27 20:25:13 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-27 20:25:12 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-27 20:24:51 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-27 20:24:40 2197120 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-27 20:24:38 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-27 20:24:37 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-27 20:24:36 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-27 20:24:33 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-27 20:24:30 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-27 20:24:27 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-27 20:24:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-27 20:24:26 739328 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-27 20:24:21 2153472 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-27 20:24:16 2031616 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-27 20:08:58 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-27 20:08:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-27 20:08:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-27 20:08:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-27 20:08:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-27 20:08:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-27 20:08:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-27 20:07:54 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-27 20:06:53 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-27 20:04:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-27 20:03:19 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-27 19:53:43 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-27 19:53:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-27 17:14:30 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-02-27 14:11:09 -------- d-----w- c:\docume~1\ronald\applic~1\AVG
2011-02-27 13:11:45 -------- d-----w- c:\docume~1\ronald\applic~1\AVG10
2011-02-27 13:06:31 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-27 13:05:08 -------- d-----w- c:\program files\AVG
2011-02-27 01:31:27 -------- d-----w- c:\docume~1\ronald\applic~1\Malwarebytes
2011-02-27 01:31:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-26 15:40:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-26 15:35:50 -------- d-----w- c:\docume~1\ronald\locals~1\applic~1\Sunbelt Software
2011-02-25 23:09:15 -------- d-----w- c:\program files\CCleaner
2011-02-25 21:46:32 -------- d-----w- c:\program files\VS Revo Group
2011-02-25 16:32:24 -------- d-----w- c:\docume~1\ronald\applic~1\TeamViewer
2011-02-25 16:32:07 -------- d-----w- c:\program files\TeamViewer
2011-02-07 17:42:17 38848 ----a-w- c:\windows\avastSS.scr
2011-02-07 17:41:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-07 17:18:51 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-07 15:34:01 -------- d-----w- c:\docume~1\ronald\applic~1\URSoft
2011-02-07 13:33:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-02-07 09:19:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-07 09:10:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-07 08:20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-07 08:20:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-07 07:41:20 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PSZCTVS
2011-02-07 07:40:48 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\b5b463
.
==================== Find3M ====================
.
2011-01-21 14:44:07 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25:55 735232 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14:07 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30:17 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 22:02:48,65 ===============
oldman960
2011-03-06, 08:26
Hi Jointducky, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
First make sure these settings are correct.
Open your Internet Explorer:
At the top click Tools, click Internet Options
On the Connections Tab click Lan Settings
Uncheck use a proxy server
For FireFox it's
Tools > Options
Click the Advanced button
Click the Network tab
In the connections section click the Settings button
Check mark No Proxy
OK your way out.
Let's see if we can clear some of this up with this tool. It will need to be renamed befoe you download it.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Before you click save please change the name to OTL.scr
Next, Double click on OTL.scr
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[resethosts]
[createrestorepoint]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Please open OTL if it is not opened after the reboot.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Please post back with
OTL fix log
both OTL scan logs
How's the computer?
Jointducky
2011-03-06, 22:23
Dear Mister Oldman960,
I di exactly as u said but i get an error:
Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.
I addet a photo of the message to this reply so it v!rus free gg.
After i hit the ok button on the message the scsn seems to freeze at: Resetting HOSTS file. DO NOT INTERRUPT
Also the computer is busy all the time doing nothing.
Can u give me an advise please?
Regards Erik.
Jointducky
2011-03-07, 00:15
Hi there,
After i forced a reboot i get this in the OLT fix log:
Files\Folders moved on Reboot...
G:\Mijn Documenten\Downloads\cmd.bat moved successfully.
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
Registry entries deleted on Reboot...
Jointducky
2011-03-07, 00:51
OTL logfile created on: 6-3-2011 23:20:22 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
1.023,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,11 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25493
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-27 12:46:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]
[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-06 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-05 22:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml
O1 HOSTS File: ([2011-02-07 14:11:17 | 000,001,932 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 204.152.194.148 www.google.com.au
O1 - Hosts: 204.152.194.148 google.ca
O1 - Hosts: 204.152.194.148 www.google.ca
O1 - Hosts: 204.152.194.148 google.ch
O1 - Hosts: 204.152.194.148 www.google.ch
O1 - Hosts: 204.152.194.148 google.de
O1 - Hosts: 204.152.194.148 www.google.de
O1 - Hosts: 204.152.194.148 google.dk
O1 - Hosts: 204.152.194.148 www.google.dk
O1 - Hosts: 204.152.194.148 google.fr
O1 - Hosts: 204.152.194.148 www.google.fr
O1 - Hosts: 204.152.194.148 google.ie
O1 - Hosts: 204.152.194.148 www.google.ie
O1 - Hosts: 204.152.194.148 google.it
O1 - Hosts: 204.152.194.148 www.google.it
O1 - Hosts: 204.152.194.148 google.co.jp
O1 - Hosts: 204.152.194.148 www.google.co.jp
O1 - Hosts: 204.152.194.148 google.nl
O1 - Hosts: 204.152.194.148 www.google.nl
O1 - Hosts: 204.152.194.148 google.no
O1 - Hosts: 204.152.194.148 www.google.no
O1 - Hosts: 204.152.194.148 google.co.nz
O1 - Hosts: 204.152.194.148 www.google.co.nz
O1 - Hosts: 204.152.194.148 google.pl
O1 - Hosts: 16 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
========== Files/Folders - Created Within 30 Days ==========
[2011-03-06 23:18:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011-03-04 14:07:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011-02-07 18:42:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-02-07 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 18:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-07 16:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-02-07 16:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-07 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-07 10:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 10:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-02-07 08:41:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-02-07 08:40:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2011-03-06 23:25:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-06 23:18:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe
[2011-03-06 22:31:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-06 22:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-06 22:30:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-06 13:58:17 | 107,912,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:02:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 23:17:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:43 | 000,005,758 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-03-01 19:08:14 | 001,212,384 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-03-01 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-27 01:41:27 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:29 | 000,830,277 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 11:13:22 | 000,104,516 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:25 | 006,002,588 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:27:50 | 000,295,417 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-21 13:21:07 | 000,159,354 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:02 | 000,015,156 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-13 13:26:10 | 000,054,889 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:14:23 | 000,032,585 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 12:36:45 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:12 | 004,990,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-11 17:59:22 | 000,271,954 | ---- | M] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:24 | 000,009,781 | ---- | M] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:19 | 000,043,574 | ---- | M] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | M] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-09 09:03:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 9.lnk
[2011-02-08 09:21:05 | 000,070,579 | ---- | M] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | M] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-121706.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120626.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120625.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120624.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120623.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120622.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120621.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120620.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120619.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120618.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120617.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120615.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120613.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120611.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120521.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155412.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155411.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155410.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155409.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155408.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155407.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155406.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155405.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155400.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155354.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155353.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155338.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221742.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221741.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221740.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221644.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145957.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145955.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145954.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145953.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145952.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145951.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145950.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145948.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124931.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124930.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124929.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124928.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124927.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124921.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010119.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010118.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010115.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010114.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010113.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010112.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010111.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010110.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010108.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010100.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154450.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154449.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154448.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154447.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154446.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154445.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154444.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154443.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154442.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154435.backup
[2011-02-07 14:11:17 | 000,001,932 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134200.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134159.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134158.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134157.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134156.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134150.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134148.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134037.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134036.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134035.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134034.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134033.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134021.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111718.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111717.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111716.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111715.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111714.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111713.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111712.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111532.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111531.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111530.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111529.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111528.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111523.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111514.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111513.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111512.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111511.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111506.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093603.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093602.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093601.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093600.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093559.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093558.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093557.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093556.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093555.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093547.backup
[2011-02-06 12:26:52 | 000,110,048 | ---- | M] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
========== Files Created - No Company Name ==========
[2011-03-06 13:58:17 | 107,912,070 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:56:54 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:42 | 000,005,758 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:27 | 000,830,277 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 20:51:56 | 001,212,384 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-02-22 11:13:21 | 000,104,516 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:16 | 006,002,588 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:21:06 | 000,159,354 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:00 | 000,015,156 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-18 09:45:37 | 000,295,417 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-13 13:41:14 | 000,032,585 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 13:26:31 | 000,054,889 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:23:04 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-13 13:22:57 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-13 12:27:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:10 | 004,990,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 17:59:20 | 000,271,954 | ---- | C] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:30 | 000,009,781 | ---- | C] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:52 | 000,043,574 | ---- | C] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | C] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-08 12:15:13 | 000,070,579 | ---- | C] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | C] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:51 | 000,110,048 | ---- | C] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
Jointducky
2011-03-07, 00:52
[2011-02-07 18:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 14:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-27 14:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 14:39:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2011-02-07 18:18:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-27 14:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-01-26 10:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009-08-08 12:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009-09-19 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011-02-07 08:41:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-03-04 02:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-26 22:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-10-01 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Acronis
[2011-02-27 15:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2010-11-05 16:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\BabylonToolbar
[2010-07-27 16:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\dBpoweramp
[2010-11-05 17:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\FreeVideoConverter
[2007-10-03 13:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\LimeWire
[2009-09-19 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Propellerhead Software
[2009-07-30 17:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Smart Recorder
[2011-02-25 17:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-07 16:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-03-04 13:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-05 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-06 23:25:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007-09-29 12:06:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-02-27 01:41:27 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2001-09-07 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007-09-29 12:06:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-03-06 22:30:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2007-09-29 12:06:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-09-29 12:06:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-06 22:30:10 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2007-09-29 12:05:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-03-15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011-01-13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010-04-17 01:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2009-07-20 20:11:30 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2007-09-29 13:48:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-09-29 13:48:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-09-29 13:48:58 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Deskuop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-05 10:03:11
< MD5 for: EXPLORER.EXE >
[2007-06-13 14:24:02 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=147E95A42A58CE99E403F7F57656BBEB -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-06-13 14:12:27 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=1D6245AFBD3FAABC16A885116BE1874D -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe
< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-05 11:24:15 | 000,032,442 | ---- | M] () MD5=3494407AB9524A113E8293FF8C57A8B9 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
< MD5 for: EXPLORER.SCF >
[2001-09-07 12:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: IEXPLORE.CHM >
[2009-02-26 02:51:16 | 000,579,272 | ---- | M] () MD5=63E0C6D9070736AAAD95791A8C028E86 -- C:\WINDOWS\Help\iexplore.chm
[2004-07-17 10:35:24 | 000,226,342 | ---- | M] () MD5=8CBC2453EBF6EE5AC54027A9F8CB0D42 -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2010-09-24 10:26:19 | 000,160,867 | ---- | M] () MD5=58B0366AB7B048A222D6F80158114EAC -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EXE >
[2008-04-14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2008-04-14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\iexplore.exe
[2004-08-04 00:03:30 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=78D969F35CD64BF0761F731FCA5FC99D -- C:\WINDOWS\ie8\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009-03-08 13:13:48 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=56079FF20F68E1B172D1496E4A2034BA -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2009-03-08 13:13:48 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=56079FF20F68E1B172D1496E4A2034BA -- C:\Program Files\Internet Explorer\nl-NL\iexplore.exe.mui
< MD5 for: IEXPLORE.HLP >
[2001-09-07 12:00:00 | 000,097,563 | ---- | M] () MD5=984E3C35895C20B858DBF7322A7BB841 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: WINLOGON.EXE >
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\system32\winlogon.exe
[2004-08-04 00:03:38 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=732ED791711DF9C9DD15E5515BC681B8 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
< End of report >
Jointducky
2011-03-07, 00:53
OTL Extras logfile created on: 6-3-2011 23:20:22 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
1.023,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,11 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - compatibiliteitsmodus (HTTP-In)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"F:\setup\HPZNUI01.EXE" = F:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.2 - Nederlands
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.91
"TeamViewer 6" = TeamViewer 6
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup starten
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21-2-2011 16:23:03 | Computer Name = KANTOOR | Source = Microsoft Office 11 | ID = 1000
Description =
Error - 26-2-2011 5:58:06 | Computer Name = KANTOOR | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Er is een interne certificeringsketenfout opgetreden.
