Got rid of redirected hosts but.....

Status
Not open for further replies.
J

Jointducky

New member
Dear Volunteers from Spybot,
My computer was infected with the Fraud.WindowsProtectionSuite and Microsoft.Windows.RedirectedHosts.
As usual Spybot saw them, but could not fix the problems.
After scanned with a lot of anti spyware programs wich also could not fix or even see the problem, i installed Windows Defender.
This program saw a redirected host entry and fixed it.
After reboot i run Spybot S&D and the 2 red entry's were gone, all was ok according to S&D.
However when i open my internet i cant connect to Google!
Also my computer is verrryyy slooowww.

Also i saw in the DDS.txt file host entry's detected.
Can someone please look at the .txt file and tell me if everything is ok or not??
I hope i mede the post better this time.
I'd like to thank u all for the time and effort u'll spent on me. Regards,
Erik.
Here is the DDS.txt file:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ronald at 22:00:30,73 on vr 04-03-2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.231 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ronald\Bureaublad\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startpagina.nl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/
uInternet Settings,ProxyServer = http=127.0.0.1:25493
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: dance-tunes.com\.www
Trusted Zone: google.nl\.www
Trusted Zone: hanze.nl\intranet
Trusted Zone: one.com\webmail
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
Hosts: 204.152.194.148 www.google.com.au
Hosts: 204.152.194.148 google.ca
Hosts: 204.152.194.148 www.google.ca
Hosts: 204.152.194.148 google.ch
Hosts: 204.152.194.148 www.google.ch
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ronald\applic~1\mozilla\firefox\profiles\yiec8jtw.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ronald\application data\mozilla\firefox\profiles\yiec8jtw.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\ronald\application data\mozilla\firefox\profiles\yiec8jtw.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: IE Tab Plus: coralietab@mozdev.org - %profile%\extensions\coralietab@mozdev.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-25 2253688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 gupdate;Google Updateservice (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [2007-9-29 408064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-03-04 13:07:15 -------- d--h--r- c:\documents and settings\ronald\Onlangs geopend
2011-03-04 12:15:05 -------- d-----w- c:\windows\system32\winrm
2011-03-04 12:14:45 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-03-04 12:12:18 -------- d-----w- c:\docume~1\ronald\applic~1\Windows Desktop Search
2011-03-04 12:09:54 -------- d-----w- c:\program files\Windows Desktop Search
2011-03-04 12:09:52 -------- d-----w- c:\windows\system32\GroupPolicy
2011-03-04 12:07:32 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-03-04 12:07:32 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-03-04 12:07:31 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-03-04 12:05:42 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-04 11:55:07 -------- d-----w- c:\windows\system32\URTTEMP
2011-03-04 10:47:13 2321288 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-04 10:47:03 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{8e49a0eb-9eb9-4b76-9266-cd4446d94a65}\mpengine.dll
2011-03-04 10:47:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-03 21:33:50 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-03 21:33:23 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-03 21:32:23 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-03 21:32:22 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-03 21:31:29 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-03 19:40:12 -------- d-----w- c:\windows\l2schemas
2011-03-03 19:40:09 -------- d-----w- c:\windows\system32\nl
2011-03-03 19:40:09 -------- d-----w- c:\windows\system32\bits
2011-03-03 19:23:29 -------- d-----w- c:\windows\network diagnostic
2011-03-03 18:30:30 592 ----a-w- c:\windows\chgkey.vbs
2011-02-28 20:34:34 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-28 20:33:23 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-28 20:32:46 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-28 20:32:46 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-28 20:32:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-28 20:32:46 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-28 20:32:46 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-28 20:32:46 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-28 20:32:45 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-28 20:32:45 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-28 20:24:07 -------- d-----w- c:\program files\MSXML 6.0
2011-02-28 15:07:14 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-02-28 15:07:00 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2011-02-28 15:07:00 17024 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-02-28 15:06:59 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-02-28 15:06:59 29184 ----a-w- c:\windows\system32\irmon.dll
2011-02-28 15:06:59 153088 ----a-w- c:\windows\system32\irftp.exe
2011-02-28 15:06:43 18944 ----a-w- c:\windows\system32\drivers\bthusb.sys
2011-02-28 07:05:52 -------- d-----w- c:\windows\ServicePackFiles
2011-02-28 07:00:12 -------- d-----w- c:\program files\MSXML 4.0
2011-02-27 22:06:36 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2011-02-27 22:06:03 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2011-02-27 22:04:59 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2011-02-27 21:53:47 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys
2011-02-27 21:53:47 13824 ------w- c:\windows\system32\drivers\atinttxx.sys
2011-02-27 21:53:47 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys
2011-02-27 21:53:46 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys
2011-02-27 21:53:46 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys
2011-02-27 20:35:27 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-27 20:35:17 272640 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-27 20:31:46 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-02-27 20:29:29 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-27 20:29:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-27 20:28:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-27 20:25:13 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-02-27 20:25:12 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-02-27 20:24:51 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-27 20:24:40 2197120 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-27 20:24:38 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-27 20:24:37 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-27 20:24:36 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-27 20:24:33 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-27 20:24:30 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-27 20:24:27 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-27 20:24:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-27 20:24:26 739328 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-27 20:24:21 2153472 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-27 20:24:16 2031616 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-27 20:08:58 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-02-27 20:08:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-27 20:08:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-27 20:08:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-27 20:08:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-27 20:08:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-27 20:08:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-27 20:07:54 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-27 20:06:53 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-27 20:04:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-27 20:03:19 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-27 19:53:43 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-27 19:53:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-27 17:14:30 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-02-27 14:11:09 -------- d-----w- c:\docume~1\ronald\applic~1\AVG
2011-02-27 13:11:45 -------- d-----w- c:\docume~1\ronald\applic~1\AVG10
2011-02-27 13:06:31 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-27 13:05:08 -------- d-----w- c:\program files\AVG
2011-02-27 01:31:27 -------- d-----w- c:\docume~1\ronald\applic~1\Malwarebytes
2011-02-27 01:31:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-26 15:40:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-26 15:35:50 -------- d-----w- c:\docume~1\ronald\locals~1\applic~1\Sunbelt Software
2011-02-25 23:09:15 -------- d-----w- c:\program files\CCleaner
2011-02-25 21:46:32 -------- d-----w- c:\program files\VS Revo Group
2011-02-25 16:32:24 -------- d-----w- c:\docume~1\ronald\applic~1\TeamViewer
2011-02-25 16:32:07 -------- d-----w- c:\program files\TeamViewer
2011-02-07 17:42:17 38848 ----a-w- c:\windows\avastSS.scr
2011-02-07 17:41:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-07 17:18:51 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-07 15:34:01 -------- d-----w- c:\docume~1\ronald\applic~1\URSoft
2011-02-07 13:33:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-02-07 09:19:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-07 09:10:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-07 08:20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-07 08:20:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-07 07:41:20 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PSZCTVS
2011-02-07 07:40:48 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\b5b463
.
==================== Find3M ====================
.
2011-01-21 14:44:07 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04:12 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25:55 735232 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:34 739328 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14:07 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14:02 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30:17 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 22:02:48,65 ===============
 
