Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

frequent crashes on laptop with vista, sometimes with blue screen


  • This topic is locked This topic is locked

#1
wargoat

wargoat

    Member

  • Member
  • PipPip
  • 49 posts
Hello,

I'm using a packard bell easy note with windows vista home premium, 2007; with intel® core™2 duo cpu t5550 @ 1,83GHz; 3 GB RAM; 32-bits system. Since last week my laptop occasionally crashes. This can be while i'm on internet explorer, google chrome but also working in word or even when no programs are openened. In some cases the machine freezes leaving the screen as it was but i'm not being able to click anything or use ctrl-alt-del to get to the task manager. I am able to move my mouse. Every time this happens i have to force shut down by pressing the power button. When this happened a couple of time the machine ran an automatic system restore but nothing changed. I also got two blue screens but i never had the time to read what was on cause seconds later the machine rebooted. I ran NTREGOPT to see if that would help without result. I have antivir as antivirus program and tried twice to do a full system scan but never get to the end cause the machine crashes again. I have no idea if it's a viral, malware or hardware problem. Below are the OTL files i got by doing a quick scan. Please let me know if you need more information, hopefully i can provide it.
Thx already

Jan

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718


[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\[email protected]
[2008/08/09 08:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\48cvaga5.default\extensions
[2008/12/27 23:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/11 15:58:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\tbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1555766148164 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1555766323447 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game05.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.133 195.130.131.133
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/10/25 14:14:59 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/26 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2011/04/26 14:59:29 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/04/26 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/04/26 00:20:31 | 000,000,000 | ---D | C] -- C:\Temp
[2011/04/22 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2011/04/22 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/22 14:07:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\.minecraft
[2011/04/22 13:56:45 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\MediaGet2
[2011/04/07 13:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/04/07 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

========== Files - Modified Within 30 Days ==========

[2011/04/26 15:32:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/26 15:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Uitgebreide garantie.job
[2011/04/26 15:14:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 15:14:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 14:50:23 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2011/04/26 14:50:02 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 14:49:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 23:33:51 | 004,718,592 | ---- | M] () -- C:\Users\Jan\ntuser.bak
[2011/04/25 22:29:49 | 015,106,961 | ---- | M] () -- C:\Users\Jan\Documents\Duke Nukem 3D.rar
[2011/04/22 18:11:22 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2011/04/16 13:00:58 | 000,372,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 13:23:08 | 000,038,912 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 13:19:54 | 003,728,048 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/04/14 13:19:54 | 001,533,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/14 13:19:54 | 001,161,854 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/04/14 13:19:54 | 001,004,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/06 15:20:50 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/04/06 15:20:49 | 000,001,395 | ---- | M] () -- C:\Users\Jan\Desktop\DivX Movies.lnk
[2011/04/06 14:51:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/06 14:51:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/06 14:51:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/02 18:16:07 | 000,337,078 | ---- | M] () -- C:\Users\Jan\Desktop\dora2.bmp
[2011/04/02 18:15:50 | 000,581,878 | ---- | M] () -- C:\Users\Jan\Desktop\dora1.bmp
[2011/03/29 12:34:01 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/04/25 22:29:28 | 015,106,961 | ---- | C] () -- C:\Users\Jan\Documents\Duke Nukem 3D.rar
[2011/04/06 15:20:50 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/04/06 15:20:49 | 000,001,395 | ---- | C] () -- C:\Users\Jan\Desktop\DivX Movies.lnk
[2011/04/06 14:51:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/02 18:16:07 | 000,337,078 | ---- | C] () -- C:\Users\Jan\Desktop\dora2.bmp
[2011/04/02 18:15:50 | 000,581,878 | ---- | C] () -- C:\Users\Jan\Desktop\dora1.bmp
[2011/02/14 11:13:17 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/14 11:13:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/14 11:13:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/14 11:13:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/14 11:13:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/14 11:13:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/14 11:13:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/14 11:13:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/14 11:13:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/14 11:13:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/14 11:13:17 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/14 11:13:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/14 11:13:17 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/14 11:13:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/14 11:13:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/10 22:31:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/19 14:27:28 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2010/03/19 14:21:30 | 000,000,767 | ---- | C] () -- C:\Windows\Qiii.INI
[2009/10/22 15:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 15:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/03 03:41:28 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/28 23:25:14 | 000,008,944 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2008/10/05 17:40:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/05 17:40:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/08/09 12:35:36 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/08/09 12:35:36 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/08/09 12:35:36 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/08/09 12:35:35 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008/08/09 12:35:35 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/08/09 12:35:07 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/09 12:35:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008/08/09 08:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/07 19:33:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 19:36:45 | 000,024,064 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\UserTile.png
[2008/07/30 21:08:22 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2008/07/30 21:08:20 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2008/07/30 20:59:47 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/07/30 14:57:23 | 000,038,912 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/17 05:21:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,372,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 001,533,666 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 001,004,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/11 23:09:52 | 003,728,048 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/03/11 23:09:52 | 001,161,854 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/03/11 23:09:52 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/03/11 23:09:52 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/03/11 16:04:10 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2006/03/11 16:02:03 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\udfpt.sys

========== LOP Check ==========

[2011/04/22 14:07:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft
[2008/12/01 21:19:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\aAvgApi
[2009/06/18 23:00:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\HLSW
[2011/01/26 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LimeWire
[2008/08/09 08:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Packard Bell
[2008/08/02 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PeerNetworking
[2011/04/26 15:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2010/01/05 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Ubisoft
[2011/04/26 02:02:36 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/26 15:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Uitgebreide garantie.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E

