[jose b]

hi, I had some trojans, a downloader agent. With great difficulty I removed them I hope. I can now reboot my netboot windows 7 starter, but I can't update anti virus programs, I can't download new ones. Windows update and defender are not upgrading anymore. I can't get online help from windows. I can't use search in Vuze/azureus. Internet, browsing works but that's it, I can't download anything. I think the damage from this agent acvf trojan agent is still there. What can I do? Thank you for your help, jose

[Advertisements]

Hello jose b, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

• Please post your logs, don't attach them unless stated.
• Please read my posts carefully and if you have any questions ask.
• Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[mitch8]

Hello jose b, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

• Please post your logs, don't attach them unless stated.
• Please read my posts carefully and if you have any questions ask.
• Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[jose b]

OTL logfile created on: 4/21/2011 9:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jose\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 34.19 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.77 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: JOSE-EEEPC | User Name: Jose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
PRC - [2011/04/04 00:56:21 | 000,042,496 | ---- | M] ( ) -- C:\Windows\Temp\acvf\setup.exe
PRC - [2011/03/17 22:07:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/04 23:14:19 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/04 23:14:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/04 01:55:06 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/31 13:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Jose\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/11/16 19:12:32 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/04 00:56:21 | 000,042,496 | ---- | M] ( ) [Auto | Stopped] -- C:\windows\TEMP\acvf\setup.exe -- (AMService)
SRV - [2011/03/17 22:07:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/04 23:14:19 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/04 01:55:06 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/16 19:12:32 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 22:07:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/04 22:37:46 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/31 19:10:31 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/03/24 04:18:12 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2010/03/24 04:15:43 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/24 04:15:08 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/03/24 04:04:50 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/02/12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/11/04 16:59:38 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 16:59:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/10/12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/09/10 14:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52323

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 1.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.0.19
FF - prefs.js..extensions.enabledItems: {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {30421e54-3b57-4e5b-947c-9b6beea57683}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.imesh....&systemid=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/25 23:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 22:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 22:00:35 | 000,000,000 | ---D | M]