Error - 26-2-2011 6:04:32 | Computer Name = KANTOOR | Source = Winlogon | ID = 1015
Description = Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt.
Statuscode: 00000000. De computer dient nu opnieuw te worden opgestart.
Error - 26-2-2011 11:35:16 | Computer Name = KANTOOR | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 26-2-2011 17:50:27 | Computer Name = KANTOOR | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: procexp.exe, versie: 14.1.0.0, vastgelopen
module: procexp.exe, versie: 14.1.0.0, vastgelopen op: 0x0002cf22.
Error - 27-2-2011 8:20:56 | Computer Name = KANTOOR | Source = pctsSvc.exe | ID = 0
Description =
Error - 27-2-2011 8:54:23 | Computer Name = KANTOOR | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Fout
27035. CA_Error27035: ReloadAvi(0xE001003D): Reloading of AVG databases failed
Error - 28-2-2011 16:54:25 | Computer Name = KANTOOR | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
. Error code = 0x80131047
Error - 3-3-2011 19:18:41 | Computer Name = KANTOOR | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80070020
Error - 4-3-2011 8:13:12 | Computer Name = KANTOOR | Source = Windows Search Service | ID = 3024
Description = De update kan niet worden gestart omdat er geen toegang kan worden
verkregen tot de inhoudsbronnen. Herstel de fouten en probeer de update opnieuw
uit te voeren. Context: toepassing Windows, catalogus SystemIndex
[ System Events ]
Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Acronis Scheduler2Service-service kan vanwege de volgende fout
niet worden gestart: %%2
Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Google Updateservice (gupdate)-service kan vanwege de volgende
fout niet worden gestart: %%3
Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De PfModNT-service kan vanwege de volgende fout niet worden gestart:
%%2
Error - 6-3-2011 8:47:02 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7022
Description = De HP CUE DeviceDiscovery-service-service is bij het starten vastgelopen.
Error - 6-3-2011 16:12:31 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7034
Description = De Java Quick Starter-service is onverwacht beėindigd. Dit is nu 1
keer gebeurd.
Error - 6-3-2011 16:12:31 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7031
Description = De TeamViewer 6-service is onverwacht gestopt. Dit is 1 keer gebeurd.
De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service
opnieuw starten.
Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Acronis Scheduler2Service-service kan vanwege de volgende fout
niet worden gestart: %%2
Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Google Updateservice (gupdate)-service kan vanwege de volgende
fout niet worden gestart: %%3
Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De PfModNT-service kan vanwege de volgende fout niet worden gestart:
%%2
Error - 6-3-2011 17:32:29 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7022
Description = De HP CUE DeviceDiscovery-service-service is bij het starten vastgelopen.
< End of report >
Jointducky
2011-03-07, 01:02
Hi,
I did exactly as u said, but the scan takes almost 15 mins?!!
Is that normal?
And about the computer....
When i go to the homepage startpagina.nl,
it starts loading all kinds of adthuytr.com and adsmoney.com and sites like that.
But it not shows those sites, just in the left lower line i see it.(i added a photo of it).
Also Google sites still not loading.
Regards Erik.
oldman960
2011-03-07, 06:36
Hi Jointducky,
Don't panic, we've just began to resolve your issues. TeaTimer may have interfered with the last fix.
SPYBOT TEATIMER
Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25493
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
:Files
C:\WINDOWS\System32\drivers\etc\hosts.*.backup
:Commands
[resethosts]
[emptytemp]
[createrestorepoint]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
C:\Documents and Settings\All Users\Application Data\b5b463\*.* /s
Click the Run Scan button. Do not change any settings unless therwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt .
Please post back with
OTL fix log
OTL.txt
Thanks
Jointducky
2011-03-07, 21:01
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ deleted successfully.
Item C:\WINDOWS\System32\svchost.exe is whitelisted and cannot be moved.
========== FILES ==========
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093547.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093555.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093556.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093557.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093558.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093559.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093600.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093601.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093602.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093603.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111506.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111511.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111512.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111513.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111514.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111523.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111528.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111529.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111530.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111531.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111532.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111712.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111713.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111714.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111715.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111716.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111717.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111718.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134021.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134033.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134034.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134035.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134036.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134037.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134148.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134150.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134156.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134157.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134158.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134159.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134200.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154435.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154442.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154443.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154444.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154445.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154446.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154447.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154448.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154449.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154450.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010100.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010108.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010110.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010111.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010112.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010113.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010114.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010115.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010118.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010119.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124921.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124927.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124928.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124929.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124930.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124931.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145948.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145950.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145951.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145952.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145953.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145954.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145955.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145957.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221644.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221740.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221741.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221742.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155338.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155353.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155354.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155400.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155405.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155406.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155407.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155408.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155409.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155410.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155411.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155412.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120521.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120611.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120613.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120615.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120617.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120618.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120619.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120620.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120621.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120622.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120623.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120624.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120625.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120626.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-121706.backup moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ronald
->Temp folder emptied: 5717853 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43213560 bytes
->Flash cache emptied: 3485 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 52,00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.22.3 log created on 03072011_195405
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
Registry entries deleted on Reboot...
Jointducky
2011-03-07, 21:11
OTL logfile created on: 7-3-2011 20:03:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
1.023,00 Mb Total Physical Memory | 436,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 2,95 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-27 12:46:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]
[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-06 23:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-06 23:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml
O1 HOSTS File: ([2011-03-07 19:54:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-03-07 19:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-07 11:07:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011-02-07 18:42:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-02-07 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 18:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-07 16:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-02-07 16:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-07 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-07 10:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 10:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-02-07 08:41:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-02-07 08:40:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2011-03-07 20:05:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-07 19:58:40 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-07 19:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-07 19:57:28 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-07 19:54:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-03-07 19:41:47 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-03-07 17:46:33 | 107,965,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 23:17:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:43 | 000,005,758 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-03-01 19:08:14 | 001,212,384 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-03-01 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:29 | 000,830,277 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 11:13:22 | 000,104,516 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:25 | 006,002,588 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:27:50 | 000,295,417 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-21 13:21:07 | 000,159,354 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:02 | 000,015,156 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-13 13:26:10 | 000,054,889 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:14:23 | 000,032,585 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 12:36:45 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:12 | 004,990,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-11 17:59:22 | 000,271,954 | ---- | M] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:24 | 000,009,781 | ---- | M] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:19 | 000,043,574 | ---- | M] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | M] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-09 09:03:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 9.lnk
[2011-02-08 09:21:05 | 000,070,579 | ---- | M] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | M] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:52 | 000,110,048 | ---- | M] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
========== Files Created - No Company Name ==========
[2011-03-07 17:46:33 | 107,965,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:42 | 000,005,758 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:27 | 000,830,277 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 20:51:56 | 001,212,384 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-02-22 11:13:21 | 000,104,516 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:16 | 006,002,588 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:21:06 | 000,159,354 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:00 | 000,015,156 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-18 09:45:37 | 000,295,417 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-13 13:41:14 | 000,032,585 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 13:26:31 | 000,054,889 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:23:04 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-13 13:22:57 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-13 12:27:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:10 | 004,990,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 17:59:20 | 000,271,954 | ---- | C] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:30 | 000,009,781 | ---- | C] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:52 | 000,043,574 | ---- | C] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | C] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-08 12:15:13 | 000,070,579 | ---- | C] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | C] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:51 | 000,110,048 | ---- | C] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Custom Scans ==========
< C:\Documents and Settings\All Users\Application Data\b5b463\*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
< End of report >
oldman960
2011-03-08, 06:20
Hi Jointducky,
How is the computer?
You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.
Open MBAM
Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Next
Please open OTL.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the window under Custom Scans/Fixes copy and paste the following
C:\Documents and Settings\All Users\Application Data\PSZCTVS\*.* /s
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
Please post back with
MBAM log
OTL.txt
Thanks
Jointducky
2011-03-09, 19:51
OTL logfile created on: 9-3-2011 18:50:17 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
1.023,00 Mb Total Physical Memory | 404,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,23 Gb Free Space | 19,47% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,34 Gb Free Space | 89,48% Space Free | Partition Type: NTFS
Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< C:\Documents and Settings\All Users\Application Data\PSZCTVS\*.* /s >
[2011-02-07 14:31:32 | 000,028,198 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\PSZCTVS\PSWHOBKSUWS.cfg
< End of report >
Jointducky
2011-03-09, 19:51
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6003
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9-3-2011 18:37:30
mbam-log-2011-03-09 (18-37-30).txt
Scantype: Snelle scan
Objecten gescand: 142265
Verstreken tijd: 11 minuut/minuten, 13 seconde(n)
Geheugenprocessen geļnfecteerd: 0
Geheugenmodulen geļnfecteerd: 0
Registersleutels geļnfecteerd: 0
Registerwaarden geļnfecteerd: 0
Registerdata geļnfecteerd: 0
Mappen geļnfecteerd: 0
Bestanden geļnfecteerd: 0
Geheugenprocessen geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geļnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Jointducky
2011-03-09, 19:54
Dear oldman,
The computer is working fine.
All internet pages load now though starting Internet takes a wile. (dont know if thats normal).
Nothing detected by MBAM!
I really thank u for ur time and effort.
Regards Erik.
oldman960
2011-03-10, 02:33
Hi Jointducky,
All internet pages load now though starting Internet takes a wile. (dont know if thats normal).
How is it otherwise?
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Files
C:\Documents and Settings\All Users\Application Data\PSZCTVS
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.
Next
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
In the window under Custom scans/fixes copy and paste all the text in the code box
/md5start
msmsgs.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows, OTL.Txt
Please post back with
OTL fix log
MBAM log
OTL.txt
How's the computer?
Thanks
Jointducky
2011-03-12, 00:04
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\PSZCTVS folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ronald
->Temp folder emptied: 5946356 bytes
->Temporary Internet Files folder emptied: 310044788 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43554211 bytes
->Flash cache emptied: 4574 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23713 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5617483 bytes
Total Files Cleaned = 348,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03112011_225359
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
Registry entries deleted on Reboot...
oldman960
2011-03-12, 02:31
Hi Jointducky,
Sorry about the confusing instructions.
Please continue with the ESET scan.
Thanks
Jointducky
2011-03-12, 23:51
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=3a826ae5c68ed740aab842e98b1a9f0c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-11 11:35:15
# local_time=2011-03-12 12:35:15 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 95 6543 43175410 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3774 3774 0 0
# scanned=44015
# found=0
# cleaned=0
# scan_time=5099
Jointducky
2011-03-13, 00:18
OTL logfile created on: 12-3-2011 22:52:17 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,68 Gb Free Space | 22,20% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,34 Gb Free Space | 89,49% Space Free | Partition Type: NTFS
Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]
[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-12 13:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-12 13:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml
O1 HOSTS File: ([2011-03-07 19:54:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.dolcevitadrachten.nl/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ronald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ronald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-03-11 23:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-03-11 23:07:18 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Ronald\Bureaublad\esetsmartinstaller_enu.exe
[2011-03-11 22:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Maria Mena - Compacted Discography (256,320)
[2011-03-09 18:20:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-09 18:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011-03-09 18:20:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-09 18:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-08 14:56:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-07 19:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
========== Files - Modified Within 30 Days ==========
[2011-03-12 22:55:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-12 17:15:49 | 108,462,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-11 23:07:20 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Ronald\Bureaublad\esetsmartinstaller_enu.exe
[2011-03-11 22:59:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-11 22:58:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-11 22:58:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-11 17:31:36 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Factuur_Microdermabrasie_Binsma.pdf
[2011-03-09 20:57:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-09 18:20:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-03-08 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-03-08 13:10:52 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-07 19:54:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-03-07 19:41:47 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
========== Files Created - No Company Name ==========
[2011-03-12 17:15:49 | 108,462,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-11 17:31:36 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Factuur_Microdermabrasie_Binsma.pdf
[2011-03-09 20:57:10 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-09 18:20:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Custom Scans ==========
< MD5 for: MSMSGS.CAT >
[2004-08-04 00:52:48 | 000,009,581 | ---- | M] () MD5=9F8D1DA48F43FC7B7628087F9006A1D6 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | ---- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | ---- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | --S- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msmsgs.cat
< MD5 for: MSMSGS.CAT.000 >
[2004-08-04 00:52:48 | 000,009,581 | ---- | M] () MD5=9F8D1DA48F43FC7B7628087F9006A1D6 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat.000
< MD5 for: MSMSGS.EXE >
[2004-10-13 17:21:24 | 001,694,208 | ---- | M] (Microsoft Corporation) MD5=32C08C70FDD7CD745A723C1DA521161C -- C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
[2004-10-13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) MD5=74E6E96C6F0E2ECA4EDBB7F7A468F259 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\Program Files\Messenger\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.exe
< MD5 for: MSMSGS.INF >
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\inf\msmsgs.inf
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.inf
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.inf
< MD5 for: MSMSGS.PNF >
[2007-09-29 12:13:14 | 000,087,888 | ---- | M] () MD5=DB195BEC84A3B96E1FC7CC254B1F7969 -- C:\WINDOWS\inf\msmsgs.PNF
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
< End of report >
Jointducky
2011-03-13, 00:22
Dear Oldman,
The computer is working just as fine as the last time.
Though starting up internet and a few other (little) apps. makes the processor go wild to 100% and efter about 45 sec.
it cools down a bit to 70% and down.
That was not before this malware, but it is much better now that the malware is removed:laugh:
Thanks again for ur help, time and effort.
Regards,
Erik.
oldman960
2011-03-13, 05:50
Hi Jointducky,
Did you attempt to install Avast recently?
Jointducky
2011-03-13, 23:48
Hi Jointducky,
Did you attempt to install Avast recently?
Dear Oldman,
I didn't attempt to install Avast, but i did installed it.
After i ran the scan it saw infections, however removing them made me purchase a license.
Because i rather not pay for a program im not acquainted with, i uninstalled it with REVO Uninstaller on safe removal.
Afterwards i deleted the register files that were left from that program. (Revo Uninstaller automaticly scans after uninstalling for register files that left behind and high lights them for a safe removal).
Regards,
Erik.
oldman960
2011-03-14, 05:28
Hi Jointducky,
I don't know where you got the version of Avast that you installed as Avast does not require a "fee" to remove anything. The makers of Avast provide a free version that does pretty much the same as the paid for version. The only requirement for the free version is you register it. Again that is free.
There is still some of Avast in your logs. Revo uninstaller may have missed a bit.
Download aswclear.exe (http://www.avast.com/uninstall-utility) to your desktop
Start Windows in Safe Mode
Open (execute) the uninstall utility
When it opens there will be a small white box, make sure it is set to C:\Documents and Settings\All Users\Application Data\Alwil Software
If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
Click REMOVE
Restart your computer
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Files
C:\WINDOWS\avastSS.scr
C:\Documents and Settings\All Users\Application Data\Alwil Software
Then click the Run Fix button at the top
Let the program run unhindered
Jointducky
2011-03-14, 21:10
========== FILES ==========
C:\WINDOWS\avastSS.scr moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\Alwil Software not found.
OTL by OldTimer - Version 3.2.22.3 log created on 03142011_201021
oldman960
2011-03-15, 07:18
Hi Jointducky,
Any problems with your computer?
Thanks
Jointducky
2011-03-17, 22:54
:bigthumb::D::present:
Thanx for ur great help Oldman.
P.S. Post can be closed.
Regards,
Erik
oldman960
2011-03-18, 05:46
Hi Jointducky,
From your desktop, please delete, if present
any notepads/logs that we created
dds.scr
aswclear.exe
Next
* Create a new restore point
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point
click create
* Remove old restore points
Go to Start - All Programs - Accessories - system tools.
Launch the Disk Cleanup tool and let it run.
When it finishes a box with tabs will appear, select the more options tab.
On this tab you will find a section for System Restore.
If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
Next
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
ESET online scan can be removed via add/remove programs.
Don't forget to re-enable Teatimer.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall to what you have.
* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.
Click FIREWALL (http://www.bleepingcomputer.com/forums/tutorial60.html) for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879
Please post back if you have any problems.
Take care