Hi Jointducky, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

First make sure these settings are correct.

Open your Internet Explorer:
  • At the top click Tools, click Internet Options
  • On the Connections Tab click Lan Settings
  • Uncheck use a proxy server


For FireFox it's
  • Tools > Options
  • Click the Advanced button
  • Click the Network tab
  • In the connections section click the Settings button
  • Check mark No Proxy
  • OK your way out.



Let's see if we can clear some of this up with this tool. It will need to be renamed befoe you download it.

Download OTL to your desktop.

Before you click save please change the name to OTL.scr

Next, Double click on OTL.scr
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Next

Please open OTL if it is not opened after the reboot.

  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Deskuop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • OTL fix log
  • both OTL scan logs
How's the computer?
 
Last edited:
Thanks for ur help Oldman960 but....

Dear Mister Oldman960,
I di exactly as u said but i get an error:
Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.
I addet a photo of the message to this reply so it v!rus free gg.
After i hit the ok button on the message the scsn seems to freeze at: Resetting HOSTS file. DO NOT INTERRUPT
Also the computer is busy all the time doing nothing.
Can u give me an advise please?
Regards Erik.
 
After Forced Reboot....

Hi there,
After i forced a reboot i get this in the OLT fix log:
Files\Folders moved on Reboot...
G:\Mijn Documenten\Downloads\cmd.bat moved successfully.
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!

Registry entries deleted on Reboot...
 
OLT.txt part 1

OTL logfile created on: 6-3-2011 23:20:22 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,11 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS

Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25493

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-27 12:46:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]

[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-06 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-05 22:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-02-07 14:11:17 | 000,001,932 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 204.152.194.148 www.google.com.au
O1 - Hosts: 204.152.194.148 google.ca
O1 - Hosts: 204.152.194.148 www.google.ca
O1 - Hosts: 204.152.194.148 google.ch
O1 - Hosts: 204.152.194.148 www.google.ch
O1 - Hosts: 204.152.194.148 google.de
O1 - Hosts: 204.152.194.148 www.google.de
O1 - Hosts: 204.152.194.148 google.dk
O1 - Hosts: 204.152.194.148 www.google.dk
O1 - Hosts: 204.152.194.148 google.fr
O1 - Hosts: 204.152.194.148 www.google.fr
O1 - Hosts: 204.152.194.148 google.ie
O1 - Hosts: 204.152.194.148 www.google.ie
O1 - Hosts: 204.152.194.148 google.it
O1 - Hosts: 204.152.194.148 www.google.it
O1 - Hosts: 204.152.194.148 google.co.jp
O1 - Hosts: 204.152.194.148 www.google.co.jp
O1 - Hosts: 204.152.194.148 google.nl
O1 - Hosts: 204.152.194.148 www.google.nl
O1 - Hosts: 204.152.194.148 google.no
O1 - Hosts: 204.152.194.148 www.google.no
O1 - Hosts: 204.152.194.148 google.co.nz
O1 - Hosts: 204.152.194.148 www.google.co.nz
O1 - Hosts: 204.152.194.148 google.pl
O1 - Hosts: 16 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011-03-06 23:18:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011-03-04 14:07:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011-02-07 18:42:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-02-07 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 18:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-07 16:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-02-07 16:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-07 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-07 10:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 10:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-02-07 08:41:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-02-07 08:40:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011-03-06 23:25:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-06 23:18:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald\Bureaublad\OTL(2).scr.exe
[2011-03-06 22:31:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-06 22:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-06 22:30:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-06 13:58:17 | 107,912,070 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:02:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 23:17:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:43 | 000,005,758 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-03-01 19:08:14 | 001,212,384 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-03-01 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-27 01:41:27 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:29 | 000,830,277 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 11:13:22 | 000,104,516 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:25 | 006,002,588 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:27:50 | 000,295,417 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-21 13:21:07 | 000,159,354 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:02 | 000,015,156 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-13 13:26:10 | 000,054,889 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:14:23 | 000,032,585 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 12:36:45 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:12 | 004,990,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-11 17:59:22 | 000,271,954 | ---- | M] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:24 | 000,009,781 | ---- | M] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:19 | 000,043,574 | ---- | M] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | M] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-09 09:03:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 9.lnk
[2011-02-08 09:21:05 | 000,070,579 | ---- | M] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | M] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-121706.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120626.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120625.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120624.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120623.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120622.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120621.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120620.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120619.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120618.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120617.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120615.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120613.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120611.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110304-120521.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155412.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155411.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155410.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155409.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155408.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155407.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155406.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155405.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155400.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155354.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155353.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110227-155338.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221742.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221741.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221740.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-221644.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145957.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145955.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145954.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145953.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145952.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145951.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145950.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-145948.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124931.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124930.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124929.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124928.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124927.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-124921.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010119.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010118.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010115.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010114.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010113.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010112.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010111.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010110.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010108.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110226-010100.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154450.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154449.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154448.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154447.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154446.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154445.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154444.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154443.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154442.backup
[2011-02-07 14:11:17 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-154435.backup
[2011-02-07 14:11:17 | 000,001,932 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134200.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134159.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134158.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134157.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134156.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134150.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134148.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134037.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134036.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134035.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134034.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134033.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-134021.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111718.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111717.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111716.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111715.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111714.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111713.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111712.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111532.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111531.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111530.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111529.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111528.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111523.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111514.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111513.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111512.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111511.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-111506.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093603.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093602.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093601.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093600.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093559.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093558.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093557.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093556.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093555.backup
[2011-02-07 09:16:04 | 000,002,888 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110207-093547.backup
[2011-02-06 12:26:52 | 000,110,048 | ---- | M] () -- G:\Mijn Documenten\DISLEXI TEST.JPG

========== Files Created - No Company Name ==========

[2011-03-06 13:58:17 | 107,912,070 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:56:54 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:42 | 000,005,758 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:27 | 000,830,277 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 20:51:56 | 001,212,384 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-02-22 11:13:21 | 000,104,516 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:16 | 006,002,588 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:21:06 | 000,159,354 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:00 | 000,015,156 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-18 09:45:37 | 000,295,417 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-13 13:41:14 | 000,032,585 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 13:26:31 | 000,054,889 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:23:04 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-13 13:22:57 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-13 12:27:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:10 | 004,990,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 17:59:20 | 000,271,954 | ---- | C] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:30 | 000,009,781 | ---- | C] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:52 | 000,043,574 | ---- | C] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | C] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-08 12:15:13 | 000,070,579 | ---- | C] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | C] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:51 | 000,110,048 | ---- | C] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========
 
OTL.txt part 2

[2011-02-07 18:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 14:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-27 14:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 14:39:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2011-02-07 18:18:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-27 14:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-01-26 10:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009-08-08 12:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009-09-19 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011-02-07 08:41:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-03-04 02:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-26 22:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-10-01 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Acronis
[2011-02-27 15:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2010-11-05 16:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\BabylonToolbar
[2010-07-27 16:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\dBpoweramp
[2010-11-05 17:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\FreeVideoConverter
[2007-10-03 13:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\LimeWire
[2009-09-19 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Propellerhead Software
[2009-07-30 17:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Smart Recorder
[2011-02-25 17:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-07 16:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-03-04 13:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-05 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-06 23:25:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007-09-29 12:06:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-02-27 01:41:27 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2001-09-07 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007-09-29 12:06:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-03-06 22:30:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2007-09-29 12:06:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-09-29 12:06:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-06 22:30:10 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007-09-29 12:05:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-03-15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011-01-13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010-04-17 01:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009-07-20 20:11:30 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007-09-29 13:48:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-09-29 13:48:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-09-29 13:48:58 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-05 10:03:11


< MD5 for: EXPLORER.EXE >
[2007-06-13 14:24:02 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=147E95A42A58CE99E403F7F57656BBEB -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-06-13 14:12:27 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=1D6245AFBD3FAABC16A885116BE1874D -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-05 11:24:15 | 000,032,442 | ---- | M] () MD5=3494407AB9524A113E8293FF8C57A8B9 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SCF >
[2001-09-07 12:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CHM >
[2009-02-26 02:51:16 | 000,579,272 | ---- | M] () MD5=63E0C6D9070736AAAD95791A8C028E86 -- C:\WINDOWS\Help\iexplore.chm
[2004-07-17 10:35:24 | 000,226,342 | ---- | M] () MD5=8CBC2453EBF6EE5AC54027A9F8CB0D42 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.CHW >
[2010-09-24 10:26:19 | 000,160,867 | ---- | M] () MD5=58B0366AB7B048A222D6F80158114EAC -- C:\WINDOWS\Help\iexplore.chw

< MD5 for: IEXPLORE.EXE >
[2008-04-14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2008-04-14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\iexplore.exe
[2004-08-04 00:03:30 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=78D969F35CD64BF0761F731FCA5FC99D -- C:\WINDOWS\ie8\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009-03-08 13:13:48 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=56079FF20F68E1B172D1496E4A2034BA -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2009-03-08 13:13:48 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=56079FF20F68E1B172D1496E4A2034BA -- C:\Program Files\Internet Explorer\nl-NL\iexplore.exe.mui

< MD5 for: IEXPLORE.HLP >
[2001-09-07 12:00:00 | 000,097,563 | ---- | M] () MD5=984E3C35895C20B858DBF7322A7BB841 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe
[2008-04-14 18:03:19 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\system32\winlogon.exe
[2004-08-04 00:03:38 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=732ED791711DF9C9DD15E5515BC681B8 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >
 
Extras.txt

OTL Extras logfile created on: 6-3-2011 23:20:22 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,11 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS

Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - compatibiliteitsmodus (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"F:\setup\HPZNUI01.EXE" = F:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.2 - Nederlands
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.91
"TeamViewer 6" = TeamViewer 6
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup starten
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21-2-2011 16:23:03 | Computer Name = KANTOOR | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 26-2-2011 5:58:06 | Computer Name = KANTOOR | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Er is een interne certificeringsketenfout opgetreden.

Error - 26-2-2011 6:04:32 | Computer Name = KANTOOR | Source = Winlogon | ID = 1015
Description = Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt.
Statuscode: 00000000. De computer dient nu opnieuw te worden opgestart.

Error - 26-2-2011 11:35:16 | Computer Name = KANTOOR | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 26-2-2011 17:50:27 | Computer Name = KANTOOR | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: procexp.exe, versie: 14.1.0.0, vastgelopen
module: procexp.exe, versie: 14.1.0.0, vastgelopen op: 0x0002cf22.

Error - 27-2-2011 8:20:56 | Computer Name = KANTOOR | Source = pctsSvc.exe | ID = 0
Description =

Error - 27-2-2011 8:54:23 | Computer Name = KANTOOR | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Fout
27035. CA_Error27035: ReloadAvi(0xE001003D): Reloading of AVG databases failed

Error - 28-2-2011 16:54:25 | Computer Name = KANTOOR | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
. Error code = 0x80131047

Error - 3-3-2011 19:18:41 | Computer Name = KANTOOR | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80070020

Error - 4-3-2011 8:13:12 | Computer Name = KANTOOR | Source = Windows Search Service | ID = 3024
Description = De update kan niet worden gestart omdat er geen toegang kan worden
verkregen tot de inhoudsbronnen. Herstel de fouten en probeer de update opnieuw
uit te voeren. Context: toepassing Windows, catalogus SystemIndex

[ System Events ]
Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Acronis Scheduler2Service-service kan vanwege de volgende fout
niet worden gestart: %%2

Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Google Updateservice (gupdate)-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 6-3-2011 8:45:15 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De PfModNT-service kan vanwege de volgende fout niet worden gestart:
%%2

Error - 6-3-2011 8:47:02 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7022
Description = De HP CUE DeviceDiscovery-service-service is bij het starten vastgelopen.

Error - 6-3-2011 16:12:31 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7034
Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
keer gebeurd.

Error - 6-3-2011 16:12:31 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7031
Description = De TeamViewer 6-service is onverwacht gestopt. Dit is 1 keer gebeurd.
De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service
opnieuw starten.

Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Acronis Scheduler2Service-service kan vanwege de volgende fout
niet worden gestart: %%2

Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De Google Updateservice (gupdate)-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 6-3-2011 17:30:44 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7000
Description = De PfModNT-service kan vanwege de volgende fout niet worden gestart:
%%2

Error - 6-3-2011 17:32:29 | Computer Name = KANTOOR | Source = Service Control Manager | ID = 7022
Description = De HP CUE DeviceDiscovery-service-service is bij het starten vastgelopen.


< End of report >
 
question?

Hi,
I did exactly as u said, but the scan takes almost 15 mins?!!
Is that normal?
And about the computer....
When i go to the homepage startpagina.nl,
it starts loading all kinds of adthuytr.com and adsmoney.com and sites like that.
But it not shows those sites, just in the left lower line i see it.(i added a photo of it).
Also Google sites still not loading.
Regards Erik.
 
Hi Jointducky,

Don't panic, we've just began to resolve your issues. TeaTimer may have interfered with the last fix.

SPYBOT TEATIMER
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25493
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)

:Files
C:\WINDOWS\System32\drivers\etc\hosts.*.backup

:Commands
[resethosts]
[emptytemp]
[createrestorepoint]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


Next

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE

    Code: 
    C:\Documents and Settings\All Users\Application Data\b5b463\*.* /s
  • Click the Run Scan button. Do not change any settings unless therwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt .


Please post back with
  • OTL fix log
  • OTL.txt
Thanks
 
OTL fix log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ deleted successfully.
Item C:\WINDOWS\System32\svchost.exe is whitelisted and cannot be moved.
========== FILES ==========
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093547.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093555.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093556.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093557.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093558.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093559.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093600.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093601.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093602.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-093603.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111506.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111511.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111512.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111513.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111514.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111523.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111528.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111529.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111530.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111531.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111532.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111712.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111713.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111714.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111715.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111716.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111717.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-111718.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134021.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134033.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134034.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134035.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134036.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134037.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134148.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134150.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134156.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134157.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134158.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134159.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-134200.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154435.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154442.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154443.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154444.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154445.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154446.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154447.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154448.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154449.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110207-154450.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010100.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010108.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010110.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010111.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010112.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010113.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010114.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010115.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010118.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-010119.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124921.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124927.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124928.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124929.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124930.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-124931.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145948.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145950.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145951.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145952.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145953.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145954.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145955.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-145957.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221644.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221740.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221741.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110226-221742.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155338.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155353.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155354.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155400.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155405.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155406.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155407.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155408.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155409.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155410.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155411.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110227-155412.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120521.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120611.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120613.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120615.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120617.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120618.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120619.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120620.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120621.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120622.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120623.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120624.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120625.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-120626.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110304-121706.backup moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ronald
->Temp folder emptied: 5717853 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43213560 bytes
->Flash cache emptied: 3485 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 03072011_195405

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!

Registry entries deleted on Reboot...
 
OTL.txt

OTL logfile created on: 7-3-2011 20:03:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 436,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 2,95 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,35 Gb Free Space | 89,50% Space Free | Partition Type: NTFS

Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-27 12:46:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]

[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-06 23:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-06 23:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-03-07 19:54:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.djlafleur.nl/auth/controls/IlosoftImageUpload.dll (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-03-07 19:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-07 11:07:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011-03-04 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011-02-07 18:42:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-02-07 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-07 18:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-07 16:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\URSoft
[2011-02-07 16:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-07 14:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-02-07 10:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-02-07 10:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-02-07 09:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-02-07 08:41:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PSZCTVS
[2011-02-07 08:40:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\b5b463
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011-03-07 20:05:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-07 19:58:40 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-07 19:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-07 19:57:28 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-07 19:54:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-03-07 19:41:47 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-03-07 17:46:33 | 107,965,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 23:17:10 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:43 | 000,005,758 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-03-01 19:08:14 | 001,212,384 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-03-01 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:29 | 000,830,277 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 11:13:22 | 000,104,516 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:25 | 006,002,588 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:27:50 | 000,295,417 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-21 13:21:07 | 000,159,354 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:02 | 000,015,156 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-13 13:26:10 | 000,054,889 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:14:23 | 000,032,585 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 12:36:45 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:12 | 004,990,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-11 19:00:49 | 000,053,369 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-11 17:59:22 | 000,271,954 | ---- | M] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:24 | 000,009,781 | ---- | M] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:19 | 000,043,574 | ---- | M] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | M] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-09 09:03:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader 9.lnk
[2011-02-08 09:21:05 | 000,070,579 | ---- | M] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | M] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:52 | 000,110,048 | ---- | M] () -- G:\Mijn Documenten\DISLEXI TEST.JPG

========== Files Created - No Company Name ==========

[2011-03-07 17:46:33 | 107,965,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-02 12:33:42 | 000,005,758 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.JPG
[2011-03-02 12:33:37 | 000,041,038 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\naamloos.bmp
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2011-02-24 17:22:27 | 000,830,277 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Advertorial_Dolce_Vita.pdf
[2011-02-22 20:51:56 | 001,212,384 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Wij_Zorgen_Ervoor....pdf
[2011-02-22 11:13:21 | 000,104,516 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Lifestyle_Aangepast4.pdf
[2011-02-22 08:54:16 | 006,002,588 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Open huis.jpg
[2011-02-21 13:21:06 | 000,159,354 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\www.dolcevitadrachten.nl-nc-factuur-2010.pdf
[2011-02-21 08:33:00 | 000,015,156 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\201000421_Dolce_Vita_20110220.pdf
[2011-02-18 09:45:37 | 000,295,417 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Kortingscoupon.pdf
[2011-02-13 13:41:14 | 000,032,585 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Immu-plus-product-web.jpg
[2011-02-13 13:26:31 | 000,054,889 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\HAELAN951_951_Fermented_Soy_Beverage.jpg
[2011-02-13 13:23:04 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Haelan 951.jpg
[2011-02-13 13:22:57 | 000,053,369 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\ervaringen.jpg
[2011-02-13 12:27:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\agelater_withlogo - high res.JPG
[2011-02-12 15:15:10 | 004,990,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\DSCF1365.jpg
[2011-02-11 17:59:20 | 000,271,954 | ---- | C] () -- G:\Mijn Documenten\Dolce_Vita_Haar_en_Huidverbetering_-_Drachten.pdf
[2011-02-10 09:50:30 | 000,009,781 | ---- | C] () -- G:\Mijn Documenten\systems_taway.jpg
[2011-02-10 09:49:52 | 000,043,574 | ---- | C] () -- G:\Mijn Documenten\t-awayvoorenna.jpg
[2011-02-09 09:40:34 | 001,609,074 | ---- | C] () -- G:\Mijn Documenten\ISOcoated_v2_300.zip
[2011-02-08 12:15:13 | 000,070,579 | ---- | C] () -- G:\Mijn Documenten\logo.png
[2011-02-07 16:33:56 | 000,000,761 | ---- | C] () -- G:\Mijn Documenten\Your Uninstaller!.lnk
[2011-02-06 12:26:51 | 000,110,048 | ---- | C] () -- G:\Mijn Documenten\DISLEXI TEST.JPG
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< C:\Documents and Settings\All Users\Application Data\b5b463\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >
 
Hi Jointducky,

How is the computer?

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next

Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the window under Custom Scans/Fixes copy and paste the following


    C:\Documents and Settings\All Users\Application Data\PSZCTVS\*.* /s



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with
  • MBAM log
  • OTL.txt
Thanks
 
OTL.txt

OTL logfile created on: 9-3-2011 18:50:17 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 404,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,23 Gb Free Space | 19,47% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,34 Gb Free Space | 89,48% Space Free | Partition Type: NTFS

Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\Documents and Settings\All Users\Application Data\PSZCTVS\*.* /s >
[2011-02-07 14:31:32 | 000,028,198 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\PSZCTVS\PSWHOBKSUWS.cfg

< End of report >
 
MBAM.txt

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9-3-2011 18:37:30
mbam-log-2011-03-09 (18-37-30).txt

Scantype: Snelle scan
Objecten gescand: 142265
Verstreken tijd: 11 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
 
how's the computer doing?

Dear oldman,
The computer is working fine.
All internet pages load now though starting Internet takes a wile. (dont know if thats normal).
Nothing detected by MBAM!
I really thank u for ur time and effort.
Regards Erik.
 
Hi Jointducky,

All internet pages load now though starting Internet takes a wile. (dont know if thats normal).
Click to expand...
How is it otherwise?

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Files
C:\Documents and Settings\All Users\Application Data\PSZCTVS

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Next

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.

Next
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • In the window under Custom scans/fixes copy and paste all the text in the code box
    Code: 
    /md5start
msmsgs.*
/md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows, OTL.Txt

Please post back with
  • OTL fix log
  • MBAM log
  • OTL.txt
How's the computer?

Thanks
 
OTL fix log

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\PSZCTVS folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ronald
->Temp folder emptied: 5946356 bytes
->Temporary Internet Files folder emptied: 310044788 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43554211 bytes
->Flash cache emptied: 4574 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23713 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5617483 bytes

Total Files Cleaned = 348,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_225359

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\LOSN5LSD\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!
File\Folder C:\Documents and Settings\Ronald\Local Settings\Temporary Internet Files\Content.IE5\ELZKHGNQ\HellSinQ - Hard Reunion - HellSinQ & Dj-Dirty-D not found!

Registry entries deleted on Reboot...
 
ESET txt

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=3a826ae5c68ed740aab842e98b1a9f0c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-11 11:35:15
# local_time=2011-03-12 12:35:15 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 95 6543 43175410 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3774 3774 0 0
# scanned=44015
# found=0
# cleaned=0
# scan_time=5099
 
OTL.txt

OTL logfile created on: 12-3-2011 22:52:17 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,60 Gb Total Space | 3,68 Gb Free Space | 22,20% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 1,99 Gb Free Space | 97,65% Space Free | Partition Type: NTFS
Drive G: | 37,26 Gb Total Space | 33,34 Gb Free Space | 89,49% Space Free | Partition Type: NTFS

Computer Name: KANTOOR | User Name: Ronald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!\OTL(2).scr.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crtdll.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Updateservice (gupdate) -- File not found
SRV - (AVG Security Toolbar Service) -- File not found
SRV - (AcrSch2Svc) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (USRWGU(USR)) USRobotics Wireless USB Adapter(USR) -- C:\WINDOWS\system32\drivers\USRWGU.sys (U.S. Robotics Corporation)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (sfman) Creative SoundFont Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager-stuurprogramma (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011-03-03 23:55:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 13:16:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:16:10 | 000,000,000 | ---D | M]

