Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't update AVG anymore, cmd and regedit don't work anymore, ...


  • This topic is locked This topic is locked
7 replies to this topic

#1 Hangman

Hangman

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 11 May 2009 - 01:38 PM

Hi everyone,

A few days ago, I suddenly couldn't update AVG anymore. It always gives me an error, telling me the connection with the server failed. I also noticed that I can't connect Limewire (P2P program) anymore and opening movie streams in Windows Media Player doesn't work anymore either.

I searched some forums for a solution and I found someone with a similar problem, who also told he couldn't execute the "cmd" and "regedit" commands anymore. I tried it on my own computer and I can't run those things anymore either. When I try executing them, the explorer goes all weird and shuffles the program bars on the task bar.

I've manually downloaded the latest updates for AVG, installed them and did a full scan, that didn't find a thing. I also ran AdAware, which said I had some malware, which I removed with it. Then I also ran Malwarebytes' Anti-Malware, which found some more malware, so I removed it, rebooted my pc, but the problems still exist...

I'm hoping someone can help me with this problem, because it's really anoying...

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:26, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.telenet.be/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.17.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.10.10.26;192.168.2.103;192.168.101.70;192.168.101.74;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Microsoft Web Test Recorder Helper - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Snelkoppeling naar BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Alles downloaden met &ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload met &ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe

--
End of file - 11535 bytes



Thank you very much in advance for taking a look at this!

Kind regards,

Tom

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 11 May 2009 - 02:17 PM

Hi Tom,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Tell me also if you have set a proxy server or you recognize these setting:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.17.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.10.10.26;192.168.2.103;192.168.101.70;192.168.101.74;localhost;<local>
[/list]

#3 Hangman

Hangman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 11 May 2009 - 04:17 PM

Hi farbar,

Thank you very much for your quick response.

Here's the output of OTListIt2:

OTListIT.txt:

OTListIt logfile created on: 11/05/2009 23:05:23 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\hangman\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000813 | Country: BelgiŽ | Language: NLB | Date Format: d/MM/yyyy

1023,40 Mb Total Physical Memory | 361,21 Mb Available Physical Memory | 35,30% Memory free
2,40 Gb Paging File | 1,80 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,81 Gb Total Space | 1,01 Gb Free Space | 1,81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOPTOM
Current User Name: hangman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004/08/13 19:05:56 | 02,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe
PRC - [2009/05/11 08:51:52 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/05/09 03:21:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/09/19 15:56:06 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 19:03:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2009/05/09 03:21:22 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/05/09 03:21:22 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2002/10/02 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004/09/13 11:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/03/04 11:26:08 | 00,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/09 03:21:22 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004/08/19 09:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2005/09/19 16:02:54 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 19:03:06 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/04/14 19:02:58 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/12/02 23:38:08 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/09 03:21:22 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/11 23:01:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hangman\Bureaublad\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/06/21 18:13:11 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/05/09 03:21:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/19 15:56:06 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 19:02:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 19:03:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/05/11 08:51:52 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2006/12/02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/08/13 19:05:56 | 02,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2008/04/14 19:03:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2004/08/29 02:06:16 | 00,094,208 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe -- (Tomcat5 [On_Demand | Stopped])
SRV - [2008/04/14 19:03:01 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/11/02 22:53:32 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2004/11/16 10:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2008/04/13 20:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/05/09 03:21:36 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/09 03:21:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/09 03:21:42 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/05/26 21:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2005/09/20 15:03:36 | 00,401,664 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
DRV - [2005/09/19 15:42:04 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2005/09/20 15:26:16 | 01,342,122 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/09/19 15:44:52 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2005/09/19 15:44:46 | 00,222,876 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running])
DRV - [2005/09/19 15:38:26 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2005/09/19 15:41:36 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2007/07/20 00:47:22 | 00,109,056 | ---- | M] () -- C:\WINDOWS\catchme.exe -- (catchme [On_Demand | Stopped])
DRV - [2003/05/01 13:26:34 | 00,005,220 | R--- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2005/01/07 14:14:30 | 00,297,035 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2004/02/02 12:29:00 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])
DRV - [2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2009/05/11 08:52:16 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2000/07/26 16:57:42 | 00,020,312 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\MPManF40.sys -- (MPManF40Usb [Auto | Stopped])
DRV - [2002/10/02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/10 17:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/04/08 23:07:50 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2004/08/10 16:51:30 | 00,059,984 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running])
DRV - [2003/08/28 21:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [Disabled | Stopped])
DRV - [2006/12/02 03:10:00 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys -- (VSPerfDrv [On_Demand | Stopped])
DRV - [2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intelģ Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2004/08/10 17:05:42 | 00,014,240 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2004/08/10 17:05:42 | 00,014,240 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2004/08/10 17:05:42 | 00,014,240 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2004/08/10 17:05:44 | 00,014,240 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/10 16:53:14 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://games.telenet.be/index.php
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.10.10.26;192.168.2.103;192.168.101.70;192.168.101.74;localhost;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://breedband.telenet.be"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/09 03:21:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2005/06/21 18:03:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/17 19:51:45 | 00,000,000 | ---D | M]

[2009/03/14 03:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hangman\Application Data\mozilla\Extensions
[2009/03/14 03:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hangman\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2005/06/21 18:03:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hangman\Application Data\mozilla\Firefox\Profiles\mff44x8m.default\extensions
[2005/06/21 18:03:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hangman\Application Data\mozilla\Firefox\Profiles\mff44x8m.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/01 07:49:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/05/23 15:33:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/12 16:16:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/04 22:56:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/01 07:49:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2005/06/21 18:03:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions
[2005/06/21 18:03:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/05/11 20:07:00 | 00,041,578 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/05/11 20:07:00 | 00,048,228 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/05/11 20:07:00 | 00,159,340 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2005/05/11 20:07:00 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2005/05/11 20:07:00 | 00,000,710 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2005/05/11 20:07:00 | 00,000,557 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.png
[2005/05/11 20:07:00 | 00,000,668 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.src
[2005/05/11 20:07:00 | 00,001,018 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2005/05/11 20:07:00 | 00,001,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2005/05/11 20:07:00 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2005/05/11 20:07:00 | 00,000,657 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2005/05/11 20:07:00 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/05/11 20:07:00 | 00,001,066 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Microsoft Web Test Recorder Helper) - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk = C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\hangman\Menu Start\Programma's\Opstarten\Snelkoppeling naar BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Alles downloaden met &ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload met &ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.be/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab (MSN File Upload Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/21 17:06:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cd34555a-bbf4-11dd-a4cc-0011437af684}\Shell - "" = AutoRun
O33 - MountPoints2\{cd34555a-bbf4-11dd-a4cc-0011437af684}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e909c50c-4f59-11dc-a1b6-0011437af684}\Shell - "" = AutoRun
O33 - MountPoints2\{e909c50c-4f59-11dc-a1b6-0011437af684}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
Drivers32: aux - C:\WINDOWS\system32\..\ukc.qpo ()
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.MI-SC4 - MI-SC4.acm File not found
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\system32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/11 23:01:47 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hangman\Bureaublad\OTListIt2.exe
[2009/05/11 18:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hangman\Application Data\Malwarebytes
[2009/05/11 18:37:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/11 18:37:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/11 18:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/11 18:37:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/11 17:52:12 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/11 08:52:50 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/11 08:52:46 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 00:22:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\hangman\Bureaublad\HijackThis.lnk
[2009/05/11 00:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/10 21:43:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/05/10 21:43:29 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2009/05/10 21:43:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/10 19:16:28 | 00,001,059 | ---- | C] () -- C:\Documents and Settings\hangman\Menu Start\Programma's\Opstarten\Snelkoppeling naar BTTray.lnk
[2009/05/09 03:21:42 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/09 03:21:42 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/09 03:21:36 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/09 03:21:35 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/09 03:21:32 | 35,943,645 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/09 03:21:32 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/09 03:21:32 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/09 03:21:32 | 00,040,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/09 03:21:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/05/09 03:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/08 18:53:38 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\hangman\Bureaublad\LimeWire 5.1.2.lnk
[2009/05/08 18:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/04/25 13:55:49 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\hangman\Bureaublad\Braid.lnk
[2009/04/21 20:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hangman\Application Data\Mp3tag
[2009/04/21 20:28:16 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mp3tag.lnk
[2009/04/21 20:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2009/04/20 23:53:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hangman\Application Data\Braid
[2009/04/16 18:08:46 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 18:08:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 18:08:44 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 18:08:44 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 18:08:43 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 18:08:42 | 00,684,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 18:08:41 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 18:08:41 | 00,734,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 18:08:41 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 17:57:36 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 17:57:35 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/08 22:43:32 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/01/30 18:59:31 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/25 15:41:33 | 01,207,800 | -HS- | C] () -- C:\WINDOWS\System32\povlkwey.ini
[2007/07/25 02:28:13 | 00,719,814 | -HS- | C] () -- C:\WINDOWS\System32\ijkmp.ini
[2006/10/11 23:54:10 | 00,233,529 | ---- | C] () -- C:\WINDOWS\System32\SerialDLL.dll
[2006/10/11 23:54:10 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\SC4WAV.dll
[2006/10/11 23:54:10 | 00,014,795 | ---- | C] () -- C:\WINDOWS\System32\us.dll
[2006/05/24 16:30:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\my.ini.old
[2006/05/15 11:27:53 | 00,024,294 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/05/15 11:27:53 | 00,001,072 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/05/15 11:27:39 | 00,060,360 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/05/15 11:27:38 | 00,014,997 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/05/15 11:27:36 | 00,017,921 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/10/23 16:45:19 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/22 00:36:52 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/10/22 00:36:52 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/09/22 14:55:10 | 00,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2005/09/22 09:17:33 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/09/19 15:50:42 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/06/21 18:52:58 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/06/21 17:59:12 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2005/06/21 17:59:12 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/06/21 17:55:41 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/21 17:49:40 | 00,000,891 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/21 17:17:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/01/07 14:15:56 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/07 14:10:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/12/14 13:04:48 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/14 13:02:49 | 01,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 20:39:04 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/03 22:59:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2002/10/02 14:00:00 | 00,000,741 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/10/02 14:00:00 | 00,000,277 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 23:01:51 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hangman\Bureaublad\OTListIt2.exe
[2009/05/11 20:21:36 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk
[2009/05/11 20:21:32 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk
[2009/05/11 20:21:03 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/11 20:21:01 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hangman\Local Settings\desktop.ini
[2009/05/11 20:07:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 20:07:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 08:52:47 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 08:52:24 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/11 08:52:16 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/11 00:22:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\hangman\Bureaublad\HijackThis.lnk
[2009/05/10 21:43:29 | 00,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Ad-Aware.lnk
[2009/05/10 19:16:28 | 00,001,059 | ---- | M] () -- C:\Documents and Settings\hangman\Menu Start\Programma's\Opstarten\Snelkoppeling naar BTTray.lnk
[2009/05/10 11:52:25 | 35,943,645 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/10 02:21:43 | 00,040,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/09 03:21:42 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/09 03:21:42 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/09 03:21:36 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/09 03:21:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/09 03:21:32 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/09 03:21:32 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/08 18:53:38 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\hangman\Bureaublad\LimeWire 5.1.2.lnk
[2009/04/25 13:55:49 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\hangman\Bureaublad\Braid.lnk
[2009/04/25 13:52:25 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Steam.lnk
[2009/04/21 20:28:16 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mp3tag.lnk
[2009/04/19 02:57:10 | 00,560,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 02:57:10 | 00,116,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/18 02:45:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 02:45:44 | 02,002,833 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\hangman\Bureaublad\AVIPreview.exe:KAVICHS
< End of report >


Extras.txt:

OTListIt Extras logfile created on: 11/05/2009 23:05:24 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\hangman\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000813 | Country: BelgiŽ | Language: NLB | Date Format: d/MM/yyyy

1023,40 Mb Total Physical Memory | 361,21 Mb Available Physical Memory | 35,30% Memory free
2,40 Gb Paging File | 1,80 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,81 Gb Total Space | 1,01 Gb Free Space | 1,81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOPTOM
Current User Name: hangman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/12/02 22:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 23:38:08 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/03/10 22:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/12/02 22:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 23:38:08 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/12/28 14:01:35 | 02,203,648 | ---- | M] () -- C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo
[2009/05/09 03:21:22 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/09 03:21:22 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15EF417D-A310-4D52-9CFB-402B0A26E3E9}" = MPMan-F40
"{1862162E-3BBC-448F-AA63-49F33152D54A}" = Microsoft Visual Studio 2005 Team Suite - ENU
"{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}" = Windows Live Messenger
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362F80B4-9628-4100-B074-5A1BB6FCBBF3}" = Windows Live Call
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5B5BFFF9-9D55-45AF-9390-AA4DC1C4EEFE}" = Microsoft SQL Server Desktop Engine
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B3B4E65B-F8B9-46E8-9B30-4DE339DB3F1E}" = Windows Live Essentials
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8221906-224A-4494-BB97-55FC63740019}" = Cisco Systems VPN Client 4.6.01.0019
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}" = Adobe Stock Photos 1.0
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D5B35376-6F9E-47B3-A9F8-791824EBFE0D}" = Samsung PC Studio 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"AMP WinOFF" = AMP WinOFF
"Apache Tomcat 5.0" = Apache Tomcat 5.0 (remove only)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"Ceville Demo" = Ceville Demo 1.0
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"HP Deskjet 6500 Series_Driver" = HP Deskjet 6500 Series
"ie7" = Windows Internet Explorer 7
"kazaalite202_is1" = Kazaa Lite K++ v2.4.1
"Knowledge Xpert for PLSQL V8.5" = Knowledge Xpert for PLSQL V8.5
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Team Suite - ENU" = Microsoft Visual Studio 2005 Team Suite - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (1.0.4)" = Mozilla Firefox (1.0.4)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Network Play System (Patching)" = Network Play System (Patching)
"Qemu" = Qemu 0.7.2 (remove only)
"Quest SQL Tuning" = Quest SQL Tuning
"ReGetDx" = ReGet Deluxe 4.2
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Steam App 10" = Counter-Strike
"Steam App 12900" = Audiosurf
"Steam App 13000" = Ninja Reflex: Steamworks Edition
"Steam App 22000" = World of Goo
"Steam App 26810" = Braid Demo
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 0.9.6
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/04/2009 18:28:07 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 9/04/2009 18:28:08 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 9/04/2009 18:28:09 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 9/04/2009 18:28:09 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 9/04/2009 18:28:10 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 9/04/2009 18:28:12 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 18/04/2009 20:36:03 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 18/04/2009 20:57:10 | Computer Name = LAPTOPTOM | Source = LoadPerf | ID = 3006
Description = Kan de tekenreeksen van de prestatiemeteritems niet lezen van taal-ID
013. De Win32-status die door de aanroep is geretourneerd is de eerste DWORD in
de sectie Gegevens.

Error - 30/04/2009 16:00:38 | Computer Name = LAPTOPTOM | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16827, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 11/05/2009 2:51:15 | Computer Name = LAPTOPTOM | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 8/05/2009 19:27:06 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7000
Description = De MPMan-F40 Usb Driver-service kan vanwege de volgende fout niet
worden gestart: %%1058

Error - 9/05/2009 2:49:53 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7000
Description = De MPMan-F40 Usb Driver-service kan vanwege de volgende fout niet
worden gestart: %%1058

Error - 9/05/2009 19:19:56 | Computer Name = LAPTOPTOM | Source = Dhcp | ID = 1000
Description = Uw computer heeft de lease verloren van het IP-adres 192.168.1.100
op de netwerkkaart met netwerkadres 0012F061EA8F.

Error - 9/05/2009 19:20:00 | Computer Name = LAPTOPTOM | Source = PSched | ID = 14103
Description = QoS [Adapter {5EC84D2F-1518-47F2-A2E6-F505FF67614B}]: Het stuurprogramma
voor de netwerkkaart kan niet zoeken naar OID_GEN_LINK_SPEED.

Error - 10/05/2009 5:34:32 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7000
Description = De MPMan-F40 Usb Driver-service kan vanwege de volgende fout niet
worden gestart: %%1058

Error - 10/05/2009 9:27:11 | Computer Name = LAPTOPTOM | Source = PSched | ID = 14103
Description = QoS [Adapter {5EC84D2F-1518-47F2-A2E6-F505FF67614B}]: Het stuurprogramma
voor de netwerkkaart kan niet zoeken naar OID_GEN_LINK_SPEED.

Error - 10/05/2009 10:55:17 | Computer Name = LAPTOPTOM | Source = BROWSER | ID = 8032
Description = De Browser-service heeft te vaak de reservelijst op transport \Device\NetBT_Tcpip_{E9846357-92F4-4E8C-A608-9EDFFB5F8767}
niet kunnen ophalen. De reservebrowser is gestopt.

Error - 11/05/2009 2:55:43 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7000
Description = De MPMan-F40 Usb Driver-service kan vanwege de volgende fout niet
worden gestart: %%1058

Error - 11/05/2009 14:07:53 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7000
Description = De MPMan-F40 Usb Driver-service kan vanwege de volgende fout niet
worden gestart: %%1058

Error - 11/05/2009 14:07:59 | Computer Name = LAPTOPTOM | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: IntelIde


< End of report >

I see there's a lot of Dutch in there, so if you need something translated, feel free to ask!

I do recognize the proxy settings. I don't have a proxy on at the moment, but those settings were for when I connected through VPN to my previous employer's network. Although the checkbox for the proxy settings has been ticket off, the ip's are still in there, but grayed out, so I guess it's normal they're listed in the log?

Thanks again for the help!

Tom

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 11 May 2009 - 04:37 PM

Thanks for the translating offer.

Please open OTListTt2.
  • Copy the text in code box and paste it to Custom Scans/Fixes section:

    :Processes
    explorer.exe
    :otli
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-682003330-1606980848-2146912999-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [] File not found
    Drivers32: aux - C:\WINDOWS\system32\..\ukc.qpo ()
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "aux"="wdmaud.drv"
    :commands
    [start explorer]
    [emptytemp]
    [Reboot]
  • Click Run Fix button.
  • If the fix needed a reboot please do it.
  • After finished a log will open. Copy and paste the log to your reply. Also tell me how is your computer running.


#5 Hangman

Hangman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 12 May 2009 - 01:10 AM

Thanks a lot farbar! Everything seems to run smoothly again... AVG updated after the reboot, cmd works again, I can open video streams again and Limewire seems to connect again too.

Here's the output of the log:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1606980848-2146912999-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\aux deleted successfully.
C:\WINDOWS\system32\..\ukc.qpo moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
========== COMMANDS ==========
Explorer started successfully
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3a8.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05122009_075016

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_3a8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat not found!

Registry entries deleted on Reboot...


Can you tell me what I was infected with? So I might try to avoid this in the future...

Again, thank you very, very much for your help!

Tom

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 12 May 2009 - 03:17 AM

Everything looks good and you are most welcome.

You were infected by Win32/Daonol Trojan.
  • Please run OTListIt2.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove any tools we used, including OTListIt2, and will require a reboot.
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

Optional Recommendations:
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition

    Note: If you decide to install Comodo, while installing uncheck the option related to Ask Toolbar.

  • I strongly recommend to update your Adobe Acrobat specially due to the trojan we removed.

  • Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.


#7 Hangman

Hangman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 12 May 2009 - 03:34 PM

Thanks for the final guidelines!

I've cleaned up OTListIt2 and updated Adobe Acrobat and everything...

I already run a firewall though, Sygate Personal Firewall Pro, so I suppose I'm fine there...

Nog is bedankt he ;-)

Tom

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 12 May 2009 - 03:45 PM

Graag gedaan Tom.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users