[code] OTScanIt2 logfile created on: 30-12-2008 19:52:18 - Run 1 OTScanIt2 by OldTimer - Version 1.0.4.2 Folder = D:\Documents and Settings\Marijn\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy 894,04 Mb Total Physical Memory | 478,29 Mb Available Physical Memory | 53,50% Memory free 2,12 Gb Paging File | 1,79 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,52 Gb Total Space | 15,82 Gb Free Space | 51,83% Space Free | Partition Type: NTFS Drive D: | 81,27 Gb Total Space | 55,18 Gb Free Space | 67,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VRIJE-E11BD8219 Current User Name: Marijn Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> [2005-06-06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008-10-01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006-04-04 20:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006-04-04 20:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008-12-30 16:16:02 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2008-12-30 16:16:01 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008-12-30 16:15:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> [2004-12-22 00:32:46 | 00,827,499 | ---- | M] (Broadcom Corporation) cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> [2007-10-25 16:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [2007-10-25 16:33:22 | 00,563,984 | ---- | M] () googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008-10-05 14:29:15 | 00,168,432 | ---- | M] (Google) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008-10-01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008-10-01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008-12-30 19:44:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> [2007-10-19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007-10-19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) notepad.exe -> %SystemRoot%\system32\notepad.exe -> [2008-04-14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) o2flash.exe -> %SystemRoot%\system32\o2flash.exe -> [2005-01-27 15:33:58 | 00,036,864 | ---- | M] () otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008-12-29 14:23:14 | 00,477,696 | ---- | M] (OldTimer Tools) quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [2007-10-25 16:37:32 | 02,178,832 | ---- | M] () realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2006-08-07 16:49:15 | 00,180,269 | ---- | M] (RealNetworks, Inc.) rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2006-04-17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> [2006-01-20 11:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) vsnpstd.exe -> %SystemRoot%\vsnpstd.exe -> [2003-12-31 15:39:04 | 00,040,960 | ---- | M] () wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> [2004-12-22 00:32:46 | 00,651,368 | ---- | M] (Broadcom Corporation) wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2004-12-22 00:32:48 | 00,065,536 | ---- | M] () wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008-04-14 01:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Mobiel Apple apparaat [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008-10-01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007-04-13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2006-04-04 20:52:38 | 00,405,504 | ---- | M] (ATI Technologies Inc.) (avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008-12-30 16:15:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) (Bonjour Service) Bonjour-service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007-04-13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008-10-05 14:29:15 | 00,168,432 | ---- | M] (Google) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008-04-14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (iPod Service) iPod-service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008-10-01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) (LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> [2007-10-19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007-10-19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> [2007-10-19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (O2Flash) O2Micro Flash Memory [Win32_Own | Auto | Running] -> %SystemRoot%\system32\o2flash.exe -> [2005-01-27 15:33:58 | 00,036,864 | ---- | M] () (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007-01-19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) (wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2004-12-22 00:32:48 | 00,065,536 | ---- | M] () (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006-09-28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008-12-30 19:44:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Driver Services - Safe List] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2006-05-10 10:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) (AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ar5211.sys -> [2005-05-05 01:08:38 | 00,463,168 | ---- | M] (Atheros Communications, Inc.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2006-04-04 20:58:44 | 01,536,000 | ---- | M] (ATI Technologies Inc.) (AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\avgarkt.sys -> [2007-01-31 14:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) (AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgArCln.sys -> [2007-01-18 13:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008-12-30 16:16:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008-12-30 16:16:13 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008-04-17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2005-10-21 17:52:48 | 00,021,568 | ---- | M] (HP) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> [2006-04-17 16:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) (LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Lvckap.sys -> [2007-10-19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) (LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVMVdrv.sys -> [2007-10-11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) (LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVPr2Mon.sys -> [2007-10-11 18:59:24 | 00,025,624 | ---- | M] () (O2MDRDR) O2MDRDR [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\o2media.sys -> [2006-02-27 14:00:50 | 00,034,880 | ---- | M] (O2Micro ) (O2SDRDR) O2SDRDR [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\o2sd.sys -> [2006-02-20 15:01:06 | 00,029,056 | ---- | M] (O2Micro ) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004-12-31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> [2005-09-30 10:11:42 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) (sdbus) sdbus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008-04-13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007-11-13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smserial.sys -> [2006-01-20 11:44:42 | 00,862,340 | ---- | M] (Motorola Inc.) (snpstd) TRUST 120 SPACEC@M [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\snpstd.sys -> [2004-02-19 13:12:34 | 00,299,776 | ---- | M] () (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001-08-17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_bus.sys -> [2005-08-30 00:47:38 | 00,058,320 | ---- | M] (MCCI) (ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdfl.sys -> [2005-08-30 00:49:34 | 00,008,336 | ---- | M] (MCCI) (ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssm_mdm.sys -> [2005-08-30 00:49:38 | 00,094,000 | ---- | M] (MCCI) (StarOpen) StarOpen [File_System | System | Running] -> %SystemRoot%\System32\drivers\StarOpen.sys -> [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008-07-22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008-04-13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) (w800bus) Sony Ericsson W800 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800bus.sys -> [2005-06-13 10:03:12 | 00,060,768 | ---- | M] (MCCI) (w800mdfl) Sony Ericsson W800 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800mdfl.sys -> [2005-06-13 10:05:08 | 00,009,264 | ---- | M] (MCCI) (w800mdm) Sony Ericsson W800 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800mdm.sys -> [2005-06-13 10:05:16 | 00,096,224 | ---- | M] (MCCI) (w800mgmt) Sony Ericsson W800 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800mgmt.sys -> [2005-06-13 10:06:58 | 00,087,792 | ---- | M] (MCCI) (w800obex) Sony Ericsson W800 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w800obex.sys -> [2005-06-13 10:08:36 | 00,085,664 | ---- | M] (MCCI) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004-12-31 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms} -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.geekstogo.com/forum/Hijackthis-log-Online-games-sych-trojan-autorun-inf-infected-t222678.html -> HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx -> HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < FireFox Settings [Default Profile] > -> D:\Documents and Settings\Marijn\Application Data\Mozilla\FireFox\Profiles\f32qo7ot.default\prefs.js -> browser.search.defaultenginename -> "Google" -> browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage_override.mstone -> "rv:1.8.1.11" -> < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> File not found {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2007-09-13 12:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008-12-30 16:16:02 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008-12-30 19:44:45 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006-08-31 19:33:06 | 00,322,368 | ---- | M] (Microsoft Corporation) {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008-12-30 16:16:06 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2007-05-22 00:26:04 | 02,423,872 | R--- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008-10-05 14:29:36 | 00,652,784 | ---- | M] (Google Inc.) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008-12-30 19:44:45 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008-12-30 19:44:46 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2007-05-22 00:26:04 | 02,423,872 | R--- | M] (Google Inc.) "{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008-12-30 16:16:06 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2007-05-22 00:26:04 | 02,423,872 | R--- | M] (Google Inc.) WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008-12-30 16:16:06 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> [2005-06-06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) "Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005-05-03 18:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) "AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008-10-01 11:57:42 | 00,111,936 | ---- | M] (Apple Inc.) "AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008-12-30 16:16:01 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) "Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY] -> [2004-12-22 00:32:46 | 00,651,368 | ---- | M] (Broadcom Corporation) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008-10-01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) "LogitechCommunicationsManager" -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [2007-10-25 16:33:22 | 00,563,984 | ---- | M] () "LogitechQuickCamRibbon" -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [2007-10-25 16:37:32 | 02,178,832 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008-09-06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) "RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2006-04-17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) "SMSERIAL" -> %SystemRoot%\sm56hlpr.exe [sm56hlpr.exe] -> [2006-01-20 11:34:26 | 00,544,768 | ---- | M] (Motorola Inc.) "snpstd" -> %SystemRoot%\vsnpstd.exe [C:\WINDOWS\vsnpstd.exe] -> [2003-12-31 15:39:04 | 00,040,960 | ---- | M] () "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008-12-30 19:44:45 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2006-08-07 16:49:15 | 00,180,269 | ---- | M] (RealNetworks, Inc.) "UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "kamsoft" -> %SystemRoot%\system32\kamsoft.exe [C:\WINDOWS\system32\kamsoft.exe] -> File not found "msnmsgr" -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "vamsoft" -> %SystemRoot%\system32\vamsoft.exe [C:\WINDOWS\system32\vamsoft.exe] -> File not found < All Users Startup Folder > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008-04-23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) < Marijn Startup Folder > -> D:\Documents and Settings\Marijn\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\WorkPace 3.0.lnk -> %ProgramFiles%\WorkPace 3.0\workpace.exe -> File not found < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [36] -> File not found \\"NoDriveAutoRun" -> [FF FF FF FF [binary data]] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm] -> [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) Add to Windows &Live Favorites -> [http://favorites.live.com/quickadd.aspx] -> File not found E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found E&xporteren naar Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) Open in new background tab -> %ProgramFiles%\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?1571a41be047438c9a249fd5412797ce] -> File not found Open in new foreground tab -> %ProgramFiles%\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?1571a41be047438c9a249fd5412797ce] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2007-09-13 12:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008-04-14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008-04-14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007-09-13 12:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5 Control] -> {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} [HKLM] -> http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab[JordanUploader Class] -> {5F8469B4-B055-49DD-83F7-62B522420ECC} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154935238687[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154946354187[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[Get_ActiveX Control] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E87F6C8E-16C0-11D3-BEF7-009027438003} [HKLM] -> http://www.hema.nl/xupload/XUpload.ocx[Persits Software XUpload] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {14C03920-9C63-4269-95FC-C07DF9FC9D26} -> () -> {5B6366DD-889A-41B4-8E6F-FEE826D2E8DA} -> (1394 Net Adapter) -> {71469DFA-975B-44C4-8C25-97BBF14BE063} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {AD483E2A-6DA7-43CA-9CF6-593AEEE36B57} -> (Atheros AR5005G Wireless Network Adapter) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008-12-30 16:16:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2006-04-04 20:53:40 | 00,061,440 | ---- | M] (ATI Technologies Inc.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007-01-04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008-12-30 16:16:01 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2006-01-03 23:08:14 | 00,154,624 | ---- | M] (Aelitis) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found "C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008-10-01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008-04-14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007-01-04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> [2007-09-13 12:31:38 | 22,880,040 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\Soulseek\slsk.exe" -> C:\Program Files\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek] -> [2005-04-17 23:08:10 | 03,112,960 | ---- | M] () "D:\Limewire\LimeWire.exe" -> D:\Limewire\LimeWire.exe [D:\Limewire\LimeWire.exe:*:Enabled:LimeWire] -> [2007-12-03 22:35:53 | 00,147,456 | ---- | M] (Lime Wire, LLC) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008-04-13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006-07-24 16:43:00 | 00,000,000 | ---- | M] () C:\autorun.inf [;asds00fCkoaKalqK3sA03K9is5qwAa4aZ0k4sn2erwdAa2e1iaKr1S5lasiKcAso0IlL4aDwLoSlD5Dk2aAk54w5rd741lDw8i | [AutoRun] | ;jw2dasapLkd3dK6l95SaKZilSqsUf7s7l4flsK3 | open=2u.com | ;DJDLalDdwaKfi13dessZ27Ki42a5kawXLLidK7e3oeqirAsw5k2A13or8jfDAmL0l0jk0a2iS4wDsDK023sfiaksLicAClLL1dkqaaOw0Lqf3alf3k4a3Z4ao | shell\open\Command=2u.com | ;CDwoaae5kK2D7lA0La39saD1il2afDspl4sLq07AsD4Olji9aji4Hdawfok3K3keiqf4rj28k2i1rA5iqi304dwALLo353DJ | shell\open\Default=1 | ;kawD423a7wjsL4o558aSK | shell\explore\Command=2u.com | ;Aor38A4DqK3L4rq44ZwrFed9KasKAkDs3DoOkKk244w0Kd4koKriqlJXiLaLLsJ2kaq5awia3d29lwjCajlc0nkiL4l3aiK2a82 | ] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008-12-30 16:24:19 | 00,000,595 | RHS- | M] () D:\autorun.inf [;asds00fCkoaKalqK3sA03K9is5qwAa4aZ0k4sn2erwdAa2e1iaKr1S5lasiKcAso0IlL4aDwLoSlD5Dk2aAk54w5rd741lDw8i | [AutoRun] | ;jw2dasapLkd3dK6l95SaKZilSqsUf7s7l4flsK3 | open=2u.com | ;DJDLalDdwaKfi13dessZ27Ki42a5kawXLLidK7e3oeqirAsw5k2A13or8jfDAmL0l0jk0a2iS4wDsDK023sfiaksLicAClLL1dkqaaOw0Lqf3alf3k4a3Z4ao | shell\open\Command=2u.com | ;CDwoaae5kK2D7lA0La39saD1il2afDspl4sLq07AsD4Olji9aji4Hdawfok3K3keiqf4rj28k2i1rA5iqi304dwALLo353DJ | shell\open\Default=1 | ;kawD423a7wjsL4o558aSK | shell\explore\Command=2u.com | ;Aor38A4DqK3L4rq44ZwrFed9KasKAkDs3DoOkKk244w0Kd4koKriqlJXiLaLLsJ2kaq5awia3d29lwjCajlc0nkiL4l3aiK2a82 | ] -> D:\autorun.inf [ NTFS ] -> [2008-12-30 16:24:19 | 00,000,595 | RHS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\AutoRun\command \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\AutoRun\command\\"" -> G:\xih9.cmd [G:\xih9.cmd] -> File not found \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\explore\Command \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\explore\Command\\"" -> G:\xih9.cmd [G:\xih9.cmd] -> File not found \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\open\Command \{4bc51be4-abde-11dd-a0f0-00c0a8d2e754}\Shell\open\Command\\"" -> G:\xih9.cmd [G:\xih9.cmd] -> File not found \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\AutoRun\command \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\AutoRun\command\\"" -> F:\xih9.cmd [F:\xih9.cmd] -> File not found \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\explore\Command \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\explore\Command\\"" -> F:\xih9.cmd [F:\xih9.cmd] -> File not found \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\open\Command \{a5f3aa63-a527-11dd-a0eb-00c0a8d2e754}\Shell\open\Command\\"" -> F:\xih9.cmd [F:\xih9.cmd] -> File not found \{e1b45361-345b-11d9-aa54-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b45361-345b-11d9-aa54-806d6172696f}\Shell \{e1b45361-345b-11d9-aa54-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b45361-345b-11d9-aa54-806d6172696f}\Shell\AutoRun \{e1b45361-345b-11d9-aa54-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b45361-345b-11d9-aa54-806d6172696f}\Shell\AutoRun\command \{e1b45361-345b-11d9-aa54-806d6172696f}\Shell\AutoRun\command\\"" -> D:\setup.exe [D:\setup.exe] -> File not found [Registry - Additional Scans - Safe List] < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008-04-14 01:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004-12-31 13:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2007-08-13 18:32:30 | 00,045,568 | ---- | M] (Microsoft Corporation) .html [@ = SafariHTML] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\MSOXMLED.EXE -> [2006-10-26 21:41:50 | 00,059,152 | ---- | M] (Microsoft Corporation) .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008-04-14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008-04-14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008-04-14 01:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) .scr [@ = scrfile] -> "%1" /S -> .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008-04-14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008-05-08 12:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> [2008-12-30 16:16:06 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007-01-19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001-06-20 10:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007-01-19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2007-09-13 12:31:38 | 01,828,176 | R--- | M] (Skype Technologies) < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center \\"FirstRunDisabled" -> [1] -> File not found \\"AntiVirusDisableNotify" -> [0] -> File not found \\"FirewallDisableNotify" -> [0] -> File not found \\"UpdatesDisableNotify" -> [0] -> File not found \\"AntiVirusOverride" -> [0] -> File not found \\"FirewallOverride" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile \\"EnableFirewall" -> [1] -> File not found \\"DoNotAllowExceptions" -> [0] -> File not found \\"DisableNotifications" -> [0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {04355822-9E20-4CE2-ABF2-022ADDCC3B47} -> Amos 6 {07FD685C-32DC-4BEA-ACE7-91B703073B12} -> SPSS Data Access Pack 4.0 for Windows {0AE19D89-17A9-404D-932A-FAAF43F3C77E} -> SPSS 14.0 for Windows {0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0 {12AC9C3C-0FE7-4307-B9C0-B19B2E7DD3CC} -> Wireless LAN Client Installation Program {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer {2604C0F9-BFD3-4BA0-9EB5-22537C648F03} -> MobileMe Control Panel {26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11 {341201D4-4F61-4ADB-987E-9CCE4D83A58D} -> Windows Live Toolbar Extension (Windows Live Toolbar) {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP {35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} -> Windows Live Outlook Toolbar (Windows Live Toolbar) {49672EC2-171B-47B4-8CE7-50D7806360D7} -> Windows Live Sign-in Assistant {4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0 {53B2CFE9-A508-4457-B2CA-5D253536BFB7} -> OneCare Advisor (Windows Live Toolbar) {571700F0-DB9D-4B3A-B03D-35A14BB5939F} -> Windows Live Messenger {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.5 {66A7A386-6F35-41A7-A731-101F0C0153C8} -> Popup Blocker (Windows Live Toolbar) {68108E66-D13A-4EE8-A6F4-40E4B90C2A26} -> Windows Live Toolbar Feed Detector (Windows Live Toolbar) {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable {786C4AD1-DCBA-49A6-B0EF-B317A344BD66} -> Windows Live Favorites for Windows Live Toolbar {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec {7D1D6A24-65D4-454C-8815-4F08A5FFF12C} -> Macromedia Shockwave Player {852426AC-B78E-4D73-8280-3BFBE06286E2} -> SPSS SmartViewer 14.0 {8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} -> Bonjour {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player {8D70145A-3BD3-4DBF-9CBF-223EF4A43257} -> ATI Parental Control & Encoder {8DC42D05-680B-41B0-8878-6C14D24602DB} -> QuickTime {90120000-0010-0413-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (Dutch) 12 {90120000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2007 {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0015-0413-0000-0000000FF1CE} -> Microsoft Office Access MUI (Dutch) 2007 {90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0016-0413-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Dutch) 2007 {90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0018-0413-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Dutch) 2007 {90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0019-0413-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Dutch) 2007 {90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001A-0413-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Dutch) 2007 {90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001B-0413-0000-0000000FF1CE} -> Microsoft Office Word MUI (Dutch) 2007 {90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof (German) 2007 {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0413-0000-0000000FF1CE} -> Microsoft Office Proof (Dutch) 2007 {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-002C-0413-0000-0000000FF1CE} -> Microsoft Office Proofing (Dutch) 2007 {90120000-0044-0413-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Dutch) 2007 {90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{4059772C-68BA-4FE4-9B6E-3EC37C0C4624} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-006E-0413-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Dutch) 2007 {90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{1120A001-69F4-43D2-83CE-716B2DC4366F} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {901E0413-6000-11D3-8CFE-0150048383C9} -> Microsoft Office 2003 Dutch User Interface Pack {91CA8C77-30FC-4AAF-B2EE-F51B0746D95C} -> ATI Catalyst Control Center {945AC98B-3DC8-45BE-BAE0-22CEEE37A103} -> Logitech QuickCam {94FB906A-CF42-4128-A509-D353026A607E} -> REALTEK Gigabit and Fast Ethernet NIC Driver {976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} -> Apple Mobile Device Support {9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1 -> Hitman Pro {A2A0A82F-025F-458d-A0CD-9BB2320804B5} -> Microsoft Works {AC76BA86-7AD7-1033-7B44-A71000000002} -> Adobe Reader 7.1.0 {AC76BA86-7AD7-5464-3428-7050000000A7} -> Adobe Reader 7.0.5 Language Support {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter {B4010125-E73B-4D6B-808E-5130F1411E95} -> Samsung PC Studio {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player {C0B0893D-6DA2-4F14-B1D0-3C0F1272B398} -> Reference Manager 11 {C4A4722E-79F9-417C-BD72-8D359A090C97} -> Samsung PC Studio {C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} -> Safari {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 {D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader {D34D82E0-4600-407B-9478-8506C1DD1043} -> Nero 7 Essentials {D5A145FC-D00C-4F1A-9119-EB4D9D659750} -> Windows Live Toolbar {DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer {DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} -> iTunes {EB1B0104-6A57-446F-B855-FDF49151BE0C} -> O2Micro Flash Memory Card Windows Driver V2.04 {EBA29752-DDD2-4B62-B2E3-9841F92A3E3A} -> Samsung PC Studio 3 USB Driver Installer {EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1 -> ZipGenius 6 (6.0.2.1060) {F084395C-40FB-4DB3-981C-B51E74E1E83D} -> Smart Menus (Windows Live Toolbar) {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver {FE4BD9BD-4A26-4F39-B12C-19336204B102} -> EndNote X Volume License Edition 9E140F48C9836B9B78539C08FB2B17146BDB3F65 -> Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) Aangifte inkomstenbelasting 2007 -> Aangifte inkomstenbelasting 2007 Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX All ATI Software -> ATI - Software-verwijderprogramma ATI Display Driver -> ATI Display Driver AVG8Uninstall -> AVG Free 8.0 AVGantiRootkit -> AVG Anti-Rootkit Free Azureus -> Azureus Broadcom 802.11b Network Adapter -> Broadcom 802.11 Network Adapter Euroglot 5.0 -> Euroglot Professional 5.0 (remove only) Google Updater -> Google Updater HijackThis -> HijackThis 2.0.2 HitmanPro3 -> Hitman Pro 3 Hospital -> Theme Hospital IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ie7 -> Windows Internet Explorer 7 InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C} -> O2Micro Flash Memory Card Windows Driver V2.04 ISI ResearchSoft - Export Helper -> ISI ResearchSoft - Export Helper LimeWire -> LimeWire 4.14.12 lvdrivers_11.50 -> Logitech QuickCam-stuurprogrammapakket Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 Mozilla Firefox (2.0.0.11) -> Mozilla Firefox (2.0.0.11) MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs PCFriendly -> PCFriendly PROPLUS -> Microsoft Office Professional Plus 2007 RealPlayer 6.0 -> RealPlayer RollerCoaster Tycoon Setup -> Roll SAMSUNG CDMA Modem -> SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device -> SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver -> Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem -> SAMSUNG Mobile USB Modem Software SAMSUNG Mobile USB Modem 1.0 -> SAMSUNG Mobile USB Modem 1.0 Software SecureW2 Client -> SecureW2 Client 2.2.0 SMSERIAL -> Motorola SM56 Data Fax Modem Sony Ericsson W800 -> Sony Ericsson W800 Software Soulseek -> SoulSeek Client 156c TRUST 120 SPACEC@M -> TRUST 120 SPACEC@M VobSub -> VobSub v2.23 (Remove Only) Winamp -> Winamp Windows Live Toolbar -> Windows Live Toolbar Windows Media Format Runtime -> Windows Media Format 11 runtime Windows Media Player -> Windows Media Player 11 Windows XP Service Pack -> Windows XP Service Pack 3 WMFDist11 -> Windows Media Format 11 runtime wmp11 -> Windows Media Player 11 WorkPace 3.00.14 -> WorkPace 3.0 Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008-08-29 08:53:50 | 00,147,456 | ---- | M] (Apple Inc.) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2-12-2008 15:23:40 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 489 -> Description = wuauclt (2704) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Application [ Error ] 2-12-2008 15:23:40 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 455 -> Description = wuaueng.dll (2704) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Application [ Error ] 2-12-2008 15:23:50 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 489 -> Description = wuauclt (2704) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Application [ Error ] 2-12-2008 15:23:50 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 455 -> Description = wuaueng.dll (2704) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Application [ Error ] 2-12-2008 15:24:06 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 489 -> Description = wuauclt (5348) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Application [ Error ] 2-12-2008 15:24:06 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 455 -> Description = wuaueng.dll (5348) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Application [ Error ] 2-12-2008 15:24:16 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 489 -> Description = wuauclt (5348) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Application [ Error ] 2-12-2008 15:24:16 Computer Name = VRIJE-E11BD8219 | Source = ESENT | ID = 455 -> Description = wuaueng.dll (5348) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Application [ Error ] 5-12-2008 15:10:08 Computer Name = VRIJE-E11BD8219 | Source = Application Hang | ID = 1002 -> Description = Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 6-12-2008 13:47:28 Computer Name = VRIJE-E11BD8219 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000. OSession [ Error ] 18-10-2007 19:24:54 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17589 seconds with 480 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:25:10 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:25:21 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:25:29 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:25:36 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:26:00 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:26:24 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 18-10-2007 19:27:24 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 9-8-2008 19:24:34 Computer Name = VRIJE-E11BD8219 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 50796 seconds with 5520 seconds of active time. This session ended with a crash. System [ Error ] 3-12-2008 8:12:31 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.3 for the Network Card with network address 00C0A8D2E754 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 5-12-2008 7:57:03 Computer Name = VRIJE-E11BD8219 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 5-12-2008 7:59:11 Computer Name = VRIJE-E11BD8219 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 5-12-2008 8:01:11 Computer Name = VRIJE-E11BD8219 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 6-12-2008 8:04:38 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 0.0.0.0 for the Network Card with network address 00C0A8D2E754 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). System [ Error ] 8-12-2008 9:55:08 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1000 -> Description = Your computer has lost the lease to its IP address 10.0.0.3 on the Network Card with network address 00C0A8D2E754. System [ Error ] 23-12-2008 5:38:55 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1000 -> Description = Your computer has lost the lease to its IP address 192.168.1.11 on the Network Card with network address 00C0A8D2E754. System [ Error ] 24-12-2008 14:24:31 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 0.0.0.0 for the Network Card with network address 00C0A8D2E754 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). System [ Error ] 24-12-2008 14:26:01 Computer Name = VRIJE-E11BD8219 | Source = System Error | ID = 1003 -> Description = Error code 100000ea, parameter1 84ed3588, parameter2 84ffb0b8, parameter3 f7991cbc, parameter4 00000001. System [ Error ] 26-12-2008 21:03:51 Computer Name = VRIJE-E11BD8219 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 0.0.0.0 for the Network Card with network address 00C0A8D2E754 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). [Files/Folders - Created Within 30 Days] 2 D:\Documents and Settings\Marijn\My Documents\*.tmp files -> D:\Documents and Settings\Marijn\My Documents\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008-12-30 19:49:17 | 00,000,000 | ---D | C] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2008-12-30 16:32:19 | 00,000,000 | -H-D | C] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2008-12-30 16:16:17 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [2008-12-30 16:16:17 | 00,001,429 | ---- | C] () avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008-12-30 16:16:16 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008-12-30 16:16:08 | 31,322,344 | ---- | C] () avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008-12-30 16:16:08 | 06,061,540 | ---- | C] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008-12-30 16:16:08 | 00,368,010 | ---- | C] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008-12-30 16:16:08 | 00,008,170 | ---- | C] () AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [2008-12-30 16:16:08 | 00,000,000 | ---D | C] Avg -> %SystemRoot%\System32\drivers\Avg -> [2008-12-30 16:16:08 | 00,000,000 | ---D | C] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2008-12-30 16:15:58 | 00,000,000 | ---D | C] AVG -> %ProgramFiles%\AVG -> [2008-12-30 16:15:58 | 00,000,000 | ---D | C] bla -> %UserProfile%\Desktop\bla -> [2008-12-30 16:04:29 | 00,000,000 | ---D | C] TROJAN HORSE.bmp -> %UserProfile%\Desktop\TROJAN HORSE.bmp -> [2008-12-29 20:22:11 | 03,072,054 | ---- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008-12-29 16:44:31 | 00,001,618 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008-12-29 16:44:30 | 00,000,000 | ---D | C] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008-12-29 16:44:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) iqe68o.bat -> %SystemDrive%\iqe68o.bat -> [2008-12-23 11:48:58 | 00,105,097 | RHS- | C] () vbsdfe1.dll -> %SystemRoot%\System32\vbsdfe1.dll -> [2008-12-23 11:48:32 | 00,085,504 | RHS- | C] () rcukd.cmd -> %SystemDrive%\rcukd.cmd -> [2008-12-04 10:56:50 | 00,105,589 | RHS- | C] () Belastingdienst -> %UserProfile%\My Documents\Belastingdienst -> [2008-12-03 14:24:03 | 00,000,000 | ---D | C] Aangifte inkomstenbelasting 2007.lnk -> %AllUsersProfile%\Desktop\Aangifte inkomstenbelasting 2007.lnk -> [2008-12-03 14:22:40 | 00,000,878 | ---- | C] () Belastingdienst -> %ProgramFiles%\Belastingdienst -> [2008-12-03 14:22:35 | 00,000,000 | ---D | C] Bdienst -> %SystemDrive%\Bdienst -> [2008-12-03 13:40:11 | 00,000,000 | ---D | C] ncyrf.bat -> %SystemDrive%\ncyrf.bat -> [2008-12-03 13:14:43 | 00,109,260 | RHS- | C] () gasretyw1.dll -> %SystemRoot%\System32\gasretyw1.dll -> [2008-12-03 13:14:15 | 00,084,992 | RHS- | C] () e.cmd -> %SystemDrive%\e.cmd -> [2008-12-02 18:32:22 | 00,108,698 | RHS- | C] () gasretyw0.dll -> %SystemRoot%\System32\gasretyw0.dll -> [2008-12-02 18:31:56 | 00,084,992 | RHS- | C] () ckvo.exe -> %SystemRoot%\System32\ckvo.exe -> [2008-12-02 18:31:13 | 00,090,120 | RHS- | C] () ckvo0.dll -> %SystemRoot%\System32\ckvo0.dll -> [2008-12-02 18:31:13 | 00,084,992 | RHS- | C] () rooster_met_verzoeken.xls -> %UserProfile%\Desktop\rooster_met_verzoeken.xls -> [2008-12-02 17:07:53 | 00,080,384 | ---- | C] () Practicum_anemie_vervangende_opdrachten_handleiding_opdracht_1._2008.doc -> %UserProfile%\Desktop\Practicum_anemie_vervangende_opdrachten_handleiding_opdracht_1._2008.doc -> [2008-12-01 17:42:01 | 00,029,184 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 2 D:\Documents and Settings\Marijn\My Documents\*.tmp files -> D:\Documents and Settings\Marijn\My Documents\*.tmp -> S6000673.JPG -> %UserProfile%\My Documents\S6000673.JPG -> [2024-06-06 16:34:48 | 01,530,652 | ---- | M] () S6000607.JPG -> %UserProfile%\My Documents\S6000607.JPG -> [2024-06-06 03:57:50 | 01,491,321 | ---- | M] () S6000559.JPG -> %UserProfile%\My Documents\S6000559.JPG -> [2024-06-05 18:07:42 | 01,546,337 | ---- | M] () Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [2008-12-30 19:53:01 | 00,000,256 | ---- | M] () Perflib_Perfdata_530.dat -> %SystemRoot%\Temp\Perflib_Perfdata_530.dat -> [2008-12-30 19:45:00 | 00,016,384 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008-12-30 19:43:38 | 00,002,206 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008-12-30 19:38:30 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008-12-30 19:38:28 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008-12-30 19:38:24 | 93,753,7536 | -HS- | M] () NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2008-12-30 19:37:36 | 06,291,456 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2008-12-30 19:37:21 | 00,000,178 | -HS- | M] () incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008-12-30 16:28:36 | 31,322,344 | ---- | M] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008-12-30 16:28:11 | 00,368,010 | ---- | M] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008-12-30 16:28:11 | 00,008,170 | ---- | M] () autorun.inf -> %SystemDrive%\autorun.inf -> [2008-12-30 16:24:19 | 00,000,595 | RHS- | M] () avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2008-12-30 16:16:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [2008-12-30 16:16:17 | 00,001,429 | ---- | M] () avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008-12-30 16:16:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008-12-30 16:16:13 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008-12-30 16:16:08 | 06,061,540 | ---- | M] () gasretyw0.dll -> %SystemRoot%\System32\gasretyw0.dll -> [2008-12-30 15:38:50 | 00,084,992 | RHS- | M] () TROJAN HORSE.bmp -> %UserProfile%\Desktop\TROJAN HORSE.bmp -> [2008-12-29 20:22:12 | 03,072,054 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008-12-29 16:44:31 | 00,001,618 | ---- | M] () HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008-12-29 16:44:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) vbsdfe1.dll -> %SystemRoot%\System32\vbsdfe1.dll -> [2008-12-29 15:37:21 | 00,085,504 | RHS- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008-12-27 02:21:55 | 00,000,116 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008-12-27 02:11:03 | 00,076,800 | ---- | M] () Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [2008-12-23 11:47:55 | 00,002,371 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008-12-23 11:14:49 | 00,001,393 | ---- | M] () My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008-12-23 10:43:02 | 00,000,594 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008-12-21 01:07:32 | 00,004,646 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008-12-21 01:07:32 | 00,004,232 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008-12-13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008-12-13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) gasretyw1.dll -> %SystemRoot%\System32\gasretyw1.dll -> [2008-12-06 13:05:16 | 00,084,992 | RHS- | M] () iqe68o.bat -> %SystemDrive%\iqe68o.bat -> [2008-12-06 13:05:15 | 00,105,097 | RHS- | M] () rcukd.cmd -> %SystemDrive%\rcukd.cmd -> [2008-12-04 18:27:11 | 00,105,589 | RHS- | M] () Aangifte inkomstenbelasting 2007.lnk -> %AllUsersProfile%\Desktop\Aangifte inkomstenbelasting 2007.lnk -> [2008-12-03 14:22:40 | 00,000,878 | ---- | M] () ncyrf.bat -> %SystemDrive%\ncyrf.bat -> [2008-12-03 13:14:12 | 00,109,260 | RHS- | M] () e.cmd -> %SystemDrive%\e.cmd -> [2008-12-02 18:31:54 | 00,108,698 | RHS- | M] () ckvo0.dll -> %SystemRoot%\System32\ckvo0.dll -> [2008-12-02 18:31:13 | 00,084,992 | RHS- | M] () rooster_met_verzoeken.xls -> %UserProfile%\Desktop\rooster_met_verzoeken.xls -> [2008-12-02 17:07:57 | 00,080,384 | ---- | M] () Practicum_anemie_vervangende_opdrachten_handleiding_opdracht_1._2008.doc -> %UserProfile%\Desktop\Practicum_anemie_vervangende_opdrachten_handleiding_opdracht_1._2008.doc -> [2008-12-01 17:42:03 | 00,029,184 | ---- | M] () wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2007-05-06 23:01:02 | 00,161,139 | ---- | M] () wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2007-05-06 22:57:54 | 00,016,384 | ---- | M] () opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2007-03-22 00:03:43 | 00,008,206 | ---- | M] () opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006-08-14 14:30:12 | 00,008,206 | ---- | M] () < End of report > [/code]