[2009-09-28 13:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Extensions
[2011-03-12 13:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions
[2011-02-27 20:33:13 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-03-03 23:26:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-27 20:40:09 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Ronald\Application Data\Mozilla\Firefox\Profiles\yiec8jtw.default\extensions\coralietab@mozdev.org
[2011-03-12 13:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-19 10:58:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-21 20:22:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 08:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-05 22:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-03 19:53:57 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-03 19:53:57 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-03 19:53:57 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-03 19:53:57 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-03 19:53:57 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-03-07 19:54:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: dance-tunes.com ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: google.nl ([.www] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: hanze.nl ([intranet] https in Vertrouwde websites)
O15 - HKCU\..Trusted Domains: one.com ([webmail] https in Vertrouwde websites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298826837421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298826812250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.dolcevitadrachten.nl/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ronald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ronald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-29 12:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-03-11 23:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-03-11 23:07:18 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Ronald\Bureaublad\esetsmartinstaller_enu.exe
[2011-03-11 22:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Maria Mena - Compacted Discography (256,320)
[2011-03-09 18:20:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-09 18:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011-03-09 18:20:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-09 18:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-08 14:56:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ronald\Onlangs geopend
[2011-03-07 19:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-05 22:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Bureaublad\Niet Openen aub!
[2011-03-05 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-03-05 22:02:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-03-05 22:02:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-03-05 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-03-05 22:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011-03-05 21:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 21:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Search
[2011-03-05 11:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\ApplicationHistory
[2011-03-04 22:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\7-Zip
[2011-03-04 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-03-04 21:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-03-04 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011-03-04 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Accessoires
[2011-03-04 13:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-03-04 13:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-03-04 13:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-03-04 13:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Windows Desktop Search
[2011-03-04 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011-03-04 13:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-04 13:07:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-03-04 13:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-03-04 13:07:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-03-04 13:06:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-03-04 13:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011-03-04 12:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-03-04 11:47:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-03-04 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-03-03 22:33:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011-03-03 22:33:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011-03-03 22:32:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011-03-03 22:32:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011-03-03 22:31:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011-03-03 21:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-03 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2011-03-03 20:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011-03-03 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011-03-03 20:10:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-02-28 21:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-02-28 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-02-28 21:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011-02-28 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-02-28 21:32:46 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-02-28 21:32:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-02-28 21:32:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-02-28 21:32:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-02-28 21:32:45 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-02-28 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011-02-28 16:06:59 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011-02-28 16:06:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011-02-28 08:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-02-28 08:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011-02-27 23:06:36 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011-02-27 23:06:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011-02-27 22:53:47 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011-02-27 22:53:47 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011-02-27 22:53:46 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011-02-27 22:53:46 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011-02-27 21:35:27 | 000,272,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-02-27 21:31:46 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011-02-27 21:29:29 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011-02-27 21:29:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011-02-27 21:28:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011-02-27 21:25:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011-02-27 21:25:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011-02-27 21:24:40 | 002,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-02-27 21:24:27 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011-02-27 21:24:21 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011-02-27 21:24:16 | 002,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011-02-27 21:08:58 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011-02-27 21:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011-02-27 21:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011-02-27 21:08:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011-02-27 21:08:15 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011-02-27 21:07:54 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011-02-27 21:06:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011-02-27 21:04:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011-02-27 20:53:43 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011-02-27 20:53:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011-02-27 18:14:30 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011-02-27 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG
[2011-02-27 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG PC Tuneup 2011
[2011-02-27 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\AVG10
[2011-02-27 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2011
[2011-02-27 14:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-02-27 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-02-27 02:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\Malwarebytes
[2011-02-27 02:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-02-27 01:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-02-26 16:40:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 16:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Local Settings\Application Data\Sunbelt Software
[2011-02-26 16:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-02-26 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Spybot - Search & Destroy
[2011-02-26 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-25 22:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Menu Start\Programma's\Revo Uninstaller
[2011-02-25 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011-02-25 22:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox
[2011-02-25 17:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald\Application Data\TeamViewer
[2011-02-25 17:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TeamViewer 6
[2011-02-25 17:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2002-04-11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011-03-12 22:55:00 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B333AE2-C697-4ECF-AE78-B5C1B7093564}.job
[2011-03-12 17:15:49 | 108,462,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-11 23:07:20 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Ronald\Bureaublad\esetsmartinstaller_enu.exe
[2011-03-11 22:59:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-11 22:58:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-11 22:58:13 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-11 17:31:36 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Factuur_Microdermabrasie_Binsma.pdf
[2011-03-09 20:57:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-09 18:20:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-03-08 13:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-03-08 13:10:52 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-07 19:54:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-03-07 19:41:47 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2011-03-05 11:01:43 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-05 10:59:42 | 000,536,544 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-03-05 10:59:42 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-05 10:59:42 | 000,101,162 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-03-05 10:59:41 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-04 22:27:17 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 13:06:30 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-03-04 13:06:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-04 13:06:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-03 23:58:17 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-03-03 21:27:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-03 20:22:26 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-03-03 19:52:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\chgkey.vbs
[2011-03-01 20:31:27 | 327,118,416 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | M] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 15:06:51 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 02:38:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:54 | 000,541,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 21:18:40 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 16:39:59 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-02-26 00:09:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-26 00:06:17 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-25 23:36:18 | 000,000,070 | ---- | M] () -- C:\WINDOWS\sbwin.ini
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-25 23:36:11 | 000,001,560 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-25 22:46:33 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk

========== Files Created - No Company Name ==========

[2011-03-12 17:15:49 | 108,462,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-11 17:31:36 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Factuur_Microdermabrasie_Binsma.pdf
[2011-03-09 20:57:10 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-09 18:20:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-03-05 11:01:43 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\fusioncache.dat
[2011-03-04 22:27:09 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\7z920.exe
[2011-03-04 13:10:36 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
[2011-03-04 13:10:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk.disabled
[2011-03-04 11:31:16 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Defender.lnk
[2011-03-03 19:30:30 | 000,000,592 | ---- | C] () -- C:\WINDOWS\chgkey.vbs
[2011-03-01 20:13:28 | 327,118,416 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2011-02-27 23:11:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011-02-27 23:06:52 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011-02-27 23:06:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011-02-27 23:06:51 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011-02-27 23:06:50 | 000,076,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011-02-27 23:06:50 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011-02-27 23:06:49 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011-02-27 23:06:49 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011-02-27 23:06:49 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011-02-27 23:06:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011-02-27 23:06:48 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011-02-27 23:06:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011-02-27 23:06:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011-02-27 23:06:46 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011-02-27 23:06:46 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011-02-27 23:06:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011-02-27 23:06:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011-02-27 23:06:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011-02-27 23:06:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011-02-27 23:06:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011-02-27 23:06:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011-02-27 23:06:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011-02-27 23:06:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011-02-27 23:06:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011-02-27 23:06:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011-02-27 23:06:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011-02-27 23:06:23 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011-02-27 23:06:23 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011-02-27 23:06:23 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011-02-27 23:06:23 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011-02-27 23:06:23 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011-02-27 23:06:23 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011-02-27 23:06:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011-02-27 23:06:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011-02-27 23:06:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011-02-27 23:06:20 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011-02-27 23:06:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011-02-27 23:05:50 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011-02-27 23:05:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011-02-27 23:05:38 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011-02-27 23:05:38 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011-02-27 23:04:56 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011-02-27 23:03:24 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011-02-27 23:03:23 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011-02-27 23:03:23 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011-02-27 23:03:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011-02-27 23:03:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011-02-27 23:03:17 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011-02-27 15:06:51 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\AVG PC Tuneup 2011.lnk
[2011-02-27 14:08:52 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2011.lnk
[2011-02-27 13:58:41 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-27 02:38:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-02-26 22:58:42 | 000,541,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-02-26 01:07:31 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011-02-26 01:07:31 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011-02-26 00:18:55 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Spybot - Search & Destroy.lnk
[2011-02-26 00:09:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011-02-25 22:46:33 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Ronald\Bureaublad\Revo Uninstaller.lnk
[2011-02-25 22:37:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Ronald\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-25 22:37:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2011-02-25 17:32:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\TeamViewer 6.lnk
[2010-11-05 15:56:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-11-05 15:56:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-11-05 15:56:19 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-05 15:56:19 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-05 15:56:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-09-19 11:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-27 12:45:50 | 000,023,209 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010-07-27 12:28:55 | 000,077,418 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010-07-27 11:50:46 | 000,175,870 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010-07-27 11:50:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2009-10-21 13:28:01 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-09-11 15:45:09 | 000,170,220 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009-07-21 19:04:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-21 14:20:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2009-02-21 13:11:42 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-02-18 13:22:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-02-18 13:05:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI
[2008-05-26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007-11-28 03:32:00 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007-11-28 03:26:10 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007-11-18 16:52:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ronald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-26 17:40:30 | 000,016,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-03 15:07:20 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-10-01 18:37:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-09-29 13:51:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-09-29 13:50:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-29 13:33:19 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-29 12:10:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-09-29 12:01:25 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005-07-12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005-05-03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17(2).dll
[2004-08-04 00:16:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-03-23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-04-07 12:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-03-14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,536,544 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,101,162 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========



< MD5 for: MSMSGS.CAT >
[2004-08-04 00:52:48 | 000,009,581 | ---- | M] () MD5=9F8D1DA48F43FC7B7628087F9006A1D6 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | ---- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | ---- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.cat
[2008-04-14 19:02:47 | 000,012,363 | --S- | M] () MD5=F79998793683FD1C33E8624D9A9740B0 -- C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msmsgs.cat

< MD5 for: MSMSGS.CAT.000 >
[2004-08-04 00:52:48 | 000,009,581 | ---- | M] () MD5=9F8D1DA48F43FC7B7628087F9006A1D6 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat.000

< MD5 for: MSMSGS.EXE >
[2004-10-13 17:21:24 | 001,694,208 | ---- | M] (Microsoft Corporation) MD5=32C08C70FDD7CD745A723C1DA521161C -- C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
[2004-10-13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) MD5=74E6E96C6F0E2ECA4EDBB7F7A468F259 -- C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\Program Files\Messenger\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
[2008-04-14 18:03:07 | 001,695,232 | ---- | M] (Microsoft Corporation) MD5=8C36CD5BAED5CE58BAEC5D73E30508E4 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.exe

< MD5 for: MSMSGS.INF >
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\inf\msmsgs.inf
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\ServicePackFiles\i386\msmsgs.inf
[2004-08-03 23:59:10 | 000,103,352 | ---- | M] () MD5=C1341EA418C6B9FA16D37E006EE493A1 -- C:\WINDOWS\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\msmsgs.inf

< MD5 for: MSMSGS.PNF >
[2007-09-29 12:13:14 | 000,087,888 | ---- | M] () MD5=DB195BEC84A3B96E1FC7CC254B1F7969 -- C:\WINDOWS\inf\msmsgs.PNF

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >
 
Status
Not open for further replies.
Back
Top