[2011/04/04 23:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\Mozilla\Extensions
[2011/04/20 17:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions
[2011/01/01 03:00:53 | 000,000,000 | ---D | M] (Productivity 1.12 Community Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{30421e54-3b57-4e5b-947c-9b6beea57683}
[2010/10/26 21:23:53 | 000,000,000 | ---D | M] (TranslatorBar Brazil Community Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{8d83a683-ee4a-4bf6-b150-a4565d4ebe0f}
[2010/09/05 16:05:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/27 10:17:46 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/08/31 19:11:29 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/01/01 03:00:52 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\[email protected]
[2010/08/27 12:17:41 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\radiobar@toolbar
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\searchplugins\iMeshWebSearch.xml
[2010/08/27 11:37:29 | 000,001,589 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\searchplugins\web-search.xml
[2011/04/04 23:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 20:13:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/03 16:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/25 23:35:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2011/03/21 18:04:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/21 18:04:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/21 18:04:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2011/03/21 18:04:30 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/21 20:24:06 | 000,001,598 | -HS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 213.203.216.114 marketsamurai.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 24.29.138.10 telegraph.co.uk
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 74.208.73.101 qvc.com
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31 tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 80.82.137.230 thefreedictionary.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 64.34.110.174 plentyoffish.com
O1 - Hosts: 5 more lines...
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Jose\AppData\Local\Temp\csrss.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{488ddcd4-ff2d-11df-a298-485b397080b0}\Shell - "" = AutoRun
O33 - MountPoints2\{488ddcd4-ff2d-11df-a298-485b397080b0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5910f3f2-9170-11df-a951-485b397080b0}\Shell - "" = AutoRun
O33 - MountPoints2\{5910f3f2-9170-11df-a951-485b397080b0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97a59216-fd8b-11df-a90c-485b397080b0}\Shell - "" = AutoRun
O33 - MountPoints2\{97a59216-fd8b-11df-a90c-485b397080b0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d7cb1e2e-8f2f-11df-ae15-98f4ee9a9b82}\Shell - "" = AutoRun
O33 - MountPoints2\{d7cb1e2e-8f2f-11df-ae15-98f4ee9a9b82}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d7cb1e3e-8f2f-11df-ae15-98f4ee9a9b82}\Shell - "" = AutoRun
O33 - MountPoints2\{d7cb1e3e-8f2f-11df-ae15-98f4ee9a9b82}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 20:47:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
[2011/04/20 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\dvhn_files
[2011/04/14 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Avira
[2011/04/14 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/14 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/14 10:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/14 10:48:41 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV
[2011/04/14 10:48:41 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV\1201000.025
[2011/04/14 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/14 10:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/14 10:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/13 19:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/04/13 18:29:31 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Uniblue
[2011/04/12 17:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32. Trojan . Agent Removal Tool
[2011/04/12 08:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/04/12 08:18:26 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\PC Tools
[2011/04/11 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\2B105
[2011/04/11 06:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/11 05:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool
[2011/04/11 05:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/10 16:59:01 | 000,000,000 | ---D | C] -- C:\Rbackup
[2011/04/10 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/04/03 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\moordenaar_door_cijfers_files
[2011/04/03 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\tragedie_files
[2011/04/03 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/04/03 17:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/04/03 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\{B2FF9E87-8432-4525-B0EF-D869A0B4418B}
[2011/04/03 17:34:44 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Symantec
[2011/04/03 17:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\Symantec_Corporation
[2011/04/03 16:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/03 12:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/03 12:50:48 | 000,138,592 | ---- | C] (StorageCraft) -- C:\windows\System32\drivers\symsnap.sys
[2011/04/03 12:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
[2011/04/03 12:49:36 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\vproeventmonitor.sys
[2011/04/03 12:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2011/04/03 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\My Received Files
[2011/04/03 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\iMesh
[2011/04/03 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\iMesh
[2011/04/03 08:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[2011/04/03 08:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2011/04/03 08:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8A4124D0-6AF6-4584-A7BF-4CDFECF4B129}
[2011/04/02 05:26:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/04/01 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2011/03/30 00:11:08 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoft
[2011/03/27 22:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/27 22:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/27 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/27 21:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/27 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/26 19:32:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2010/03/24 04:15:08 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011/04/21 21:14:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/21 21:14:06 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/21 21:05:46 | 000,000,288 | ---- | M] () -- C:\windows\tasks\iMeshNAG.job
[2011/04/21 21:05:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/21 21:05:26 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
[2011/04/21 20:45:29 | 000,566,821 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 7.odt
[2011/04/21 20:44:56 | 000,840,988 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 3.odt
[2011/04/21 20:44:29 | 000,817,192 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 2.odt
[2011/04/21 20:44:00 | 000,870,445 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk.odt
[2011/04/21 20:43:19 | 000,691,912 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 6.odt
[2011/04/21 20:42:47 | 000,580,609 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 5.odt
[2011/04/21 20:42:09 | 000,611,140 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 4.odt
[2011/04/21 20:41:27 | 000,615,513 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 3.odt
[2011/04/21 20:40:58 | 000,716,074 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 2.odt
[2011/04/21 20:40:27 | 000,711,453 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag.odt
[2011/04/21 20:40:03 | 000,617,895 | ---- | M] () -- C:\Users\Jose\Documents\mooi he valk 2011.odt
[2011/04/21 20:38:04 | 137,767,159 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (34).wma
[2011/04/21 20:00:58 | 000,000,244 | ---- | M] () -- C:\windows\tasks\SunMicro Java Update.job
[2011/04/21 11:16:00 | 207,092,759 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (33).wma
[2011/04/20 21:37:06 | 000,519,800 | ---- | M] () -- C:\Users\Jose\Documents\eerste baby valkje 2011.odt
[2011/04/20 17:13:16 | 000,357,782 | ---- | M] () -- C:\Users\Jose\Documents\Daily_News_of_the_North_02_02_06_page_3.pdf
[2011/04/20 17:11:20 | 000,001,136 | ---- | M] () -- C:\Users\Jose\Documents\dvhn.htm
[2011/04/20 16:53:19 | 020,685,919 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (32).wma
[2011/04/20 11:50:46 | 270,177,259 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (31).wma
[2011/04/19 10:53:11 | 217,752,019 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (30).wma
[2011/04/18 20:23:13 | 000,632,602 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 20:23:13 | 000,112,556 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 17:42:37 | 000,845,295 | ---- | M] () -- C:\Users\Jose\Documents\arendjes voeren 2 wk oud.odt
[2011/04/18 17:41:53 | 000,741,227 | ---- | M] () -- C:\Users\Jose\Documents\arends ouders.odt
[2011/04/18 12:49:14 | 401,927,329 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (29).wma
[2011/04/17 01:54:28 | 302,388,519 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (28).wma
[2011/04/16 22:49:32 | 000,030,908 | ---- | M] () -- C:\Users\Jose\Documents\Gill WP.odt
[2011/04/16 15:19:39 | 000,001,411 | ---- | M] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 15:15:52 | 026,644,149 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (27).wma
[2011/04/16 15:12:04 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 14:07:15 | 086,787,699 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (26).wma
[2011/04/16 10:13:38 | 000,013,253 | ---- | M] () -- C:\Users\Jose\Desktop\Windows Update - Shortcut.lnk
[2011/04/16 10:09:26 | 000,348,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/16 03:01:16 | 390,531,709 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (25).wma
[2011/04/15 14:17:03 | 093,176,969 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (24).wma
[2011/04/15 10:38:28 | 048,209,619 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (23).wma
[2011/04/14 20:59:03 | 013,825,199 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (22).wma
[2011/04/14 20:36:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\NAV\1201000.025\Cat.DB
[2011/04/14 20:36:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/04/14 20:27:53 | 016,855,949 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (21).wma
[2011/04/14 19:05:39 | 008,356,379 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (20).wma
[2011/04/14 18:40:39 | 027,838,489 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (19).wma
[2011/04/14 17:46:57 | 003,911,279 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (18).wma
[2011/04/14 14:04:53 | 002,788,779 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (17).wma
[2011/04/14 12:10:17 | 018,207,439 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (16).wma
[2011/04/14 11:09:34 | 047,940,219 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (15).wma
[2011/04/14 09:28:40 | 022,585,189 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (14).wma
[2011/04/14 08:31:15 | 109,789,969 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (13).wma
[2011/04/13 18:48:57 | 021,107,979 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (12).wma
[2011/04/13 18:07:02 | 034,555,529 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (11).wma
[2011/04/13 09:27:08 | 012,567,999 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (10).wma
[2011/04/13 08:32:47 | 069,891,829 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (9).wma
[2011/04/12 18:29:38 | 000,833,129 | ---- | M] () -- C:\Users\Jose\Documents\2 wk arendje.odt
[2011/04/12 10:20:06 | 028,354,839 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (8).wma
[2011/04/12 09:33:03 | 014,893,819 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (7).wma
[2011/04/12 08:43:51 | 004,661,109 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (6).wma
[2011/04/12 08:29:31 | 048,492,489 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (5).wma
[2011/04/12 06:55:58 | 035,520,879 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (4).wma
[2011/04/12 05:54:10 | 005,855,449 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (3).wma
[2011/04/12 05:34:58 | 005,285,219 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (2).wma
[2011/04/12 05:22:59 | 011,701,429 | ---- | M] () -- C:\Users\Jose\Documents\Untitled.wma
[2011/04/12 04:17:21 | 160,006,129 | ---- | M] () -- C:\Users\Jose\Documents\2011-273.wma
[2011/04/11 08:03:50 | 023,855,859 | ---- | M] () -- C:\Users\Jose\Documents\2011-272.wma
[2011/04/11 07:24:08 | 023,384,409 | ---- | M] () -- C:\Users\Jose\Documents\2011-271.wma
[2011/04/11 05:38:30 | 018,966,249 | ---- | M] () -- C:\Users\Jose\Documents\2011-270.wma
[2011/04/11 04:50:41 | 049,579,069 | ---- | M] () -- C:\Users\Jose\Documents\2011-269.wma
[2011/04/10 17:17:22 | 116,017,599 | ---- | M] () -- C:\Users\Jose\Documents\2011-268.wma
[2011/04/10 01:53:44 | 000,758,139 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 6.odt
[2011/04/10 01:53:11 | 000,779,786 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 5.odt
[2011/04/10 01:52:38 | 000,761,306 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 4.odt
[2011/04/10 01:52:08 | 000,738,430 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 3.odt
[2011/04/10 01:51:42 | 000,743,414 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk2.odt
[2011/04/10 01:51:09 | 000,831,299 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk.odt
[2011/04/09 19:12:43 | 211,802,769 | ---- | M] () -- C:\Users\Jose\Documents\2011-267.wma
[2011/04/09 02:45:23 | 000,537,306 | ---- | M] () -- C:\Users\Jose\Documents\nacht arend2.odt
[2011/04/09 02:44:12 | 000,505,695 | ---- | M] () -- C:\Users\Jose\Documents\nacht arends.odt
[2011/04/09 01:31:26 | 000,786,010 | ---- | M] () -- C:\Users\Jose\Documents\arendjes2 2011.odt
[2011/04/09 01:30:57 | 000,782,426 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 2011.odt
[2011/04/08 09:25:45 | 336,615,789 | ---- | M] () -- C:\Users\Jose\Documents\2011-266.wma
[2011/04/08 06:21:07 | 000,512,836 | ---- | M] () -- C:\Users\Jose\Documents\strawberrie nails.odt
[2011/04/07 22:27:14 | 000,731,139 | ---- | M] () -- C:\Users\Jose\Documents\3 baby arendjes.odt
[2011/04/07 18:32:18 | 222,839,189 | ---- | M] () -- C:\Users\Jose\Documents\2011-265.wma
[2011/04/07 00:40:10 | 031,408,039 | ---- | M] () -- C:\Users\Jose\Documents\2011-264.wma
[2011/04/06 21:14:06 | 285,551,019 | ---- | M] () -- C:\Users\Jose\Documents\2011-263.wma
[2011/04/05 19:37:55 | 000,837,322 | ---- | M] () -- C:\Users\Jose\Documents\2 baby arendjes.odt
[2011/04/05 18:51:34 | 000,001,197 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/04/04 21:32:36 | 166,612,272 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/04/04 02:40:10 | 238,585,619 | ---- | M] () -- C:\Users\Jose\Documents\2011-262.wma
[2011/04/03 21:46:27 | 000,074,854 | ---- | M] () -- C:\Users\Jose\Documents\moordenaar_door_cijfers.htm
[2011/04/03 21:45:28 | 000,037,292 | ---- | M] () -- C:\Users\Jose\Documents\tragedie.htm
[2011/04/03 20:06:43 | 000,002,136 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\096A.8CE
[2011/04/03 17:16:55 | 022,648,049 | ---- | M] () -- C:\Users\Jose\Documents\2011-261.wma
[2011/04/03 13:29:12 | 069,092,609 | ---- | M] () -- C:\Users\Jose\Documents\2011-260.wma
[2011/04/03 12:49:33 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/04/03 08:27:45 | 000,001,026 | ---- | M] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2011/04/03 08:27:45 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\iMesh.lnk
[2011/04/02 05:26:49 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/04/02 05:10:53 | 000,437,514 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 4.odt
[2011/04/02 05:10:23 | 000,430,403 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 3.odt
[2011/04/02 05:09:41 | 000,540,754 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 2.odt
[2011/04/02 05:09:02 | 000,604,478 | ---- | M] () -- C:\Users\Jose\Documents\male eagle.odt
[2011/04/02 01:38:26 | 000,464,812 | ---- | M] () -- C:\Users\Jose\Documents\eagle male.odt
[2011/04/02 01:00:48 | 000,459,491 | ---- | M] () -- C:\Users\Jose\Documents\eagle 3.odt
[2011/04/02 00:52:09 | 000,582,178 | ---- | M] () -- C:\Users\Jose\Documents\eagle 2 2011 april.odt
[2011/04/01 19:41:20 | 000,732,838 | ---- | M] () -- C:\Users\Jose\Documents\eagle 2011.odt
[2011/03/30 00:14:25 | 000,001,201 | ---- | M] () -- C:\Users\Jose\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/27 22:00:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/04/21 20:45:26 | 000,566,821 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 7.odt
[2011/04/21 20:44:53 | 000,840,988 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 3.odt
[2011/04/21 20:44:26 | 000,817,192 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 2.odt
[2011/04/21 20:43:57 | 000,870,445 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk.odt
[2011/04/21 20:43:16 | 000,691,912 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 6.odt
[2011/04/21 20:42:44 | 000,580,609 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 5.odt
[2011/04/21 20:42:05 | 000,611,140 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 4.odt
[2011/04/21 20:41:24 | 000,615,513 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 3.odt
[2011/04/21 20:40:55 | 000,716,074 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 2.odt
[2011/04/21 20:40:24 | 000,711,453 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag.odt
[2011/04/21 20:39:57 | 000,617,895 | ---- | C] () -- C:\Users\Jose\Documents\mooi he valk 2011.odt
[2011/04/21 20:38:00 | 137,767,159 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (34).wma
[2011/04/21 11:15:57 | 207,092,759 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (33).wma
[2011/04/20 21:36:54 | 000,519,800 | ---- | C] () -- C:\Users\Jose\Documents\eerste baby valkje 2011.odt
[2011/04/20 17:13:13 | 000,357,782 | ---- | C] () -- C:\Users\Jose\Documents\Daily_News_of_the_North_02_02_06_page_3.pdf
[2011/04/20 17:11:08 | 000,001,136 | ---- | C] () -- C:\Users\Jose\Documents\dvhn.htm
[2011/04/20 16:53:15 | 020,685,919 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (32).wma
[2011/04/19 10:54:13 | 270,177,259 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (31).wma
[2011/04/18 17:42:34 | 000,845,295 | ---- | C] () -- C:\Users\Jose\Documents\arendjes voeren 2 wk oud.odt
[2011/04/18 17:41:48 | 000,741,227 | ---- | C] () -- C:\Users\Jose\Documents\arends ouders.odt
[2011/04/18 12:50:47 | 217,752,019 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (30).wma
[2011/04/18 12:49:14 | 401,927,329 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (29).wma
[2011/04/16 22:49:30 | 000,030,908 | ---- | C] () -- C:\Users\Jose\Documents\Gill WP.odt
[2011/04/16 15:50:54 | 302,388,519 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (28).wma
[2011/04/16 15:12:04 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 14:38:48 | 026,644,149 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (27).wma
[2011/04/16 14:07:13 | 086,787,699 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (26).wma
[2011/04/16 10:13:38 | 000,013,253 | ---- | C] () -- C:\Users\Jose\Desktop\Windows Update - Shortcut.lnk
[2011/04/15 14:27:55 | 390,531,709 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (25).wma
[2011/04/15 14:16:59 | 093,176,969 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (24).wma
[2011/04/15 10:38:25 | 048,209,619 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (23).wma
[2011/04/14 20:59:03 | 013,825,199 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (22).wma
[2011/04/14 20:36:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\NAV\1201000.025\Cat.DB
[2011/04/14 20:36:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/04/14 20:27:52 | 016,855,949 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (21).wma
[2011/04/14 19:05:39 | 008,356,379 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (20).wma
[2011/04/14 18:40:37 | 027,838,489 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (19).wma
[2011/04/14 17:46:55 | 003,911,279 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (18).wma
[2011/04/14 14:04:52 | 002,788,779 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (17).wma
[2011/04/14 12:10:16 | 018,207,439 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (16).wma
[2011/04/14 09:44:20 | 047,940,219 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (15).wma
[2011/04/14 09:28:40 | 022,585,189 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (14).wma
[2011/04/14 08:31:13 | 109,789,969 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (13).wma
[2011/04/13 18:48:56 | 021,107,979 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (12).wma
[2011/04/13 17:11:16 | 034,555,529 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (11).wma
[2011/04/13 09:27:07 | 012,567,999 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (10).wma
[2011/04/12 18:29:29 | 000,833,129 | ---- | C] () -- C:\Users\Jose\Documents\2 wk arendje.odt
[2011/04/12 17:39:20 | 069,891,829 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (9).wma
[2011/04/12 10:20:04 | 028,354,839 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (8).wma
[2011/04/12 09:33:01 | 014,893,819 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (7).wma
[2011/04/12 08:43:51 | 004,661,109 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (6).wma
[2011/04/12 08:29:29 | 048,492,489 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (5).wma
[2011/04/12 06:55:57 | 035,520,879 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (4).wma
[2011/04/12 05:54:10 | 005,855,449 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (3).wma
[2011/04/12 05:34:58 | 005,285,219 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (2).wma
[2011/04/12 05:22:58 | 011,701,429 | ---- | C] () -- C:\Users\Jose\Documents\Untitled.wma
[2011/04/12 04:17:19 | 160,006,129 | ---- | C] () -- C:\Users\Jose\Documents\2011-273.wma
[2011/04/11 08:03:49 | 023,855,859 | ---- | C] () -- C:\Users\Jose\Documents\2011-272.wma
[2011/04/11 07:24:07 | 023,384,409 | ---- | C] () -- C:\Users\Jose\Documents\2011-271.wma
[2011/04/11 05:38:29 | 018,966,249 | ---- | C] () -- C:\Users\Jose\Documents\2011-270.wma
[2011/04/11 04:50:38 | 049,579,069 | ---- | C] () -- C:\Users\Jose\Documents\2011-269.wma
[2011/04/10 17:17:21 | 116,017,599 | ---- | C] () -- C:\Users\Jose\Documents\2011-268.wma
[2011/04/10 01:53:38 | 000,758,139 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 6.odt
[2011/04/10 01:53:07 | 000,779,786 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 5.odt
[2011/04/10 01:52:32 | 000,761,306 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 4.odt
[2011/04/10 01:52:04 | 000,738,430 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 3.odt
[2011/04/10 01:51:37 | 000,743,414 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk2.odt
[2011/04/10 01:51:09 | 000,831,299 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk.odt
[2011/04/09 02:45:19 | 000,537,306 | ---- | C] () -- C:\Users\Jose\Documents\nacht arend2.odt
[2011/04/09 02:44:06 | 000,505,695 | ---- | C] () -- C:\Users\Jose\Documents\nacht arends.odt
[2011/04/09 01:31:22 | 000,786,010 | ---- | C] () -- C:\Users\Jose\Documents\arendjes2 2011.odt
[2011/04/09 01:30:51 | 000,782,426 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 2011.odt
[2011/04/08 20:22:54 | 211,802,769 | ---- | C] () -- C:\Users\Jose\Documents\2011-267.wma
[2011/04/08 09:25:43 | 336,615,789 | ---- | C] () -- C:\Users\Jose\Documents\2011-266.wma
[2011/04/08 06:21:00 | 000,512,836 | ---- | C] () -- C:\Users\Jose\Documents\strawberrie nails.odt
[2011/04/07 22:27:14 | 000,731,139 | ---- | C] () -- C:\Users\Jose\Documents\3 baby arendjes.odt
[2011/04/07 18:32:16 | 222,839,189 | ---- | C] () -- C:\Users\Jose\Documents\2011-265.wma
[2011/04/07 00:40:09 | 031,408,039 | ---- | C] () -- C:\Users\Jose\Documents\2011-264.wma
[2011/04/06 21:14:05 | 285,551,019 | ---- | C] () -- C:\Users\Jose\Documents\2011-263.wma
[2011/04/05 19:37:51 | 000,837,322 | ---- | C] () -- C:\Users\Jose\Documents\2 baby arendjes.odt
[2011/04/05 18:51:33 | 000,001,197 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/04/04 02:40:08 | 238,585,619 | ---- | C] () -- C:\Users\Jose\Documents\2011-262.wma
[2011/04/03 21:46:19 | 000,074,854 | ---- | C] () -- C:\Users\Jose\Documents\moordenaar_door_cijfers.htm
[2011/04/03 21:45:04 | 000,037,292 | ---- | C] () -- C:\Users\Jose\Documents\tragedie.htm
[2011/04/03 20:01:04 | 000,002,136 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\096A.8CE
[2011/04/03 17:16:53 | 022,648,049 | ---- | C] () -- C:\Users\Jose\Documents\2011-261.wma
[2011/04/03 13:29:11 | 069,092,609 | ---- | C] () -- C:\Users\Jose\Documents\2011-260.wma
[2011/04/03 12:49:33 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/04/03 12:41:48 | 000,000,244 | ---- | C] () -- C:\windows\tasks\SunMicro Java Update.job
[2011/04/03 08:27:45 | 000,001,026 | ---- | C] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2011/04/03 08:27:45 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\iMesh.lnk
[2011/04/02 05:26:49 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/04/02 05:10:49 | 000,437,514 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 4.odt
[2011/04/02 05:10:19 | 000,430,403 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 3.odt
[2011/04/02 05:09:37 | 000,540,754 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 2.odt
[2011/04/02 05:08:57 | 000,604,478 | ---- | C] () -- C:\Users\Jose\Documents\male eagle.odt
[2011/04/02 01:38:21 | 000,464,812 | ---- | C] () -- C:\Users\Jose\Documents\eagle male.odt
[2011/04/02 01:00:41 | 000,459,491 | ---- | C] () -- C:\Users\Jose\Documents\eagle 3.odt
[2011/04/02 00:52:02 | 000,582,178 | ---- | C] () -- C:\Users\Jose\Documents\eagle 2 2011 april.odt
[2011/04/01 19:41:10 | 000,732,838 | ---- | C] () -- C:\Users\Jose\Documents\eagle 2011.odt
[2011/03/30 00:14:25 | 000,001,201 | ---- | C] () -- C:\Users\Jose\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/27 22:00:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/23 19:16:27 | 166,612,272 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/07/12 18:34:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/11 19:15:11 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/07/11 18:58:34 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/03/25 12:51:14 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/03/25 12:51:14 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/03/25 12:48:04 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/25 12:46:05 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\windows\pw32a.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\windows\patchw32.dll
[2009/10/29 18:14:28 | 000,145,192 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,348,920 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,632,602 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,556 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2010/03/25 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\ASUS WebStorage
[2011/04/17 02:00:03 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Azureus
[2010/07/12 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/21 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Dropbox
[2011/03/30 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoft
[2011/03/30 00:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/07/11 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\E-Cam
[2010/08/31 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\GameHouse
[2010/11/26 18:04:08 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\NCH Swift Sound
[2010/07/12 12:28:22 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\OpenOffice.org
[2010/07/12 11:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Opera
[2010/08/26 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\PlayFirst
[2011/03/07 12:00:28 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Raptr
[2010/08/31 20:35:53 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Recordpad
[2011/04/14 20:35:57 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\T-Mobile Internet Manager
[2011/04/14 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Uniblue
[2010/12/03 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Vodafone
[2011/03/29 18:13:03 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Windows Live Writer
[2011/04/21 21:05:46 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2010/11/14 15:54:30 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2F370DA6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:115CEE00
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 4/21/2011 9:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jose\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 34.19 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.77 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: JOSE-EEEPC | User Name: Jose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7CA72235-27FF-4B4F-BC71-957C4CC390A4}" = Vodafone Mobile Connect Lite
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.3 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DC114E-ABFB-4F20-810A-244D8C02756C}" = EeeSplendid
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.6.2
"Free Studio_is1" = Free Studio version 5.0.8
"Graboid Video" = Graboid Video 1.73
"HDMI" = Intel® Graphics Media Accelerator Driver
"iMesh" = iMesh
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"RealPlayer 12.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[jose b]

I hope I did it right? thank you for your help

[mitch8]

Hi,

The trojan is still there. This script should get rid of it.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - [2011/04/04 00:56:21 | 000,042,496 | ---- | M] ( ) [Auto | Stopped] -- C:\windows\TEMP\acvf\setup.exe -- (AMService)
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52323
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKLM..\Run: [conhost] File not found
  F3 - HKCU WinNT: Load - (C:\Users\Jose\AppData\Local\Temp\csrss.exe) - File not found
  O33 - MountPoints2\{488ddcd4-ff2d-11df-a298-485b397080b0}\Shell - "" = AutoRun
  O33 - MountPoints2\{488ddcd4-ff2d-11df-a298-485b397080b0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
  O33 - MountPoints2\{5910f3f2-9170-11df-a951-485b397080b0}\Shell - "" = AutoRun
  O33 - MountPoints2\{5910f3f2-9170-11df-a951-485b397080b0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  O33 - MountPoints2\{97a59216-fd8b-11df-a90c-485b397080b0}\Shell - "" = AutoRun
  O33 - MountPoints2\{97a59216-fd8b-11df-a90c-485b397080b0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
  O33 - MountPoints2\{d7cb1e2e-8f2f-11df-ae15-98f4ee9a9b82}\Shell - "" = AutoRun
  O33 - MountPoints2\{d7cb1e2e-8f2f-11df-ae15-98f4ee9a9b82}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  O33 - MountPoints2\{d7cb1e3e-8f2f-11df-ae15-98f4ee9a9b82}\Shell - "" = AutoRun
  O33 - MountPoints2\{d7cb1e3e-8f2f-11df-ae15-98f4ee9a9b82}\Shell\AutoRun\command - "" = F:\AutoRun.exe
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [emptytemp]
  [EMPTYFLASH]
  [resethosts]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Next,

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Open up Firefox. Go to tools, then add-ons. Find java console version 6.0.22 and uninstall it. This version is outdated don't uninstall version 6.0.24, that is the most resent version.

Next,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :dir
  C:\Users\Jose\AppData\Local\{B2FF9E87-8432-4525-B0EF-D869A0B4418B}
  C:\ProgramData\2B105
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[jose b]

hello mitch,

I did everything you asked. I hope I did it right. Here are the logs. The malware that was found was caused by a new infection in the meantime because my anti-virus is outdated because of the trojan agent :-)
Thank you very much for helping me out. The trojan agent came back yesterday after I reset my netbook to a previous restore point. Which didn't help. I gave up. Your help came just in time :-)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6415

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

21/04/2011 23:58:19
mbam-log-2011-04-21 (23-58-19).txt

Scan type: Quick scan
Objects scanned: 151786
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\# (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jose\downloads\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Jose\downloads\IWON.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Windows\Tasks\sunmicro java update.job (Malware.Trace) -> Quarantined and deleted successfully.

SystemLook 04.09.10 by jpshortstuff
Log created at 00:22 on 22/04/2011 by Jose
Administrator - Elevation successful

========== dir ==========

C:\Users\Jose\AppData\Local\{B2FF9E87-8432-4525-B0EF-D869A0B4418B} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\ProgramData\2B105 - Parameters: "(none)"

---Files---
{3E43EA9C-E2BE-43B3-A736-77FD7C17869D}.swf --a---- 3957 bytes [15:40 11/04/2011] [13:20 14/12/2010]

---Folders---
None found.

-= EOF =-

[mitch8]

Hi,

How is your computer running now? Can you update your security software?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\Users\Jose\AppData\Local\{B2FF9E87-8432-4525-B0EF-D869A0B4418B}
  C:\ProgramData\2B105
  

• Then click the Run Fix button at the top
• Let the program run unhindered

[jose b]

hi mitch :-)

it worked! the anti virus program updated everything thank god and so did windows update. They were some 3 weeks behind so it took a long time and I went to bed sorry :-)
I run OTL and this was the rapport

========== FILES ==========
C:\Users\Jose\AppData\Local\{B2FF9E87-8432-4525-B0EF-D869A0B4418B} folder moved successfully.
C:\ProgramData\2B105 folder moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_125040

thank you verrrrrrrrrrrrry much :-) I had given up after some 3 weeks of misery ;-)

ps :-) I have some other problems related to the trojan I think it started at the same time, should I start a new topic somewhere?

- azureus/vuze search is still not working and referrals to websites for upgrades in firefox does not open
- Imesh (the origin of my problems I think) doesn't want to be removed. What uninstall program do I need for that?
- the addons in firefox for java which were outdated could not be removed I disabled it instead is that enough?
- I downloaded openoffice while I had that trojan and it refuses to upgrade

some programs like adobe are now upgrading, but others like the above still wont, uninstall? do I loose all my vuzedownloads if I do that?

these are minor problems I can live with, my netbook is protected now and working fine thanks to you

a grateful jose :-)

Edited by jose b, 22 April 2011 - 07:29 AM.

[mitch8]

OK, I will take out iMesh manually. Along with the old version of java. Here is a good article explaining why I'm removing java.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Next,

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/04/21 21:05:46 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
  [2011/04/03 08:27:45 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\iMesh.lnk
  [2011/04/03 08:27:45 | 000,001,026 | ---- | C] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
  [2011/04/03 08:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
  [2011/04/03 08:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
  [2011/04/03 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\iMesh
  [2011/04/03 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\iMesh
  [2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
  [2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\searchplugins\iMeshWebSearch.xml
  FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
  FF - prefs.js..browser.search.order.1: "iMesh Web Search"
  FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  [2011/04/01 20:13:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
  O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
  O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
  
  :Services
  
  :Reg
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
  "iMesh"=-
  "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}"=-
  
  [-HKEY_LOCAL_MACHINE\software\imesh]
  [-HKEY_CURRENT_USER\software\imesh]
  [-HKEY_CLASSES_ROOT\imesh.document]
  [-HKEY_CLASSES_ROOT\imesh.document]
  
  :Files
  C:\Program Files\Common Files\imesh
  
  :Commands
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then choose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

Next,

Can you try uninstalling Open Office and installing it again?
Did the above steps fix the search issue?

[jose b]

-I run firefox as administrator and could remove the outdated java thanks to your link
-suddenly after 12 hours or so firefox showed an update of vuze which I downloaded and search is now working, miraculously

working through the rest of your reply now :-)

the OTL log

OTL logfile created on: 4/23/2011 1:50:56 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jose\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 49.00 Mb Available Physical Memory | 5.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 35.91 Gb Free Space | 35.91% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.77 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: JOSE-EEEPC | User Name: Jose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
PRC - [2011/04/08 18:46:30 | 000,061,864 | ---- | M] () -- C:\Program Files\Raptr\raptr.exe
PRC - [2011/04/08 18:46:30 | 000,043,944 | ---- | M] () -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2011/04/01 21:07:44 | 000,572,328 | ---- | M] (Raptr Inc.) -- C:\Program Files\Raptr\raptr_ep32.exe
PRC - [2011/03/23 22:02:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/17 22:07:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/04 23:14:19 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/04 23:14:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/04 01:55:06 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/31 13:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Jose\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/11/16 19:12:32 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009/07/14 02:14:39 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
MOD - [2011/04/01 21:07:42 | 000,576,936 | ---- | M] (Raptr Inc.) -- C:\Program Files\Raptr\ltc_help32-48855.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 22:07:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/04 23:14:19 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/04 01:55:06 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/16 19:12:32 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 22:07:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/04 22:37:46 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/31 19:10:31 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/03/24 04:18:12 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2010/03/24 04:15:43 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/24 04:15:08 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/03/24 04:04:50 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/02/12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/11/04 16:59:38 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 16:59:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/10/12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/09/10 14:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 1.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {30421e54-3b57-4e5b-947c-9b6beea57683}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/25 23:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 22:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/22 14:24:23 | 000,000,000 | ---D | M]

[2011/04/04 23:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\Mozilla\Extensions
[2011/04/23 01:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions
[2011/04/23 01:07:21 | 000,000,000 | ---D | M] (Productivity 1.12 Community Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{30421e54-3b57-4e5b-947c-9b6beea57683}
[2010/10/26 21:23:53 | 000,000,000 | ---D | M] (TranslatorBar Brazil Community Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{8d83a683-ee4a-4bf6-b150-a4565d4ebe0f}
[2010/09/05 16:05:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/23 01:07:22 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/08/31 19:11:29 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011/04/23 01:07:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\[email protected]
[2010/08/27 12:17:41 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\extensions\radiobar@toolbar
[2010/08/27 11:37:29 | 000,001,589 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\ipefsf9t.default\searchplugins\web-search.xml
[2011/04/23 01:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/03 16:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/25 23:35:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2011/03/21 18:04:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/21 18:04:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/21 18:04:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/21 18:04:30 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/21 23:15:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe ()
O4 - Startup: C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 01:36:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/23 01:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/23 01:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/23 01:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
[2011/04/23 01:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/04/23 01:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/04/23 01:13:36 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\Conduit
[2011/04/23 01:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2011/04/22 01:05:12 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/22 01:03:05 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/22 00:52:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/21 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Malwarebytes
[2011/04/21 23:26:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/21 23:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 23:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/21 23:25:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/21 23:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 23:14:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/21 20:47:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
[2011/04/20 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\dvhn_files
[2011/04/14 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Avira
[2011/04/14 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/14 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/14 10:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/14 10:48:41 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV
[2011/04/14 10:48:41 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV\1201000.025
[2011/04/14 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/04/14 10:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/14 10:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/13 19:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/04/13 18:29:31 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Uniblue
[2011/04/12 17:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32. Trojan . Agent Removal Tool
[2011/04/12 08:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/04/12 08:18:26 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\PC Tools
[2011/04/11 06:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/11 05:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool
[2011/04/11 05:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/10 16:59:01 | 000,000,000 | ---D | C] -- C:\Rbackup
[2011/04/10 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/04/03 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\moordenaar_door_cijfers_files
[2011/04/03 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\tragedie_files
[2011/04/03 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/04/03 17:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/04/03 17:34:44 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\Symantec
[2011/04/03 17:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Local\Symantec_Corporation
[2011/04/03 16:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/03 12:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/03 12:50:48 | 000,138,592 | ---- | C] (StorageCraft) -- C:\windows\System32\drivers\symsnap.sys
[2011/04/03 12:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
[2011/04/03 12:49:36 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\vproeventmonitor.sys
[2011/04/03 12:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Ghost
[2011/04/03 12:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2011/04/03 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jose\Documents\My Received Files
[2011/04/03 08:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8A4124D0-6AF6-4584-A7BF-4CDFECF4B129}
[2011/04/02 05:26:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/04/01 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2011/03/30 00:11:08 | 000,000,000 | ---D | C] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoft
[2011/03/27 22:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/27 22:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/27 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/27 21:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/27 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/26 19:32:52 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2010/03/24 04:15:08 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011/04/23 01:53:05 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 01:53:05 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 01:44:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/23 01:44:14 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/23 01:34:53 | 000,000,898 | ---- | M] () -- C:\Users\Jose\Desktop\NTREGOPT.lnk
[2011/04/23 01:34:53 | 000,000,879 | ---- | M] () -- C:\Users\Jose\Desktop\ERUNT.lnk
[2011/04/23 01:16:08 | 000,001,596 | ---- | M] () -- C:\Users\Jose\Desktop\Raptr.lnk
[2011/04/23 01:15:02 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/04/23 01:15:02 | 000,001,798 | ---- | M] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/04/22 17:27:43 | 000,784,218 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 5.odt
[2011/04/22 17:27:06 | 000,784,217 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 4.odt
[2011/04/22 14:24:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/22 12:34:54 | 007,408,989 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (39).wma
[2011/04/22 12:27:53 | 000,632,602 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/22 12:27:53 | 000,112,556 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/22 01:53:14 | 004,400,689 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (38).wma
[2011/04/22 01:39:45 | 000,348,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/22 01:29:22 | 060,310,169 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (37).wma
[2011/04/21 23:57:40 | 011,652,039 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (36).wma
[2011/04/21 23:26:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 23:15:08 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/04/21 23:13:43 | 065,998,999 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (35).wma
[2011/04/21 20:47:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL.exe
[2011/04/21 20:45:29 | 000,566,821 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 7.odt
[2011/04/21 20:44:56 | 000,840,988 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 3.odt
[2011/04/21 20:44:29 | 000,817,192 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 2.odt
[2011/04/21 20:44:00 | 000,870,445 | ---- | M] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk.odt
[2011/04/21 20:43:19 | 000,691,912 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 6.odt
[2011/04/21 20:42:47 | 000,580,609 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 5.odt
[2011/04/21 20:42:09 | 000,611,140 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 4.odt
[2011/04/21 20:41:27 | 000,615,513 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 3.odt
[2011/04/21 20:40:58 | 000,716,074 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag 2.odt
[2011/04/21 20:40:27 | 000,711,453 | ---- | M] () -- C:\Users\Jose\Documents\baby valkje 1 dag.odt
[2011/04/21 20:40:03 | 000,617,895 | ---- | M] () -- C:\Users\Jose\Documents\mooi he valk 2011.odt
[2011/04/21 20:38:04 | 137,767,159 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (34).wma
[2011/04/21 11:16:00 | 207,092,759 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (33).wma
[2011/04/20 21:37:06 | 000,519,800 | ---- | M] () -- C:\Users\Jose\Documents\eerste baby valkje 2011.odt
[2011/04/20 17:13:16 | 000,357,782 | ---- | M] () -- C:\Users\Jose\Documents\Daily_News_of_the_North_02_02_06_page_3.pdf
[2011/04/20 17:11:20 | 000,001,136 | ---- | M] () -- C:\Users\Jose\Documents\dvhn.htm
[2011/04/20 16:53:19 | 020,685,919 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (32).wma
[2011/04/20 11:50:46 | 270,177,259 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (31).wma
[2011/04/19 10:53:11 | 217,752,019 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (30).wma
[2011/04/18 17:42:37 | 000,845,295 | ---- | M] () -- C:\Users\Jose\Documents\arendjes voeren 2 wk oud.odt
[2011/04/18 17:41:53 | 000,741,227 | ---- | M] () -- C:\Users\Jose\Documents\arends ouders.odt
[2011/04/18 12:49:14 | 401,927,329 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (29).wma
[2011/04/17 01:54:28 | 302,388,519 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (28).wma
[2011/04/16 22:49:32 | 000,030,908 | ---- | M] () -- C:\Users\Jose\Documents\Gill WP.odt
[2011/04/16 15:19:39 | 000,001,411 | ---- | M] () -- C:\Users\Jose\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 15:15:52 | 026,644,149 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (27).wma
[2011/04/16 15:12:04 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 14:07:15 | 086,787,699 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (26).wma
[2011/04/16 10:13:38 | 000,013,253 | ---- | M] () -- C:\Users\Jose\Desktop\Windows Update - Shortcut.lnk
[2011/04/16 03:01:16 | 390,531,709 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (25).wma
[2011/04/15 14:17:03 | 093,176,969 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (24).wma
[2011/04/15 10:38:28 | 048,209,619 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (23).wma
[2011/04/14 20:59:03 | 013,825,199 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (22).wma
[2011/04/14 20:36:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\NAV\1201000.025\Cat.DB
[2011/04/14 20:36:20 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/04/14 20:27:53 | 016,855,949 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (21).wma
[2011/04/14 19:05:39 | 008,356,379 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (20).wma
[2011/04/14 18:40:39 | 027,838,489 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (19).wma
[2011/04/14 17:46:57 | 003,911,279 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (18).wma
[2011/04/14 14:04:53 | 002,788,779 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (17).wma
[2011/04/14 12:10:17 | 018,207,439 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (16).wma
[2011/04/14 11:09:34 | 047,940,219 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (15).wma
[2011/04/14 09:28:40 | 022,585,189 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (14).wma
[2011/04/14 08:31:15 | 109,789,969 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (13).wma
[2011/04/13 18:48:57 | 021,107,979 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (12).wma
[2011/04/13 18:07:02 | 034,555,529 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (11).wma
[2011/04/13 09:27:08 | 012,567,999 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (10).wma
[2011/04/13 08:32:47 | 069,891,829 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (9).wma
[2011/04/12 18:29:38 | 000,833,129 | ---- | M] () -- C:\Users\Jose\Documents\2 wk arendje.odt
[2011/04/12 10:20:06 | 028,354,839 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (8).wma
[2011/04/12 09:33:03 | 014,893,819 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (7).wma
[2011/04/12 08:43:51 | 004,661,109 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (6).wma
[2011/04/12 08:29:31 | 048,492,489 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (5).wma
[2011/04/12 06:55:58 | 035,520,879 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (4).wma
[2011/04/12 05:54:10 | 005,855,449 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (3).wma
[2011/04/12 05:34:58 | 005,285,219 | ---- | M] () -- C:\Users\Jose\Documents\Untitled (2).wma
[2011/04/12 05:22:59 | 011,701,429 | ---- | M] () -- C:\Users\Jose\Documents\Untitled.wma
[2011/04/12 04:17:21 | 160,006,129 | ---- | M] () -- C:\Users\Jose\Documents\2011-273.wma
[2011/04/11 08:03:50 | 023,855,859 | ---- | M] () -- C:\Users\Jose\Documents\2011-272.wma
[2011/04/11 07:24:08 | 023,384,409 | ---- | M] () -- C:\Users\Jose\Documents\2011-271.wma
[2011/04/11 05:38:30 | 018,966,249 | ---- | M] () -- C:\Users\Jose\Documents\2011-270.wma
[2011/04/11 04:50:41 | 049,579,069 | ---- | M] () -- C:\Users\Jose\Documents\2011-269.wma
[2011/04/10 17:17:22 | 116,017,599 | ---- | M] () -- C:\Users\Jose\Documents\2011-268.wma
[2011/04/10 01:53:44 | 000,758,139 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 6.odt
[2011/04/10 01:53:11 | 000,779,786 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 5.odt
[2011/04/10 01:52:38 | 000,761,306 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 4.odt
[2011/04/10 01:52:08 | 000,738,430 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk 3.odt
[2011/04/10 01:51:42 | 000,743,414 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk2.odt
[2011/04/10 01:51:09 | 000,831,299 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 1 wk.odt
[2011/04/09 19:12:43 | 211,802,769 | ---- | M] () -- C:\Users\Jose\Documents\2011-267.wma
[2011/04/09 02:45:23 | 000,537,306 | ---- | M] () -- C:\Users\Jose\Documents\nacht arend2.odt
[2011/04/09 02:44:12 | 000,505,695 | ---- | M] () -- C:\Users\Jose\Documents\nacht arends.odt
[2011/04/09 01:31:26 | 000,786,010 | ---- | M] () -- C:\Users\Jose\Documents\arendjes2 2011.odt
[2011/04/09 01:30:57 | 000,782,426 | ---- | M] () -- C:\Users\Jose\Documents\arendjes 2011.odt
[2011/04/08 09:25:45 | 336,615,789 | ---- | M] () -- C:\Users\Jose\Documents\2011-266.wma
[2011/04/08 06:21:07 | 000,512,836 | ---- | M] () -- C:\Users\Jose\Documents\strawberrie nails.odt
[2011/04/07 22:27:14 | 000,731,139 | ---- | M] () -- C:\Users\Jose\Documents\3 baby arendjes.odt
[2011/04/07 18:32:18 | 222,839,189 | ---- | M] () -- C:\Users\Jose\Documents\2011-265.wma
[2011/04/07 00:40:10 | 031,408,039 | ---- | M] () -- C:\Users\Jose\Documents\2011-264.wma
[2011/04/06 21:14:06 | 285,551,019 | ---- | M] () -- C:\Users\Jose\Documents\2011-263.wma
[2011/04/05 19:37:55 | 000,837,322 | ---- | M] () -- C:\Users\Jose\Documents\2 baby arendjes.odt
[2011/04/04 21:32:36 | 166,612,272 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/04/04 02:40:10 | 238,585,619 | ---- | M] () -- C:\Users\Jose\Documents\2011-262.wma
[2011/04/03 21:46:27 | 000,074,854 | ---- | M] () -- C:\Users\Jose\Documents\moordenaar_door_cijfers.htm
[2011/04/03 21:45:28 | 000,037,292 | ---- | M] () -- C:\Users\Jose\Documents\tragedie.htm
[2011/04/03 20:06:43 | 000,002,136 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\096A.8CE
[2011/04/03 17:16:55 | 022,648,049 | ---- | M] () -- C:\Users\Jose\Documents\2011-261.wma
[2011/04/03 13:29:12 | 069,092,609 | ---- | M] () -- C:\Users\Jose\Documents\2011-260.wma
[2011/04/03 12:49:33 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/04/02 05:26:49 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/04/02 05:10:53 | 000,437,514 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 4.odt
[2011/04/02 05:10:23 | 000,430,403 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 3.odt
[2011/04/02 05:09:41 | 000,540,754 | ---- | M] () -- C:\Users\Jose\Documents\male eagle 2.odt
[2011/04/02 05:09:02 | 000,604,478 | ---- | M] () -- C:\Users\Jose\Documents\male eagle.odt
[2011/04/02 01:38:26 | 000,464,812 | ---- | M] () -- C:\Users\Jose\Documents\eagle male.odt
[2011/04/02 01:00:48 | 000,459,491 | ---- | M] () -- C:\Users\Jose\Documents\eagle 3.odt
[2011/04/02 00:52:09 | 000,582,178 | ---- | M] () -- C:\Users\Jose\Documents\eagle 2 2011 april.odt
[2011/04/01 19:41:20 | 000,732,838 | ---- | M] () -- C:\Users\Jose\Documents\eagle 2011.odt
[2011/03/30 00:14:25 | 000,001,201 | ---- | M] () -- C:\Users\Jose\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/27 22:00:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/04/23 01:34:53 | 000,000,898 | ---- | C] () -- C:\Users\Jose\Desktop\NTREGOPT.lnk
[2011/04/23 01:34:53 | 000,000,879 | ---- | C] () -- C:\Users\Jose\Desktop\ERUNT.lnk
[2011/04/23 01:16:08 | 000,001,596 | ---- | C] () -- C:\Users\Jose\Desktop\Raptr.lnk
[2011/04/22 17:27:38 | 000,784,218 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 5.odt
[2011/04/22 17:27:01 | 000,784,217 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 4.odt
[2011/04/22 14:24:24 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/22 12:24:12 | 007,408,989 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (39).wma
[2011/04/22 01:53:13 | 004,400,689 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (38).wma
[2011/04/22 01:29:20 | 060,310,169 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (37).wma
[2011/04/22 00:54:49 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/22 00:50:37 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/22 00:50:11 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2011/04/21 23:57:40 | 011,652,039 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (36).wma
[2011/04/21 23:26:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 23:13:41 | 065,998,999 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (35).wma
[2011/04/21 20:45:26 | 000,566,821 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 7.odt
[2011/04/21 20:44:53 | 000,840,988 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 3.odt
[2011/04/21 20:44:26 | 000,817,192 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk 2.odt
[2011/04/21 20:43:57 | 000,870,445 | ---- | C] () -- C:\Users\Jose\Documents\arendjes groot 2.5 wk.odt
[2011/04/21 20:43:16 | 000,691,912 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 6.odt
[2011/04/21 20:42:44 | 000,580,609 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 5.odt
[2011/04/21 20:42:05 | 000,611,140 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 4.odt
[2011/04/21 20:41:24 | 000,615,513 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 3.odt
[2011/04/21 20:40:55 | 000,716,074 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag 2.odt
[2011/04/21 20:40:24 | 000,711,453 | ---- | C] () -- C:\Users\Jose\Documents\baby valkje 1 dag.odt
[2011/04/21 20:39:57 | 000,617,895 | ---- | C] () -- C:\Users\Jose\Documents\mooi he valk 2011.odt
[2011/04/21 20:38:00 | 137,767,159 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (34).wma
[2011/04/21 11:15:57 | 207,092,759 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (33).wma
[2011/04/20 21:36:54 | 000,519,800 | ---- | C] () -- C:\Users\Jose\Documents\eerste baby valkje 2011.odt
[2011/04/20 17:13:13 | 000,357,782 | ---- | C] () -- C:\Users\Jose\Documents\Daily_News_of_the_North_02_02_06_page_3.pdf
[2011/04/20 17:11:08 | 000,001,136 | ---- | C] () -- C:\Users\Jose\Documents\dvhn.htm
[2011/04/20 16:53:15 | 020,685,919 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (32).wma
[2011/04/19 10:54:13 | 270,177,259 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (31).wma
[2011/04/18 17:42:34 | 000,845,295 | ---- | C] () -- C:\Users\Jose\Documents\arendjes voeren 2 wk oud.odt
[2011/04/18 17:41:48 | 000,741,227 | ---- | C] () -- C:\Users\Jose\Documents\arends ouders.odt
[2011/04/18 12:50:47 | 217,752,019 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (30).wma
[2011/04/18 12:49:14 | 401,927,329 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (29).wma
[2011/04/16 22:49:30 | 000,030,908 | ---- | C] () -- C:\Users\Jose\Documents\Gill WP.odt
[2011/04/16 15:50:54 | 302,388,519 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (28).wma
[2011/04/16 15:12:04 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 14:38:48 | 026,644,149 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (27).wma
[2011/04/16 14:07:13 | 086,787,699 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (26).wma
[2011/04/16 10:13:38 | 000,013,253 | ---- | C] () -- C:\Users\Jose\Desktop\Windows Update - Shortcut.lnk
[2011/04/15 14:27:55 | 390,531,709 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (25).wma
[2011/04/15 14:16:59 | 093,176,969 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (24).wma
[2011/04/15 10:38:25 | 048,209,619 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (23).wma
[2011/04/14 20:59:03 | 013,825,199 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (22).wma
[2011/04/14 20:36:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\NAV\1201000.025\Cat.DB
[2011/04/14 20:36:20 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/04/14 20:27:52 | 016,855,949 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (21).wma
[2011/04/14 19:05:39 | 008,356,379 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (20).wma
[2011/04/14 18:40:37 | 027,838,489 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (19).wma
[2011/04/14 17:46:55 | 003,911,279 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (18).wma
[2011/04/14 14:04:52 | 002,788,779 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (17).wma
[2011/04/14 12:10:16 | 018,207,439 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (16).wma
[2011/04/14 09:44:20 | 047,940,219 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (15).wma
[2011/04/14 09:28:40 | 022,585,189 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (14).wma
[2011/04/14 08:31:13 | 109,789,969 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (13).wma
[2011/04/13 18:48:56 | 021,107,979 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (12).wma
[2011/04/13 17:11:16 | 034,555,529 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (11).wma
[2011/04/13 09:27:07 | 012,567,999 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (10).wma
[2011/04/12 18:29:29 | 000,833,129 | ---- | C] () -- C:\Users\Jose\Documents\2 wk arendje.odt
[2011/04/12 17:39:20 | 069,891,829 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (9).wma
[2011/04/12 10:20:04 | 028,354,839 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (8).wma
[2011/04/12 09:33:01 | 014,893,819 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (7).wma
[2011/04/12 08:43:51 | 004,661,109 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (6).wma
[2011/04/12 08:29:29 | 048,492,489 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (5).wma
[2011/04/12 06:55:57 | 035,520,879 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (4).wma
[2011/04/12 05:54:10 | 005,855,449 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (3).wma
[2011/04/12 05:34:58 | 005,285,219 | ---- | C] () -- C:\Users\Jose\Documents\Untitled (2).wma
[2011/04/12 05:22:58 | 011,701,429 | ---- | C] () -- C:\Users\Jose\Documents\Untitled.wma
[2011/04/12 04:17:19 | 160,006,129 | ---- | C] () -- C:\Users\Jose\Documents\2011-273.wma
[2011/04/11 08:03:49 | 023,855,859 | ---- | C] () -- C:\Users\Jose\Documents\2011-272.wma
[2011/04/11 07:24:07 | 023,384,409 | ---- | C] () -- C:\Users\Jose\Documents\2011-271.wma
[2011/04/11 05:38:29 | 018,966,249 | ---- | C] () -- C:\Users\Jose\Documents\2011-270.wma
[2011/04/11 04:50:38 | 049,579,069 | ---- | C] () -- C:\Users\Jose\Documents\2011-269.wma
[2011/04/10 17:17:21 | 116,017,599 | ---- | C] () -- C:\Users\Jose\Documents\2011-268.wma
[2011/04/10 01:53:38 | 000,758,139 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 6.odt
[2011/04/10 01:53:07 | 000,779,786 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 5.odt
[2011/04/10 01:52:32 | 000,761,306 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 4.odt
[2011/04/10 01:52:04 | 000,738,430 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk 3.odt
[2011/04/10 01:51:37 | 000,743,414 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk2.odt
[2011/04/10 01:51:09 | 000,831,299 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 1 wk.odt
[2011/04/09 02:45:19 | 000,537,306 | ---- | C] () -- C:\Users\Jose\Documents\nacht arend2.odt
[2011/04/09 02:44:06 | 000,505,695 | ---- | C] () -- C:\Users\Jose\Documents\nacht arends.odt
[2011/04/09 01:31:22 | 000,786,010 | ---- | C] () -- C:\Users\Jose\Documents\arendjes2 2011.odt
[2011/04/09 01:30:51 | 000,782,426 | ---- | C] () -- C:\Users\Jose\Documents\arendjes 2011.odt
[2011/04/08 20:22:54 | 211,802,769 | ---- | C] () -- C:\Users\Jose\Documents\2011-267.wma
[2011/04/08 09:25:43 | 336,615,789 | ---- | C] () -- C:\Users\Jose\Documents\2011-266.wma
[2011/04/08 06:21:00 | 000,512,836 | ---- | C] () -- C:\Users\Jose\Documents\strawberrie nails.odt
[2011/04/07 22:27:14 | 000,731,139 | ---- | C] () -- C:\Users\Jose\Documents\3 baby arendjes.odt
[2011/04/07 18:32:16 | 222,839,189 | ---- | C] () -- C:\Users\Jose\Documents\2011-265.wma
[2011/04/07 00:40:09 | 031,408,039 | ---- | C] () -- C:\Users\Jose\Documents\2011-264.wma
[2011/04/06 21:14:05 | 285,551,019 | ---- | C] () -- C:\Users\Jose\Documents\2011-263.wma
[2011/04/05 19:37:51 | 000,837,322 | ---- | C] () -- C:\Users\Jose\Documents\2 baby arendjes.odt
[2011/04/04 02:40:08 | 238,585,619 | ---- | C] () -- C:\Users\Jose\Documents\2011-262.wma
[2011/04/03 21:46:19 | 000,074,854 | ---- | C] () -- C:\Users\Jose\Documents\moordenaar_door_cijfers.htm
[2011/04/03 21:45:04 | 000,037,292 | ---- | C] () -- C:\Users\Jose\Documents\tragedie.htm
[2011/04/03 20:01:04 | 000,002,136 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\096A.8CE
[2011/04/03 17:16:53 | 022,648,049 | ---- | C] () -- C:\Users\Jose\Documents\2011-261.wma
[2011/04/03 13:29:11 | 069,092,609 | ---- | C] () -- C:\Users\Jose\Documents\2011-260.wma
[2011/04/03 12:49:33 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/04/02 05:26:49 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/04/02 05:10:49 | 000,437,514 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 4.odt
[2011/04/02 05:10:19 | 000,430,403 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 3.odt
[2011/04/02 05:09:37 | 000,540,754 | ---- | C] () -- C:\Users\Jose\Documents\male eagle 2.odt
[2011/04/02 05:08:57 | 000,604,478 | ---- | C] () -- C:\Users\Jose\Documents\male eagle.odt
[2011/04/02 01:38:21 | 000,464,812 | ---- | C] () -- C:\Users\Jose\Documents\eagle male.odt
[2011/04/02 01:00:41 | 000,459,491 | ---- | C] () -- C:\Users\Jose\Documents\eagle 3.odt
[2011/04/02 00:52:02 | 000,582,178 | ---- | C] () -- C:\Users\Jose\Documents\eagle 2 2011 april.odt
[2011/04/01 19:41:10 | 000,732,838 | ---- | C] () -- C:\Users\Jose\Documents\eagle 2011.odt
[2011/03/30 00:14:25 | 000,001,201 | ---- | C] () -- C:\Users\Jose\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/27 22:00:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/12 18:34:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/11 19:15:11 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/07/11 18:58:34 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/03/25 12:51:14 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/03/25 12:51:14 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/03/25 12:48:04 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/25 12:46:05 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\windows\pw32a.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\windows\patchw32.dll
[2009/10/29 18:14:28 | 000,145,192 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,348,920 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,632,602 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,556 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2010/03/25 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\ASUS WebStorage
[2011/04/23 01:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Azureus
[2010/07/12 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/23 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Dropbox
[2011/03/30 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoft
[2011/03/30 00:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/07/11 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\E-Cam
[2010/08/31 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\GameHouse
[2010/11/26 18:04:08 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\NCH Swift Sound
[2010/07/12 12:28:22 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\OpenOffice.org
[2010/07/12 11:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Opera
[2010/08/26 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\PlayFirst
[2011/04/23 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Raptr
[2010/08/31 20:35:53 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Recordpad
[2011/04/14 20:35:57 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\T-Mobile Internet Manager
[2011/04/14 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Uniblue
[2010/12/03 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Vodafone
[2011/03/29 18:13:03 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Windows Live Writer
[2010/11/14 15:54:30 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2F370DA6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:115CEE00
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

sorry :-( too tired it's 2.30 am and I made a mistake I didn't run AVP in safemode. I start over tommorow, going to sleep now thanks for now bye jose

Edited by jose b, 22 April 2011 - 07:36 PM.

[jose b]

hello mitch :-)

everything is working fine! Imesh is gone, Vuze search is back and updating, openoffice is reinstalled and updating, that outdated java is gone, windows update and anti virus are working and are updated :-)))))))))))))

Autoscan: completed 27 minutes ago (events: 2, objects: 943111, time: 02:37:48)
23/04/2011 12:45:35 Task started
23/04/2011 15:23:24 Task completed

nothing was detected during the scan in safe mode, this was all it said I couldn't find any other rapport which said "detected".

I did not do a scan of my removable external harddisk which I use as a back up because there is a trojan in my email :-) It's trapped in a zip file and I leave it there because I don't want to loose my email and if I open it the emails are put in quarantine and then there is no way to see what is in them and I don't know what will happen if that trojan is released with all the hard work you have done fixing my netbook :-) I don't know if it is the same trojan agent acvf or something else.

Thank you soooooooo much for what you have done :-) so glad I found this forum

Thank you for all your help and time

Jose :-)

Edited by jose b, 23 April 2011 - 09:43 AM.

[mitch8]

It looks like your log is clean You need to remove the malware removal tools from your computer, to do that:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [CLEARALLRESTOREPOINTS]
  

• Then click the Run Fix button at the top

Open up OTL again and click on CleanUp This will remove most of the tools we used. You can delete the rest that are left over.

Please follow the steps below to keep your computer clean.

• Update your computer - To check for updates yourself go to http://windowsupdate.microsoft.com It is very important to check for updates often as my security problems are fixed with updates. Also make sure your computer will update automatically, to do that:
  
  • Go the control panel
  • Click on security center
  • Then "Automatic Updates"
  • Select Automatic (recommended)
  • Pick the time and click ok
• Update Adobe Reader- It's good to keep Adobe Reader updated to because many security problems are fixed in updates. To check for updates:
  
  • Open Adobe Reader
  • On the menu bar click on help then check for updates...
  • The program will then tell you if updates are available
• Anti-spyware programs - These programs will scan your computer and delete spyware. If you do not have any anti-spyware programs on your computer I recommend:
  
  • Malware Bytes
  • SUPERAntiSpyware
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A good tutorial on SpywareBlaster can be found at http://www.bleepingcomputer.com/tutorials/tutorial49.html
  
• Safe web browsing - You can install one of the toolbars below that will warn you about a malicious website.
  
  • WOT (web of trust)
  • McAfee SiteAdvisor
• Update your security software! You have to update you security software to make sure your computer is safe from new malware threats.
  
• And also see TonyKlein's article
  So how did I get infected in the first place?

[jose b]

hello mitch,

I did everything you said in your last email and installed all the anti malware programs and did all the points of Tony Klein. Except MVPS Hosts, point 8, that's too difficult for me. I try to read the article about it and the windows 7 instruction but I get different files and can't run it as administrator and get total different screens. I use windowsRAR.
Everything else is working fine and I get warnings all the time :-)

jose b

[mitch8]

Hi,

SpywareBlaster will blacklist websites so it's fine you can't get the hosts file to work.

If you still want to add add to the hosts file you can edit it yourself. Hit the windows key + R on the keyboard to bring up the run dialog.

Copy this and press enter:

notepad C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

Go back to http://mvps.org/winhelp2002/hosts.txt to copy the hosts file entries and paste them into your hosts file.

[jose b]

hello mitch

I did a scan yesterday and found 255 tracking coockie files, so yes I want hosts also :-)
but the same problem arrised, no possibility to run as administrator, or allowed to save the file as you recommended manually. I found a solution http://www.howtogeek...-windows-vista/ but it means changing the registry which is dangerous so I am still working on it. It seems to be a windows 7 problem

jose