< End of report >


OTL Extras logfile created on: 26/04/2011 15:29:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): v:\pagefile.sys 3000 4048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,58 Gb Total Space | 2,38 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Drive D: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 86,68 Gb Total Space | 15,05 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Drive G: | 87,62 Gb Total Space | 73,47 Gb Free Space | 83,85% Space Free | Partition Type: NTFS
Drive V: | 4,00 Gb Total Space | 0,72 Gb Free Space | 18,07% Space Free | Partition Type: NTFS

Computer Name: JAN | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2283DC47-7C93-438E-BD6E-311BDE4F333E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F72E490-F7A2-43C3-BD54-B4381EAAE647}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4571A37B-1DF6-4A1C-94EA-9D23986BDAF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45EE5F05-04B5-4C3E-8132-E2BE7694B513}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C806EE3-D33E-4F47-A282-756D0E5305D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A1FFC00-0406-4392-AC5E-9C0283EF36D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{636AF814-1077-41D3-8BF8-14452A29B031}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70C2E308-D8B3-4350-9EDF-7456228CE1D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADC4EA75-0F44-41BA-9FDD-D0FD2AF44D15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA755056-7C7D-4E56-9757-56330F49D8BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5D18FF3-0660-4884-86A9-5FCE5108E426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DBBA22AD-C392-4097-A9D7-434E55AD53D9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD90FF-AF1B-4187-82F8-14731C2285DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11A66862-513F-48A5-AC1A-0066FBBC36A3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{18DE6B5C-D410-4024-931D-9A49C88B7C33}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{1AE43908-D7D7-4F14-88C6-2CD232C7B182}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E28A23F-2EAB-4017-A93F-88438CEC2B44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F627D4C-936A-4924-903F-30F862FAFE87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32AF65A4-39F0-4659-9918-65DCBC57D132}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36F72A59-E801-4C9B-9D43-B608643468A2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{45BFA105-BF8E-48FD-97FB-9FD5EAF24EBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47D92C52-3979-44B9-8B0C-DBE713A8A209}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{53F1622F-8469-47CF-BC85-9ADBDEC5C849}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{6622AEA1-7DD3-4F35-9A1C-515F42DC7BF2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{7D80230F-1292-4545-A091-D2A27E306555}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DB480EA-9EAF-4DC6-8E70-89EA9C5D2B38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83E1B189-5442-41A2-9500-08CCE6868CEA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{848EC5F0-4641-43A4-9F43-8B476DFBE062}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A7FD2AC-E5C6-4038-84C2-CED2D68427F4}" = protocol=6 | dir=out | app=system |
"{A05002BC-70B7-476C-8CFE-142ED80A804E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0D0BD28-1808-4C8D-A9A6-2F8CFE50D18F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB38AEEB-E360-441E-997F-3402D3810C42}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C2802744-B07E-4F2F-AB3A-EBF025F1D0BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB03D1CD-57EB-4EAB-A170-8BE4155B84C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC90F9C4-0415-4FF1-A2DB-C72728D006CA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{DD2E4412-1B6D-4190-93DD-7990A892C9B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE5E617A-E3C8-4C59-A9D0-76A968F1B277}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED1D0FBE-A078-4E63-9ABE-842C71AB048C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FE515412-E1F1-499A-A403-46EA662BC5AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0AD62A9D-C010-40A3-A3A7-E0C3A4B6299E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1FA0B4F6-08DA-4089-A64D-45DBFA89F903}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=6 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"TCP Query User{291A7F9B-BE6F-4467-A330-4F905E87CFF0}E:\hslw\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"TCP Query User{2ED3A543-55FD-4CF0-B900-4A76890418B6}E:\my games\dune\dune2000.dat" = protocol=6 | dir=in | app=e:\my games\dune\dune2000.dat |
"TCP Query User{434CE8CA-6544-470B-A914-DFBDC21D7431}E:\hslw\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"TCP Query User{546192A3-68B4-407A-8915-A6364487258E}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{554FE01D-89B6-4936-BAE4-F801AFE6AFFF}E:\my games\dune\dune2000.dat" = protocol=6 | dir=in | app=e:\my games\dune\dune2000.dat |
"TCP Query User{7AF80DC3-2FAB-471D-91F7-652F0BC6E3D3}E:\limewire\limewire.exe" = protocol=6 | dir=in | app=e:\limewire\limewire.exe |
"TCP Query User{94C4B8DB-68C1-4BA6-ABEB-323B3CD55A96}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{9A01AFFC-9226-4A25-A025-77531D0F6CF0}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=6 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"TCP Query User{A6018EAC-8D70-4BE9-9FE4-08DE6CEC7630}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{B4F977E3-1249-41AB-9054-235D15098CDE}E:\limewire\limewire.exe" = protocol=6 | dir=in | app=e:\limewire\limewire.exe |
"TCP Query User{D0B51666-C0BC-4F70-9445-E91B608DB95B}E:\my games\doom 2\chocolate-server.exe" = protocol=6 | dir=in | app=e:\my games\doom 2\chocolate-server.exe |
"TCP Query User{FB4806EB-049B-49F2-B201-FC51C6836B30}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2643EDF2-8E64-4E70-8F81-5BEA1D99F052}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{50B2776E-28EC-4CC5-A611-D74831FD0060}E:\limewire\limewire.exe" = protocol=17 | dir=in | app=e:\limewire\limewire.exe |
"UDP Query User{5D88F0C4-6CBE-4DFC-85BE-708B8057640A}E:\hslw\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"UDP Query User{7CEF09F8-8EB7-4469-83AF-FED747914542}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{84F090B7-8A88-4AFC-9057-178C4E72F2C6}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{985AF116-31C3-400E-A3DE-FCC3D79817D9}E:\my games\dune\dune2000.dat" = protocol=17 | dir=in | app=e:\my games\dune\dune2000.dat |
"UDP Query User{B58A5926-2033-4B20-A3A3-8961E465F00B}E:\my games\dune\dune2000.dat" = protocol=17 | dir=in | app=e:\my games\dune\dune2000.dat |
"UDP Query User{C87B2AAD-6ABE-4C15-A850-48CFAC22B3A8}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{CD3A0976-6B4A-4ACE-8C6D-8A59FBB95D3A}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{DA286B88-5AD4-49B7-88D3-736BFC0CB254}E:\my games\doom 2\chocolate-server.exe" = protocol=17 | dir=in | app=e:\my games\doom 2\chocolate-server.exe |
"UDP Query User{ED25AA6C-6B9C-44F1-9A15-A513E8F3D036}E:\hslw\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"UDP Query User{FAB69108-A448-4D31-8A47-E5F545343928}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=17 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"UDP Query User{FEB30829-EC22-4028-ADB6-38F8C6A2CD0E}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=17 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"UDP Query User{FF9EBC2F-193A-46A2-953D-FEAF620600CF}E:\limewire\limewire.exe" = protocol=17 | dir=in | app=e:\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AED1A5D-2D97-4BDB-BDA3-B759673F32A1}" = Brother HL-2030
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{6372DAC4-7E35-48A6-B216-79415ACD34B3}" = HDRegBENL
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A82000000003}" = Adobe Reader 8.2.6 - Nederlands
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = Hercules WiFi Station
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2ADF4484850200A062B66ED19240994480D85943" = Windows-stuurprogrammapakket - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"blueray" = Arcsoft TotalMedia Extreme
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON S21 Series" = Printer EPSON S21 Series verwijderen
"Epson Stylus S21_T21_T27 Gebruikershandleiding" = Epson Stylus S21_T21_T27 Handboek
"ERUNT_is1" = ERUNT 1.1j
"Flashplayer" = Flash Player 9 Internet Explorer
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
"FreeSoundRecorder Toolbar" = FreeSoundRecorder Toolbar
"Google Chrome" = Google Chrome
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GOOGLETOOLBAR" = Google Toolbar
"Guild Wars" = Guild Wars
"HDMI_AudioSwitch" = HDMI Audio Switch
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.2.1.2
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"Quake III Arena" = Quake III Arena
"SETUPMYPC_NL" = SetUp My PC
"Shockwave" = Shockwave player 10
"SKYPE" = Skype 3.5.2.239
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UnityWebPlayer" = Unity Web Player
"Updator" = Packard Bell Updator
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/12/2010 7:05:56 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 23/12/2010 7:05:56 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

Error - 23/12/2010 12:11:14 | Computer Name = JAN | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection-controlepunt heeft een fout aangetroffen
en kan niet worden gestart. Gebruiker: JAN\Jan Controlepunt-id: 57 Foutcode: 0x80070005

Foutbeschrijving:
Toegang geweigerd.

Error - 23/12/2010 12:14:44 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 23/12/2010 12:14:44 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 23/12/2010 12:14:44 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

Error - 24/12/2010 5:42:06 | Computer Name = JAN | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection-controlepunt heeft een fout aangetroffen
en kan niet worden gestart. Gebruiker: JAN\Jan Controlepunt-id: 57 Foutcode: 0x80070005

Foutbeschrijving:
Toegang geweigerd.

Error - 24/12/2010 5:48:02 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 24/12/2010 5:48:02 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 24/12/2010 5:48:02 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

[ OSession Events ]
Error - 17/04/2009 8:06:58 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 500
seconds with 120 seconds of active time. This session ended with a crash.

Error - 15/03/2011 11:55:15 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/04/2011 7:24:31 | Computer Name = JAN | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 13:09:59 op 26/04/2011 is
onverwacht gebeurd.

Error - 26/04/2011 7:25:05 | Computer Name = JAN | Source = Service Control Manager | ID = 7000
Description =

Error - 26/04/2011 7:25:05 | Computer Name = JAN | Source = Service Control Manager | ID = 7024
Description =

Error - 26/04/2011 7:25:05 | Computer Name = JAN | Source = Service Control Manager | ID = 7031
Description =

Error - 26/04/2011 8:49:41 | Computer Name = JAN | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 14:35:06 op 26/04/2011 is
onverwacht gebeurd.

Error - 26/04/2011 8:49:25 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 26/04/2011 8:49:25 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 26/04/2011 8:49:25 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 26/04/2011 8:49:25 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 26/04/2011 8:50:21 | Computer Name = JAN | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, wargoat! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Sorry for the delay. I don't understand Dutch language so please bear with me. If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • Fresh OTL log
  • Extras log

  • 0

#3
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Render,

Thanks for helping out. I'd be happy to translate some of the dutch parts to english if you can't figure it out.

OTL logfile created on: 18/05/2011 12:35:05 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = c:\users\Jan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): v:\pagefile.sys 3000 4048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,58 Gb Total Space | 4,81 Gb Free Space | 10,78% Space Free | Partition Type: NTFS
Drive D: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 86,68 Gb Total Space | 13,63 Gb Free Space | 15,72% Space Free | Partition Type: NTFS
Drive G: | 87,62 Gb Total Space | 71,77 Gb Free Space | 81,92% Space Free | Partition Type: NTFS
Drive V: | 4,00 Gb Total Space | 0,73 Gb Free Space | 18,23% Space Free | Partition Type: NTFS

Computer Name: JAN | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 15:08:41 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/27 12:40:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/26 15:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\users\Jan\Downloads\OTL.exe
PRC - [2011/03/16 13:38:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 16:16:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/17 10:07:30 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
PRC - [2007/06/11 10:25:40 | 000,098,304 | ---- | M] (Hercules) -- C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/04/26 15:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\users\Jan\Downloads\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/27 12:40:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/03/16 13:38:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 13:38:16 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 19:02:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/08/09 08:41:52 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/31 15:20:24 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 05:34:00 | 008,240,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 09:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/26 05:16:50 | 000,072,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/09/14 11:43:52 | 000,038,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\udfpt.sys -- (udfpt)
DRV - [2007/07/12 14:34:26 | 000,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/31 17:01:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/08 14:38:30 | 000,046,592 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2006/11/02 10:27:23 | 000,010,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cxavsaud_IBV32.sys -- (CXAVSAUD)
DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/03/12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (rt2500usb) DWL-G122(rev.B)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packar...e=8&key=IESTART
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718


[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\[email protected]
[2008/08/09 08:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\48cvaga5.default\extensions
[2008/12/27 23:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/11 15:58:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-737OU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1555766148164 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1555766323447 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game05.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.133 195.130.130.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/10/25 14:14:59 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Media Player Classic
[2011/05/16 15:08:41 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:06:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Documents\TFC.exe
[2011/05/15 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apps
[2011/05/09 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe
[2011/04/27 15:14:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 15:14:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 15:14:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2011/04/26 14:59:29 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/04/26 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/04/26 00:20:31 | 000,000,000 | ---D | C] -- C:\Temp
[2011/04/22 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2011/04/22 14:59:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/22 14:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/22 14:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/22 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2011/05/18 12:37:03 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 12:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Uitgebreide garantie.job
[2011/05/18 12:29:26 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2011/05/18 12:29:12 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 12:28:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 12:28:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 12:28:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 16:37:55 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/17 11:16:12 | 000,372,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/16 15:08:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:06:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Documents\TFC.exe
[2011/05/16 11:55:56 | 000,053,025 | ---- | M] () -- C:\Users\Jan\Desktop\Fiche Keuzevak Genetica-2010-2011x.pdf
[2011/05/15 23:02:08 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2011/05/15 18:17:36 | 000,040,448 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 14:53:03 | 003,759,228 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/05/15 14:53:02 | 001,543,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 14:53:02 | 001,172,430 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/05/15 14:53:02 | 001,013,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 13:49:41 | 000,709,456 | ---- | M] () -- C:\Windows\is-737OU.exe
[2011/04/29 13:49:41 | 000,011,793 | ---- | M] () -- C:\Windows\is-737OU.msg
[2011/04/29 13:49:41 | 000,000,361 | ---- | M] () -- C:\Windows\is-737OU.lst
[2011/04/29 13:25:25 | 000,001,958 | ---- | M] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/25 23:33:51 | 004,718,592 | ---- | M] () -- C:\Users\Jan\ntuser.bak
[2011/04/22 14:58:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/22 14:58:48 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/22 14:58:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/22 14:58:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2011/05/16 11:56:44 | 000,053,025 | ---- | C] () -- C:\Users\Jan\Desktop\Fiche Keuzevak Genetica-2010-2011x.pdf
[2011/04/29 13:49:41 | 000,709,456 | ---- | C] () -- C:\Windows\is-737OU.exe
[2011/04/29 13:49:41 | 000,011,793 | ---- | C] () -- C:\Windows\is-737OU.msg
[2011/04/29 13:49:41 | 000,000,361 | ---- | C] () -- C:\Windows\is-737OU.lst
[2011/02/14 11:13:17 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/14 11:13:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/14 11:13:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/14 11:13:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/14 11:13:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/14 11:13:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/14 11:13:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/14 11:13:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/14 11:13:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/14 11:13:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/14 11:13:17 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/14 11:13:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/14 11:13:17 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/14 11:13:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/14 11:13:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/10 22:31:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/19 14:27:28 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2009/10/22 15:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 15:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/03 03:41:28 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/28 23:25:14 | 000,008,944 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2008/10/05 17:40:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/05 17:40:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/08/09 12:35:36 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/08/09 12:35:36 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/08/09 12:35:36 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/08/09 12:35:35 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008/08/09 12:35:35 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/08/09 12:35:07 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/09 12:35:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008/08/09 08:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/07 19:33:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 19:36:45 | 000,024,064 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\UserTile.png
[2008/07/30 21:08:22 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2008/07/30 21:08:20 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2008/07/30 20:59:47 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/07/30 14:57:23 | 000,040,448 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/17 05:21:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,372,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 001,543,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 001,013,504 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/11 23:09:52 | 003,759,228 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/03/11 23:09:52 | 001,172,430 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/03/11 23:09:52 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/03/11 23:09:52 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/03/11 16:04:10 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2006/03/11 16:02:03 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\udfpt.sys

========== LOP Check ==========

[2008/12/01 21:19:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\aAvgApi
[2009/06/18 23:00:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\HLSW
[2008/08/09 08:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Packard Bell
[2008/08/02 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PeerNetworking
[2011/04/26 15:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2010/01/05 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Ubisoft
[2011/05/18 03:12:56 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/18 12:30:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Uitgebreide garantie.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E

< End of report >

OTL Extras logfile created on: 18/05/2011 12:35:05 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = c:\users\Jan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): v:\pagefile.sys 3000 4048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,58 Gb Total Space | 4,81 Gb Free Space | 10,78% Space Free | Partition Type: NTFS
Drive D: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 86,68 Gb Total Space | 13,63 Gb Free Space | 15,72% Space Free | Partition Type: NTFS
Drive G: | 87,62 Gb Total Space | 71,77 Gb Free Space | 81,92% Space Free | Partition Type: NTFS
Drive V: | 4,00 Gb Total Space | 0,73 Gb Free Space | 18,23% Space Free | Partition Type: NTFS

Computer Name: JAN | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2283DC47-7C93-438E-BD6E-311BDE4F333E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F72E490-F7A2-43C3-BD54-B4381EAAE647}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4571A37B-1DF6-4A1C-94EA-9D23986BDAF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45EE5F05-04B5-4C3E-8132-E2BE7694B513}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C806EE3-D33E-4F47-A282-756D0E5305D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A1FFC00-0406-4392-AC5E-9C0283EF36D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{636AF814-1077-41D3-8BF8-14452A29B031}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70C2E308-D8B3-4350-9EDF-7456228CE1D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADC4EA75-0F44-41BA-9FDD-D0FD2AF44D15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA755056-7C7D-4E56-9757-56330F49D8BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5D18FF3-0660-4884-86A9-5FCE5108E426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DBBA22AD-C392-4097-A9D7-434E55AD53D9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD90FF-AF1B-4187-82F8-14731C2285DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11A66862-513F-48A5-AC1A-0066FBBC36A3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{18DE6B5C-D410-4024-931D-9A49C88B7C33}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{1AE43908-D7D7-4F14-88C6-2CD232C7B182}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E28A23F-2EAB-4017-A93F-88438CEC2B44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F627D4C-936A-4924-903F-30F862FAFE87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32AF65A4-39F0-4659-9918-65DCBC57D132}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36F72A59-E801-4C9B-9D43-B608643468A2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{45BFA105-BF8E-48FD-97FB-9FD5EAF24EBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47D92C52-3979-44B9-8B0C-DBE713A8A209}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{53F1622F-8469-47CF-BC85-9ADBDEC5C849}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{6622AEA1-7DD3-4F35-9A1C-515F42DC7BF2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{7D80230F-1292-4545-A091-D2A27E306555}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DB480EA-9EAF-4DC6-8E70-89EA9C5D2B38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83E1B189-5442-41A2-9500-08CCE6868CEA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{848EC5F0-4641-43A4-9F43-8B476DFBE062}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A7FD2AC-E5C6-4038-84C2-CED2D68427F4}" = protocol=6 | dir=out | app=system |
"{A05002BC-70B7-476C-8CFE-142ED80A804E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0D0BD28-1808-4C8D-A9A6-2F8CFE50D18F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB38AEEB-E360-441E-997F-3402D3810C42}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C2802744-B07E-4F2F-AB3A-EBF025F1D0BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB03D1CD-57EB-4EAB-A170-8BE4155B84C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC90F9C4-0415-4FF1-A2DB-C72728D006CA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{DD2E4412-1B6D-4190-93DD-7990A892C9B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE5E617A-E3C8-4C59-A9D0-76A968F1B277}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED1D0FBE-A078-4E63-9ABE-842C71AB048C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FE515412-E1F1-499A-A403-46EA662BC5AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0AD62A9D-C010-40A3-A3A7-E0C3A4B6299E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1FA0B4F6-08DA-4089-A64D-45DBFA89F903}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=6 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"TCP Query User{291A7F9B-BE6F-4467-A330-4F905E87CFF0}E:\hslw\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"TCP Query User{2ED3A543-55FD-4CF0-B900-4A76890418B6}E:\my games\dune\dune2000.dat" = protocol=6 | dir=in | app=e:\my games\dune\dune2000.dat |
"TCP Query User{434CE8CA-6544-470B-A914-DFBDC21D7431}E:\hslw\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"TCP Query User{546192A3-68B4-407A-8915-A6364487258E}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{554FE01D-89B6-4936-BAE4-F801AFE6AFFF}E:\my games\dune\dune2000.dat" = protocol=6 | dir=in | app=e:\my games\dune\dune2000.dat |
"TCP Query User{7AF80DC3-2FAB-471D-91F7-652F0BC6E3D3}E:\limewire\limewire.exe" = protocol=6 | dir=in | app=e:\limewire\limewire.exe |
"TCP Query User{94C4B8DB-68C1-4BA6-ABEB-323B3CD55A96}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{9A01AFFC-9226-4A25-A025-77531D0F6CF0}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=6 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"TCP Query User{A6018EAC-8D70-4BE9-9FE4-08DE6CEC7630}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{B4F977E3-1249-41AB-9054-235D15098CDE}E:\limewire\limewire.exe" = protocol=6 | dir=in | app=e:\limewire\limewire.exe |
"TCP Query User{D0B51666-C0BC-4F70-9445-E91B608DB95B}E:\my games\doom 2\chocolate-server.exe" = protocol=6 | dir=in | app=e:\my games\doom 2\chocolate-server.exe |
"TCP Query User{FB4806EB-049B-49F2-B201-FC51C6836B30}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2643EDF2-8E64-4E70-8F81-5BEA1D99F052}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{50B2776E-28EC-4CC5-A611-D74831FD0060}E:\limewire\limewire.exe" = protocol=17 | dir=in | app=e:\limewire\limewire.exe |
"UDP Query User{5D88F0C4-6CBE-4DFC-85BE-708B8057640A}E:\hslw\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"UDP Query User{7CEF09F8-8EB7-4469-83AF-FED747914542}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{84F090B7-8A88-4AFC-9057-178C4E72F2C6}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{985AF116-31C3-400E-A3DE-FCC3D79817D9}E:\my games\dune\dune2000.dat" = protocol=17 | dir=in | app=e:\my games\dune\dune2000.dat |
"UDP Query User{B58A5926-2033-4B20-A3A3-8961E465F00B}E:\my games\dune\dune2000.dat" = protocol=17 | dir=in | app=e:\my games\dune\dune2000.dat |
"UDP Query User{C87B2AAD-6ABE-4C15-A850-48CFAC22B3A8}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{CD3A0976-6B4A-4ACE-8C6D-8A59FBB95D3A}C:\users\jan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{DA286B88-5AD4-49B7-88D3-736BFC0CB254}E:\my games\doom 2\chocolate-server.exe" = protocol=17 | dir=in | app=e:\my games\doom 2\chocolate-server.exe |
"UDP Query User{ED25AA6C-6B9C-44F1-9A15-A513E8F3D036}E:\hslw\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\hslw\hlsw\hlsw.exe |
"UDP Query User{FAB69108-A448-4D31-8A47-E5F545343928}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=17 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"UDP Query User{FEB30829-EC22-4028-ADB6-38F8C6A2CD0E}E:\ex-e_schijf\soulseek\slsk.exe" = protocol=17 | dir=in | app=e:\ex-e_schijf\soulseek\slsk.exe |
"UDP Query User{FF9EBC2F-193A-46A2-953D-FEAF620600CF}E:\limewire\limewire.exe" = protocol=17 | dir=in | app=e:\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AED1A5D-2D97-4BDB-BDA3-B759673F32A1}" = Brother HL-2030
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6372DAC4-7E35-48A6-B216-79415ACD34B3}" = HDRegBENL
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A82000000003}" = Adobe Reader 8.2.6 - Nederlands
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = Hercules WiFi Station
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2ADF4484850200A062B66ED19240994480D85943" = Windows-stuurprogrammapakket - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"blueray" = Arcsoft TotalMedia Extreme
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON S21 Series" = Printer EPSON S21 Series verwijderen
"Epson Stylus S21_T21_T27 Gebruikershandleiding" = Epson Stylus S21_T21_T27 Handboek
"ERUNT_is1" = ERUNT 1.1j
"Flashplayer" = Flash Player 9 Internet Explorer
"Google Chrome" = Google Chrome
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GOOGLETOOLBAR" = Google Toolbar
"Guild Wars" = Guild Wars
"HDMI_AudioSwitch" = HDMI Audio Switch
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.2.1.2
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"SETUPMYPC_NL" = SetUp My PC
"Shockwave" = Shockwave player 10
"SKYPE" = Skype 3.5.2.239
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Updator" = Packard Bell Updator
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/12/2010 18:03:26 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 20/12/2010 18:03:26 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

Error - 21/12/2010 17:08:12 | Computer Name = JAN | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection-controlepunt heeft een fout aangetroffen
en kan niet worden gestart. Gebruiker: JAN\Jan Controlepunt-id: 57 Foutcode: 0x80070005

Foutbeschrijving:
Toegang geweigerd.

Error - 21/12/2010 17:14:42 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 21/12/2010 17:14:44 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 21/12/2010 17:14:44 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

Error - 22/12/2010 8:40:39 | Computer Name = JAN | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection-controlepunt heeft een fout aangetroffen
en kan niet worden gestart. Gebruiker: JAN\Jan Controlepunt-id: 57 Foutcode: 0x80070005

Foutbeschrijving:
Toegang geweigerd.

Error - 22/12/2010 8:44:30 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 22/12/2010 8:44:31 | Computer Name = JAN | Source = LoadPerf | ID = 3012
Description =

Error - 22/12/2010 8:44:31 | Computer Name = JAN | Source = LoadPerf | ID = 3011
Description =

[ OSession Events ]
Error - 17/04/2009 8:06:58 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 500
seconds with 120 seconds of active time. This session ended with a crash.

Error - 15/03/2011 11:55:15 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/05/2011 5:40:58 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/05/2011 5:41:09 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/05/2011 6:11:34 | Computer Name = JAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/05/2011 5:00:58 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 5:00:58 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 5:00:58 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 5:01:56 | Computer Name = JAN | Source = Service Control Manager | ID = 7000
Description =

Error - 18/05/2011 6:28:23 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 6:28:23 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 6:28:23 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 6:28:23 | Computer Name = JAN | Source = TPM | ID = 393229
Description = Het apparaatstuurprogramma voor de TPM (Trusted Platform Module) heeft
een onherstelbare fout in de TPM-hardware aangetroffen, waardoor er geen TPM-services
(zoals gegevenscodering) kunnen worden gebruikt. Neem voor aanvullende ondersteuning
contact op met de computerfabrikant.

Error - 18/05/2011 6:28:39 | Computer Name = JAN | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 12:24:05 op 18/05/2011 is
onverwacht gebeurd.

Error - 18/05/2011 6:29:22 | Computer Name = JAN | Source = Service Control Manager | ID = 7000
Description =


< End of report >

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 11:05:56
-----------------------------
11:05:56.647 OS Version: Windows 6.0.6002 Service Pack 2
11:05:56.647 Number of processors: 2 586 0xF0D
11:05:56.648 ComputerName: JAN UserName: Jan
11:06:30.899 Initialize success
11:06:47.705 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:06:47.707 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
11:06:47.719 Disk 0 MBR read successfully
11:06:47.721 Disk 0 MBR scan
11:06:47.724 Disk 0 unknown MBR code
11:06:47.728 Disk 0 scanning sectors +488394752
11:06:47.758 Disk 0 scanning C:\Windows\system32\drivers
11:06:55.158 Service scanning
11:06:56.449 Disk 0 trace - called modules:
11:06:56.499 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85cf81e8]<<
11:06:56.502 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869818c8]
11:06:56.506 3 CLASSPNP.SYS[8afa58b3] -> nt!IofCallDriver -> [0x85e0f860]
11:06:56.510 5 acpi.sys[807aa6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85db1030]
11:06:56.513 \Driver\iaStor[0x85d8a278] -> IRP_MJ_CREATE -> 0x85cf81e8
11:06:56.848 Scan finished successfully
11:07:32.501 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
11:07:32.507 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do not use Limewire and Soulseek, while we are working to clean your computer as P2P programs are known to bring malware to computer.

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    DRV - [2008/08/09 08:41:52 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Please re-run aswMBR.exe.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

Please don't forget to copy and paste custom scan script below!

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • aswMBR log
  • OTL scan log

  • 0

#5
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
so far so good i hope, limewire and soulseek are both uninstalled but didn't use those in over a year anyway.

All processes killed
========== OTL ==========
Error: Unable to stop service sptd!
Unable to delete service\driver key sptd.
C:\Windows\System32\drivers\sptd.sys moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21151158 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 31457838 bytes
->Flash cache emptied: 2711520 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13738 bytes
RecycleBin emptied: 3021 bytes

Total Files Cleaned = 53,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 05192011_175826


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 18:06:45
-----------------------------
18:06:45.485 OS Version: Windows 6.0.6002 Service Pack 2
18:06:45.486 Number of processors: 2 586 0xF0D
18:06:45.487 ComputerName: JAN UserName: Jan
18:06:46.797 Initialize success
18:07:04.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:07:04.173 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
18:07:04.188 Disk 0 MBR read successfully
18:07:04.190 Disk 0 MBR scan
18:07:04.193 Disk 0 unknown MBR code
18:07:04.197 Disk 0 scanning sectors +488394752
18:07:04.255 Disk 0 scanning C:\Windows\system32\drivers
18:07:12.303 Service scanning
18:07:13.605 Disk 0 trace - called modules:
18:07:13.609
18:07:13.612 Scan finished successfully
18:07:43.248 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
18:07:43.249 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"

OTL logfile created on: 19/05/2011 18:11:05 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = c:\users\Jan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): v:\pagefile.sys 3000 4048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,58 Gb Total Space | 4,92 Gb Free Space | 11,04% Space Free | Partition Type: NTFS
Drive D: | 7,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 86,68 Gb Total Space | 8,23 Gb Free Space | 9,49% Space Free | Partition Type: NTFS
Drive G: | 87,62 Gb Total Space | 71,75 Gb Free Space | 81,89% Space Free | Partition Type: NTFS
Drive V: | 4,00 Gb Total Space | 0,72 Gb Free Space | 17,99% Space Free | Partition Type: NTFS

Computer Name: JAN | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 11:05:35 | 000,589,632 | ---- | M] (AVAST Software) -- c:\Users\Jan\Downloads\aswMBR.exe
PRC - [2011/05/16 15:08:41 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/27 12:40:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/26 15:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\users\Jan\Downloads\OTL.exe
PRC - [2011/03/16 13:38:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 16:16:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/17 10:07:30 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
PRC - [2007/06/11 10:25:40 | 000,098,304 | ---- | M] (Hercules) -- C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/04/26 15:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\users\Jan\Downloads\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/27 12:40:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/03/16 13:38:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 13:38:16 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 19:02:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/07/31 15:20:24 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Stuurprogramma voor Intel®
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 05:34:00 | 008,240,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 09:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/26 05:16:50 | 000,072,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/09/14 11:43:52 | 000,038,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\udfpt.sys -- (udfpt)
DRV - [2007/07/12 14:34:26 | 000,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/31 17:01:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/08 14:38:30 | 000,046,592 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2006/11/02 10:27:23 | 000,010,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cxavsaud_IBV32.sys -- (CXAVSAUD)
DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/03/12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (rt2500usb) DWL-G122(rev.B)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packar...e=8&key=IESTART
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718


[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2009/05/02 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\[email protected]
[2008/08/09 08:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\48cvaga5.default\extensions
[2008/12/27 23:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/11 15:58:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/05/19 17:59:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1783622925-2638716330-3058166797-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-737OU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1555766148164 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1555766323447 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game05.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.40.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e65b6ca-5e33-11dd-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 17:58:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Media Player Classic
[2011/05/16 15:08:41 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:06:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Documents\TFC.exe
[2011/05/15 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apps
[2011/05/09 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe
[2011/04/27 15:14:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 15:14:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 15:14:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2011/04/26 14:59:29 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/04/26 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/04/26 00:20:31 | 000,000,000 | ---D | C] -- C:\Temp
[2011/04/22 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2011/04/22 14:59:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/22 14:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/22 14:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/22 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2011/05/19 18:07:43 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat
[2011/05/19 18:02:10 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2011/05/19 18:01:10 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 18:01:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 18:01:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 18:01:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 17:59:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/19 17:37:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 17:29:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Uitgebreide garantie.job
[2011/05/19 08:52:08 | 003,774,818 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/05/19 08:52:08 | 001,548,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/19 08:52:08 | 001,177,718 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/05/19 08:52:08 | 001,018,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/17 16:37:55 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/17 11:16:12 | 000,372,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/16 15:08:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:06:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Documents\TFC.exe
[2011/05/16 11:55:56 | 000,053,025 | ---- | M] () -- C:\Users\Jan\Desktop\Fiche Keuzevak Genetica-2010-2011x.pdf
[2011/05/15 23:02:08 | 000,048,825 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2011/05/15 18:17:36 | 000,040,448 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 13:49:41 | 000,709,456 | ---- | M] () -- C:\Windows\is-737OU.exe
[2011/04/29 13:49:41 | 000,011,793 | ---- | M] () -- C:\Windows\is-737OU.msg
[2011/04/29 13:49:41 | 000,000,361 | ---- | M] () -- C:\Windows\is-737OU.lst
[2011/04/29 13:25:25 | 000,001,958 | ---- | M] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/25 23:33:51 | 004,718,592 | ---- | M] () -- C:\Users\Jan\ntuser.bak
[2011/04/22 14:58:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/22 14:58:48 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/22 14:58:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/22 14:58:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2011/05/19 11:07:32 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat
[2011/05/16 11:56:44 | 000,053,025 | ---- | C] () -- C:\Users\Jan\Desktop\Fiche Keuzevak Genetica-2010-2011x.pdf
[2011/04/29 13:49:41 | 000,709,456 | ---- | C] () -- C:\Windows\is-737OU.exe
[2011/04/29 13:49:41 | 000,011,793 | ---- | C] () -- C:\Windows\is-737OU.msg
[2011/04/29 13:49:41 | 000,000,361 | ---- | C] () -- C:\Windows\is-737OU.lst
[2011/02/14 11:13:17 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/14 11:13:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/14 11:13:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/14 11:13:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/14 11:13:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/14 11:13:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/14 11:13:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/14 11:13:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/14 11:13:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/14 11:13:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/14 11:13:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/14 11:13:17 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/14 11:13:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/14 11:13:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/14 11:13:17 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/14 11:13:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/14 11:13:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/10 22:31:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/19 14:27:28 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2009/10/22 15:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 15:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/03 03:41:28 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/28 23:25:14 | 000,008,944 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2008/10/05 17:40:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/05 17:40:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/08/09 12:35:36 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/08/09 12:35:36 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/08/09 12:35:36 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/08/09 12:35:35 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008/08/09 12:35:35 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/08/09 12:35:07 | 000,000,441 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/09 12:35:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008/08/09 08:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/07 19:33:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/02 19:36:45 | 000,024,064 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\UserTile.png
[2008/07/30 21:08:22 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.001
[2008/07/30 21:08:20 | 000,048,825 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\nvModes.dat
[2008/07/30 20:59:47 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/07/30 14:57:23 | 000,040,448 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/17 05:21:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,372,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 001,548,336 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 001,018,202 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/11 23:09:52 | 003,774,818 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2006/03/11 23:09:52 | 001,177,718 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2006/03/11 23:09:52 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2006/03/11 23:09:52 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2006/03/11 16:04:10 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2006/03/11 16:02:03 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\udfpt.sys

========== LOP Check ==========

[2008/12/01 21:19:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\aAvgApi
[2009/06/18 23:00:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\HLSW
[2008/08/09 08:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Packard Bell
[2008/08/02 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PeerNetworking
[2011/04/26 15:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Reviversoft
[2010/01/05 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Ubisoft
[2011/05/19 17:59:45 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/19 17:29:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Uitgebreide garantie.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2006/03/11 23:49:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2006/03/11 23:49:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /shklm\software\clients\startmenuinternet|command /rs >
Invalid Switch: shklm\software\clients\startmenuinternet|command


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E

< End of report >
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • On your desktop should be a file MBR.dat.
  • Please rename that file from MBR.dat to MBR.txt and attach it in your next reply.

How to add an attachment to a new topic or reply
  • 0

#7
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
accidentally deleted that file, how do i get it again?
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Just repeat step 2 in my post #4 here please. :)
  • 0

#9
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
there you go

Attached Files

  • Attached File  MBR.txt   512bytes   187 downloads

  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please post also that latest aswMBR log.
  • 0

Advertisements


#11
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
that should be this one

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-19 19:42:37
-----------------------------
19:42:37.660 OS Version: Windows 6.0.6002 Service Pack 2
19:42:37.660 Number of processors: 2 586 0xF0D
19:42:37.661 ComputerName: JAN UserName: Jan
19:42:38.933 Initialize success
19:42:55.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:42:55.186 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
19:42:55.215 Disk 0 MBR read successfully
19:42:55.217 Disk 0 MBR scan
19:42:55.220 Disk 0 unknown MBR code
19:42:55.224 Disk 0 scanning sectors +488394752
19:42:55.254 Disk 0 scanning C:\Windows\system32\drivers
19:43:01.080 Service scanning
19:43:02.370 Disk 0 trace - called modules:
19:43:02.420
19:43:02.423 Scan finished successfully
19:43:19.826 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
19:43:19.827 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Strange log. Try this now:

  • Please re-run aswMBR.exe.
  • Click Scan.
  • On completion of the scan click the Fix button and if that is not available click the FixMBR button.

    Posted Image
  • Save the log as before and post in your next reply.

  • 0

#13
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here it is, had another crash this morning too

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-20 12:58:01
-----------------------------
12:58:01.562 OS Version: Windows 6.0.6002 Service Pack 2
12:58:01.562 Number of processors: 2 586 0xF0D
12:58:01.563 ComputerName: JAN UserName: Jan
12:58:02.443 Initialize success
12:58:11.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:58:11.989 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
12:58:12.001 Disk 0 MBR read successfully
12:58:12.004 Disk 0 MBR scan
12:58:12.006 Disk 0 unknown MBR code
12:58:12.010 Disk 0 scanning sectors +488394752
12:58:12.040 Disk 0 scanning C:\Windows\system32\drivers
12:58:19.237 Service scanning
12:58:20.524 Disk 0 trace - called modules:
12:58:20.570 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:58:20.574 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e91ac8]
12:58:20.578 3 CLASSPNP.SYS[8aba48b3] -> nt!IofCallDriver -> [0x85d2a710]
12:58:20.581 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d23030]
12:58:20.585 Scan finished successfully
12:59:37.259 Disk 0 Windows 600 MBR fixed successfully
12:59:55.376 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
12:59:55.394 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. What button did you pressed when you've run aswMBR?

Now do the following:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply
  • 0

#15
wargoat

wargoat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
i ran aswMBR.exe as administrator, then scan and then fixMBR because fix was not available, just like the instructions said. At least i think fix was not available, maybe i just pressed fixMBR because it showed like that on the printscreen...

And the problem with a virusscan is my laptop always crashes during the scan. Last time i got 16% completed and then it crashed. Suggestions?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP