Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse PSW.Generic7

Started by sebastiaanl , Nov 15 2009 07:41 AM

  • Please log in to reply

#1
sebastiaanl
Posted 15 November 2009 - 07:41 AM

sebastiaanl

    New Member

  • Member
  • Pip
  • 1 posts
hi guys,

this is my problem:
1. couple of days ago i deleted McAfee because it seemed not really active. i installed AVG and did a full scan: 9 threats found and removed. since then every time when i leave my computer alone for 5 minutes, the screensaver starts (which is normal), and when i come back AVG found a threat named "Trojan Horse PSW.Generic7.PMB" (i also saw "Trojan Horse PSW.OnlineGames3.ONS" once). further the computer acts normal, but i'm afraid it might get worse if i don't remove it now.
2. another problem (i don't now if it is related but it started around the same time) is when i want to open the C:drive (my normal hard drive) in windows explorer by double clicking on it, it asks me with which program! if i select windows explorer in the list, i can open it, but i cannot tag the box "always open this with this program". maybe helping note is that is was gradual: first it was normal (C:drive opens in explorer), than less normal (C:drive opens in explorer, but in another window), than bizarre (asks which program)
(tell me if you prefer my second problem in a seperate topic)

i did the cleaning guide, but problem not solved. the logs follow.
thanks in advance!
Sebastiaan

FIRST MBAM LOG: (i did two mbam-scans because after the first one, i had been on the internet again and i wanted to complete the guide in one time)
Malwarebytes' Anti-Malware 1.41
Database version: 3160
Windows 5.1.2600 Service Pack 2

13/11/2009 17:02:52
mbam-log-2009-11-13 (17-02-52).txt

Scan type: Quick Scan
Objects scanned: 106673
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SECOND MBAM LOG:
Malwarebytes' Anti-Malware 1.41
Database version: 3160
Windows 5.1.2600 Service Pack 2

15/11/2009 11:04:03
mbam-log-2009-11-15 (11-04-03).txt

Scan type: Quick Scan
Objects scanned: 106742
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL LOG:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/15 13:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000077
Image Path: \Driver\00000077
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE171000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B54000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7A2A000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf7406b3a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7406c7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7406ff6

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf7406a18

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf74070c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf7406f58

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf7407148

==EOF==

OTL LOG:
OTL logfile created on: 15/11/2009 13:58:59 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Sebastiaan Loosen\Bureaublad
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1022,07 Mb Total Physical Memory | 555,59 Mb Available Physical Memory | 54,36% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,42 Gb Total Space | 2,67 Gb Free Space | 3,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEBASTIAAN
Current User Name: Sebastiaan Loosen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/15 13:57:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\OTL.exe
PRC - [2009/11/13 08:12:09 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/13 08:12:06 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/12 11:38:19 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/12 11:38:19 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/12 11:38:18 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/12 11:38:12 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/03 00:51:00 | 26,785,147 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/25 22:26:45 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/25 22:26:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/13 14:24:02 | 01,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 10:00:00 | 00,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WinZip11\WZQKPICK.EXE
PRC - [2005/06/01 03:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/01/27 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2000/02/24 18:23:44 | 08,810,548 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/15 13:57:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\OTL.exe
MOD - [2006/08/25 16:51:53 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 12:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 11:38:12 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/25 22:26:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/10/17 00:00:55 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/11/02 21:53:32 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/12/30 13:13:50 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/06/01 03:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 12:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/25 22:26:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 23:43:52 | 00,000,000 | ---D | M]


O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WinZip11\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Sebastiaan Loosen\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sebastiaan Loosen\Menu Start\Programma's\Opstarten\Dropbox.lnk = C:\Documents and Settings\Sebastiaan Loosen\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelg...in/cortvrml.cab (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/...nagerPlugin.CAB (MediaBar)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/13 14:06:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 11:50:59 | 00,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2483657e-caad-11de-ac71-00123f66385d}\Shell\AutoRun\command - "" = E:\dhrhyje.bat -- File not found
O33 - MountPoints2\{2483657e-caad-11de-ac71-00123f66385d}\Shell\open\Command - "" = E:\dhrhyje.bat -- File not found
O33 - MountPoints2\{3f384664-4d55-11da-a71a-806d6172696f}\Shell\AutoRun\command - "" = dhrhyje.bat
O33 - MountPoints2\{3f384664-4d55-11da-a71a-806d6172696f}\Shell\open\Command - "" = dhrhyje.bat
O33 - MountPoints2\{9cd9f5c4-f957-11db-a920-00123f66385d}\Shell - "" = AutoRun
O33 - MountPoints2\{9cd9f5c4-f957-11db-a920-00123f66385d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d28841f6-9bb9-11de-ac25-00123f66385d}\Shell\AutoRun\command - "" = F:\dhrhyje.bat -- File not found
O33 - MountPoints2\{d28841f6-9bb9-11de-ac25-00123f66385d}\Shell\open\Command - "" = F:\dhrhyje.bat -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/13 13:54:24 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/15 13:57:52 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\OTL.exe
[2009/11/15 13:52:18 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\RootRepeal.exe
[2009/11/15 12:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronMapExcerpts
[2009/11/13 16:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Malwarebytes
[2009/11/13 16:54:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/13 16:54:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/13 16:54:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 16:54:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/13 16:53:33 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\mbam-setup.exe
[2009/11/13 16:52:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/13 16:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/13 16:49:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\erunt_setup.exe
[2009/11/13 16:48:27 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\SysRestorePoint.exe
[2009/11/13 16:38:24 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\TFC.exe
[2009/11/12 18:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/12 17:28:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\InstallFiles
[2009/11/12 15:52:13 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/12 15:29:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov
[2009/11/12 11:38:55 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/12 11:38:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 11:38:37 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 11:38:29 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 11:38:28 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 11:38:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/12 11:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/12 11:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/12 11:10:43 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Sebastiaan Loosen\IECompatCache
[2009/11/12 11:08:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Sebastiaan Loosen\PrivacIE
[2009/11/12 11:04:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Sebastiaan Loosen\IETldCache
[2009/11/12 10:58:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/11 21:27:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/05 18:25:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Hebron.com
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/15 13:57:58 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\OTL.exe
[2009/11/15 13:52:47 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\settings.dat
[2009/11/15 13:52:23 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\RootRepeal.exe
[2009/11/15 13:51:24 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\~$rushelp.doc
[2009/11/15 13:20:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 13:19:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 13:19:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 13:19:08 | 10,717,88032 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/15 13:17:47 | 21,495,808 | -H-- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\NTUSER.DAT
[2009/11/15 13:17:47 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\ntuser.ini
[2009/11/15 13:14:28 | 17,640,437 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronMap2.psd
[2009/11/15 13:12:29 | 16,045,056 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronInDevelopment.ppt
[2009/11/15 10:42:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/11/15 10:42:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/11/15 01:04:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/11/15 01:04:09 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/11/15 00:10:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/11/15 00:10:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/11/15 00:10:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/11/15 00:10:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/11/14 22:41:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/11/14 22:41:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/11/14 22:16:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/11/14 22:16:08 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/11/14 21:56:19 | 45,108,853 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/14 21:55:55 | 00,090,004 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/14 19:11:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/11/14 19:11:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/11/13 19:31:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/11/13 19:31:34 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/11/13 18:39:29 | 00,193,024 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\ThesisHebron.doc
[2009/11/13 17:27:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/11/13 17:27:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/11/13 16:54:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2009/11/13 16:53:33 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\mbam-setup.exe
[2009/11/13 16:50:59 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\NTREGOPT.lnk
[2009/11/13 16:50:59 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\ERUNT.lnk
[2009/11/13 16:49:48 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\erunt_setup.exe
[2009/11/13 16:48:28 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\SysRestorePoint.exe
[2009/11/13 16:40:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/11/13 16:40:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/11/13 16:40:04 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\virushelp.doc
[2009/11/13 16:38:24 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\TFC.exe
[2009/11/13 15:21:15 | 00,177,664 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronInDevelopment.doc
[2009/11/13 14:41:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/11/13 14:41:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/11/13 13:45:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/11/13 13:45:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/11/13 13:27:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/11/13 13:27:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/11/13 12:37:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/13 12:37:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/13 12:12:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/11/13 12:12:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/13 11:09:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/11/13 11:09:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/13 00:27:15 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/12 23:44:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/11/12 23:44:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/12 16:43:56 | 01,128,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/12 16:43:56 | 00,510,428 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2009/11/12 16:43:56 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/12 16:43:56 | 00,091,518 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2009/11/12 16:43:56 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/12 16:42:55 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/11/12 14:12:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/12 14:12:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/12 11:59:03 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/11/12 11:50:59 | 00,000,061 | RHS- | M] () -- C:\autorun.inf
[2009/11/12 11:38:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 11:38:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2009/11/12 11:38:37 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 11:38:30 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 11:38:28 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 11:38:28 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 11:38:26 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 11:38:26 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/12 11:18:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/11/12 11:18:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/11/12 11:02:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/11/12 11:02:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/11/12 10:46:43 | 00,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/12 10:42:55 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/11 21:29:44 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
[2009/11/11 21:08:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/11 17:39:48 | 08,181,839 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronMap.psd
[2009/11/10 11:49:36 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Hebron.com.doc
[2009/11/06 22:07:08 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Hebron.xls
[2009/11/04 21:50:35 | 00,006,356 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\PrimoPDFSet.xml
[2009/11/04 12:34:07 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\winscp.rnd
[2009/11/02 19:48:40 | 00,104,504 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/01 22:53:47 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Hebron.doc
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/15 13:52:47 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\settings.dat
[2009/11/15 13:51:24 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\~$rushelp.doc
[2009/11/13 16:54:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2009/11/13 16:50:59 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\NTREGOPT.lnk
[2009/11/13 16:50:59 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\ERUNT.lnk
[2009/11/13 16:40:03 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\virushelp.doc
[2009/11/12 17:47:06 | 00,000,017 | ---- | C] () -- C:\Program Files\VerdachteMappen.txt
[2009/11/12 11:38:38 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG Free 9.0.lnk
[2009/11/12 11:38:28 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 11:38:26 | 45,108,853 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/12 11:38:26 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 11:38:26 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/12 11:38:26 | 00,090,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/12 10:42:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/11 21:29:44 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\iTunes.lnk
[2009/11/11 17:44:23 | 17,640,437 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronMap2.psd
[2009/11/11 14:54:56 | 08,181,839 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronMap.psd
[2009/11/11 14:09:22 | 16,045,056 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronInDevelopment.ppt
[2009/11/10 11:51:24 | 00,177,664 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\HebronInDevelopment.doc
[2009/11/08 18:10:36 | 01,106,180 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Paulestina.JPG
[2009/11/06 10:55:19 | 00,000,061 | RHS- | C] () -- C:\autorun.inf
[2009/11/05 10:34:38 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\Hebron.com.doc
[2009/11/02 16:42:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/11/02 16:42:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/11/02 16:42:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/11/02 16:42:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/11/02 16:42:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/11/02 16:42:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/11/02 16:42:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/11/02 16:42:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/11/02 16:42:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/11/02 16:42:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/11/02 16:42:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/11/02 16:20:38 | 00,193,024 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\ThesisHebron.doc
[2009/10/05 12:21:32 | 00,006,356 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\PrimoPDFSet.xml
[2009/09/25 14:08:51 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\winscp.rnd
[2009/04/27 05:13:36 | 00,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/11/18 15:03:41 | 00,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008/09/19 22:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/13 19:28:30 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2007/11/13 19:28:30 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2007/11/13 19:28:30 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/05/01 15:56:39 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\WorkingFolders.xml
[2007/04/17 17:20:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/03/25 14:55:36 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/20 21:37:53 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/10/11 14:23:56 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/19 17:11:47 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/27 11:53:56 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/27 11:53:56 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd5149.sys
[2005/11/29 22:41:50 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/14 21:37:06 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 01:03:31 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2005/11/11 01:03:31 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2005/11/07 23:12:49 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/11/07 23:11:49 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2005/11/06 22:21:36 | 00,104,504 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/04 18:12:38 | 01,578,918 | -H-- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Application Data\IconCache.db
[2005/11/04 18:12:38 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Application Data\fusioncache.dat
[2005/11/04 18:12:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\desktop.ini
[2005/10/25 01:40:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/25 01:23:28 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/13 13:59:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/09/13 13:52:49 | 00,000,654 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/09/13 13:52:47 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 19:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/05/11 22:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Abvent
[2007/10/17 00:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/12 11:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/04 12:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/11/07 23:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/09/28 18:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/20 22:08:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 23:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/11 22:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Abvent
[2008/09/28 18:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Abvent_Artlantis2
[2007/10/16 23:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Autodesk
[2006/11/12 20:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Design Science
[2009/11/15 13:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Dropbox
[2005/11/08 00:46:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\EPSON
[2008/04/16 20:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Graphisoft
[2009/10/19 16:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Informatik Inc
[2006/08/11 15:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\Opera
[2006/01/11 23:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sebastiaan Loosen\Application Data\RadLight Company
[2004/08/04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/15 13:19:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 11:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 18:02:25 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov\windows\softwaredistribution_download\822ceb2331d0360bde8948c432c9beec\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2008/04/14 18:02:25 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=F1720914CAB06FDE4BE250E3767713CF -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 18:02:39 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov\windows\softwaredistribution_download\822ceb2331d0360bde8948c432c9beec\scecli.dll
[2004/08/04 12:00:00 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2008/04/14 18:02:39 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\scecli.dll
[2004/08/04 12:00:00 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=5AE934F6837B5A583DED535C4BE5A804 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 18:02:33 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov\windows\softwaredistribution_download\822ceb2331d0360bde8948c432c9beec\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2009/02/06 19:47:23 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:47:23 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=45AE58ACDD9B4A8767064544533F94E2 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2008/04/14 18:02:33 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=B3FDAC7A518B6B684BEFE792DC1DC560 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov\windows\softwaredistribution_download\822ceb2331d0360bde8948c432c9beec\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Documents and Settings\Sebastiaan Loosen\Bureaublad\bakuptot19nov\windows\softwaredistribution_download\822ceb2331d0360bde8948c432c9beec\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\822ceb2331d0360bde8948c432c9beec\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

OTL EXTRAS LOG:
OTL Extras logfile created on: 15/11/2009 13:58:59 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Sebastiaan Loosen\Bureaublad
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1022,07 Mb Total Physical Memory | 555,59 Mb Available Physical Memory | 54,36% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,42 Gb Total Space | 2,67 Gb Free Space | 3,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEBASTIAAN
Current User Name: Sebastiaan Loosen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Maple 10\jre\bin\java.exe" = C:\Program Files\Maple 10\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\Maple 10\jre\bin\maple.exe" = C:\Program Files\Maple 10\jre\bin\maple.exe:*:Enabled:maple -- ()
"C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Temp\j2eesdk-1_4_02_2005Q2-windows[1].exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Sebastiaan Loosen\Local Settings\Temp\j2eesdk-1_4_02_2005Q2-windows[1].exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jdk\jre\bin\java.exe" = C:\Program Files\Java\jdk\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\Limewire\LimeWire.exe" = C:\Program Files\Limewire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\RadLight\RadLight 4.0\rlkernel.exe" = C:\Program Files\RadLight\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable -- File not found
"C:\Program Files\SketchUp\SketchUp.exe" = C:\Program Files\SketchUp\SketchUp.exe:*:Enabled:SketchUp Application -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\SketchUp Pro 6\SketchUp.exe" = C:\Program Files\SketchUp Pro 6\SketchUp.exe:*:Enabled:SketchUp Application -- File not found
"C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 11\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component -- (Graphisoft R&D)
"C:\Program Files\Blizzard\Warcraft III\Warcraft III.exe" = C:\Program Files\Blizzard\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{64025BF3-D02A-4BEE-BE5B-ED6C3E17E271}" = TREXtify3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Configuratiescherm MobileMe
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9816B8B8-4B53-4D3D-9235-AD931252001D}" = Windows Live Messenger
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C37BD08E-93C9-4194-B90D-CC97B574EC7C}" = PowerFrame
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MediaBar
"{C4D53D26-0725-407D-ACC8-ACC21F41CF48}" = Informatik PDF Markup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"001FFFFFFF11FF00FF0701F05F02F000-R1" = ArchiCAD 11 INT
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Artlantis Studio 2" = Artlantis Studio 2.0.1
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG9Uninstall" = AVG Free 9.0
"BB_is1" = Band-in-a-Box 2006
"BlueJ_is1" = BlueJ 1.3.5
"DSMT5" = MathType 5
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"EPSON Printer and Utilities" = EPSON-printersoftware
"ERUNT_is1" = ERUNT 1.1j
"ESD88 Gebruikershandleiding" = ESD88 Gebruikershandleiding
"ExpressBurn" = Express Burn
"getPlus®_ocx" = getPlus®_ocx
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Java 2 Platform, Enterprise Edition 1.4 SDK" = Java 2 Platform, Enterprise Edition 1.4 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 10" = Maple 10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ReconLab" = ReconLab
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2009 17:29:15 | Computer Name = SEBASTIAAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Premium -- Error 1706. No valid
source could be found for product Microsoft Office 2000 SR-1 Premium. The Windows
installer cannot continue.

Error - 29/10/2009 9:24:49 | Computer Name = SEBASTIAAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Premium -- Error 1706. No valid
source could be found for product Microsoft Office 2000 SR-1 Premium. The Windows
installer cannot continue.

Error - 2/11/2009 14:24:56 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:27:05 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:30:17 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:32:30 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:36:29 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:37:13 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 5/11/2009 7:21:56 | Computer Name = SEBASTIAAN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: quartz.dll, versie: 6.5.2600.3580, vastgelopen op: 0x00031565.

Error - 6/11/2009 5:55:00 | Computer Name = SEBASTIAAN | Source = Alert Manager Event Interface | ID = 257
Description =

[ Application Events ]
Error - 27/10/2009 17:29:15 | Computer Name = SEBASTIAAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Premium -- Error 1706. No valid
source could be found for product Microsoft Office 2000 SR-1 Premium. The Windows
installer cannot continue.

Error - 29/10/2009 9:24:49 | Computer Name = SEBASTIAAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Premium -- Error 1706. No valid
source could be found for product Microsoft Office 2000 SR-1 Premium. The Windows
installer cannot continue.

Error - 2/11/2009 14:24:56 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:27:05 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:30:17 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:32:30 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:36:29 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 2/11/2009 14:37:13 | Computer Name = SEBASTIAAN | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 5/11/2009 7:21:56 | Computer Name = SEBASTIAAN | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16915, vastgelopen
module: quartz.dll, versie: 6.5.2600.3580, vastgelopen op: 0x00031565.

Error - 6/11/2009 5:55:00 | Computer Name = SEBASTIAAN | Source = Alert Manager Event Interface | ID = 257
Description =

[ System Events ]
Error - 13/11/2009 11:45:42 | Computer Name = SEBASTIAAN | Source = sr | ID = 1
Description = Tijdens de verwerking van het bestand avgcorex.dll.old op het volume
HarddiskVolume2 is de fout 0xC0000243 opgetreden in het filter van Systeemherstel.
Controle van dit volume is gestopt.

Error - 14/11/2009 16:18:17 | Computer Name = SEBASTIAAN | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort0 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 14/11/2009 18:34:41 | Computer Name = SEBASTIAAN | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort0 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 15/11/2009 5:49:10 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7034
Description = De Ati HotKey Poller-service is onverwacht beëindigd. Dit is nu 1
keer gebeurd.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7031
Description = De Mobiel Apple apparaat-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7034
Description = De Bonjour-service-service is onverwacht beëindigd. Dit is nu 1 keer
gebeurd.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7034
Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
keer gebeurd.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7031
Description = De AVG Free WatchDog-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd:
Service opnieuw starten.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7034
Description = De iPod-service-service is onverwacht beëindigd. Dit is nu 1 keer
gebeurd.

Error - 15/11/2009 5:49:11 | Computer Name = SEBASTIAAN | Source = Service Control Manager | ID = 7031
Description = De Windows CardSpace-service is onverwacht gestopt. Dit is 1 keer
gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd:
Service opnieuw starten.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP