Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redricting virus, and also a HiJackThis blocker


  • This topic is locked This topic is locked

#1
Boke12

Boke12

    New Member

  • Member
  • Pip
  • 2 posts
HELP ME,
Windows xp home,
Ask somting to do,
But if i open HiJackThis i got this: http://i.imgur.com/ScMOp.png
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi try this programme and let me know if it works - also what problems are you having ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Boke12

Boke12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
The files are attacht (MIRROR #1 at {My Mirror Website)https://sites.google...wwwgeekstogocom

OTL logfile created on: 8/11/2011 18:01:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\peggy van soom\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

758,42 Mb Total Physical Memory | 283,26 Mb Available Physical Memory | 37,35% Memory free
1,06 Gb Paging File | 0,42 Gb Available in Paging File | 39,57% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23,45 Gb Total Space | 0,48 Gb Free Space | 2,05% Space Free | Partition Type: NTFS

Computer Name: PEGGY | User Name: peggy van soom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\499399845:1522744290.exe
PRC - [2011/11/08 17:51:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peggy van soom\My Documents\Downloads\OTL.scr
PRC - [2011/10/28 16:32:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\bin\jqs.exe
PRC - [2011/10/27 03:35:24 | 002,920,517 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2011/10/26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/25 20:27:35 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/12 19:53:46 | 000,499,712 | ---- | M] (iDeskSoft) -- C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
PRC - [2011/09/20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/02/23 14:17:16 | 000,355,840 | ---- | M] () -- C:\Program Files\Magicboss\mgboss.exe
PRC - [2010/06/14 13:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2009/05/13 15:48:22 | 000,109,568 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/17 15:10:34 | 000,421,888 | ---- | M] () -- C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
PRC - [2004/08/18 11:30:00 | 000,708,608 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2004/08/18 11:30:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/08/18 11:30:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/08/07 03:26:28 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/07/16 05:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/03/19 20:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2003/07/12 02:19:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/12/10 01:33:39 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/01/10 23:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/27 18:11:12 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/10/26 09:10:46 | 000,420,920 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 09:10:45 | 003,702,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 09:09:09 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 09:09:07 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 09:09:06 | 001,745,992 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/12 19:33:04 | 000,131,072 | ---- | M] () -- C:\Program Files\Desktop Icon Toy\HookManager.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/02/23 14:17:16 | 000,355,840 | ---- | M] () -- C:\Program Files\Magicboss\mgboss.exe
MOD - [2010/07/01 21:52:04 | 001,496,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2010/07/01 21:51:46 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
MOD - [2010/07/01 21:51:24 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
MOD - [2010/06/14 13:16:36 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/01/28 15:03:49 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/17 15:10:34 | 000,421,888 | ---- | M] () -- C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
MOD - [2005/09/27 10:58:08 | 000,069,632 | ---- | M] () -- C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\iface.dll
MOD - [2005/07/18 17:42:02 | 000,294,912 | ---- | M] () -- C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\res.dll
MOD - [2004/08/12 03:04:28 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2004/08/12 03:04:22 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\TrayRes.dll
MOD - [2004/08/07 03:26:28 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
MOD - [2004/07/29 09:37:00 | 000,395,776 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL
MOD - [2004/07/16 05:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2004/05/28 23:33:10 | 000,225,280 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2004/03/19 20:12:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
MOD - [2003/11/13 11:12:00 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\tp4uires.dll
MOD - [2003/07/12 02:19:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2003/07/04 07:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/05 18:54:17 | 000,186,880 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/05 00:47:46 | 000,067,024 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/28 16:32:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2009/05/13 15:48:22 | 000,109,568 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2004/11/03 00:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/08/18 11:30:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/03/19 21:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2003/07/12 02:19:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003/04/04 13:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/10/31 18:12:26 | 000,004,474 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\GATHER.KM -- (EGATHDRV)
DRV - [2011/10/13 18:09:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/03 15:14:05 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/08/16 17:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/08/19 11:26:06 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs_x32.sys -- (CbFs)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006/03/25 03:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005/11/16 04:16:20 | 000,357,632 | R--- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2862WICB.sys -- (SMC2862W)
DRV - [2005/02/27 19:55:02 | 000,013,312 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004/09/24 01:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/08/18 11:30:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004/08/18 11:30:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004/08/18 11:30:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004/08/04 06:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/29 09:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/29 09:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004/07/29 09:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/07/22 23:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/07/22 23:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/07/22 23:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/07/15 10:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2003/04/04 14:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2001/11/01 11:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/10/27 18:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Java\lib\deploy\jqs\ff [2011/10/28 16:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/07 20:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 22:49:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/27 18:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/05 17:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla\Extensions
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla\Extensions\[email protected]
[2011/11/07 18:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla\Firefox\Profiles\9o5n780j.default\extensions
[2011/11/05 19:11:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla\Firefox\Profiles\9o5n780j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/05 20:44:28 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla\Firefox\Profiles\9o5n780j.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2011/11/07 18:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/28 16:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/27 18:13:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2011/10/28 16:32:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\JAVA\LIB\DEPLOY\JQS\FF
[2011/10/28 16:32:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java™ Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: AdBlock = C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Ghostery = C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\2.4.0_0\

O1 HOSTS File: ([2001/08/18 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006..\Run: [ftweak_RAMRush] C:\Program Files\RAMRush\RAMRush.exe ()
O4 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006..\Run: [Magic Boss Key] C:\Program Files\Magicboss\mgboss.exe ()
O4 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://phaedralebegg...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...all-141-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E1D1EBD-8DB7-4642-B3BC-21A089AF100B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3623483655-3005599577-2715354904-1006 Winlogon: Shell - (C:\Documents and Settings\peggy van soom\Local Settings\Application Data\a53cc41d\X) -C:\Documents and Settings\peggy van soom\Local Settings\Application Data\a53cc41d\X ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/20 13:57:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4851e5b0-a13d-11df-a2ee-000ae42e33a4}\Shell - "" = AutoRun
O33 - MountPoints2\{4851e5b0-a13d-11df-a2ee-000ae42e33a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4851e5b0-a13d-11df-a2ee-000ae42e33a4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ba811a16-e91e-11dd-a14a-000ae42e33a4}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 17:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PearlMountainSoft
[2011/11/08 17:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PearlMountainSoft
[2011/11/08 17:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CollageIt
[2011/11/08 17:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\PearlMountainSoft
[2011/11/08 17:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\CollageIt
[2011/11/07 20:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2011/11/07 20:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/11/07 20:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/11/07 20:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/07 20:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/07 17:30:21 | 006,536,192 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450_x64.dll
[2011/11/07 17:29:25 | 002,335,880 | ---- | C] (ORPALIS for http://www.gdpicture.com) -- C:\WINDOWS\System32\gdpdfplug.dll
[2011/11/07 17:29:25 | 001,262,216 | ---- | C] (gdpicture.com) -- C:\WINDOWS\System32\GdViewerpro4.ocx
[2011/11/07 17:29:24 | 004,835,328 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2011/11/07 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\soft602
[2011/11/07 17:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\602Installer
[2011/11/07 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Software602
[2011/11/07 17:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\InstallShield
[2011/11/06 11:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC To MP3
[2011/11/06 11:16:22 | 000,000,000 | ---D | C] -- C:\FLAC To MP3
[2011/11/05 22:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/05 22:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/05 22:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/05 22:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/05 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Souptoys
[2011/11/05 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Souptoys
[2011/11/05 21:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Playsets
[2011/11/05 21:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Souptoys
[2011/11/05 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Souptoys2
[2011/11/05 21:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Souptoys
[2011/11/05 20:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2011/11/05 19:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Remote Computer Manager
[2011/11/05 19:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Remote Computer Manager
[2011/11/05 17:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Icon Toy
[2011/11/05 17:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Icon Toy
[2011/11/05 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Mozilla
[2011/11/05 00:47:42 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/11/05 00:47:42 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/11/05 00:47:42 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/11/05 00:47:42 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/11/05 00:47:40 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/11/05 00:47:40 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/11/05 00:47:40 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/11/05 00:47:40 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/11/05 00:47:40 | 000,103,888 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/11/05 00:47:40 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/11/05 00:47:40 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/11/05 00:47:40 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/10/31 17:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/31 17:42:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\a53cc41d
[2011/10/31 17:39:58 | 000,000,000 | ---D | C] -- C:\Test
[2011/10/31 17:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paintslate
[2011/10/31 17:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bendigo Design
[2011/10/31 17:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Software Informer
[2011/10/31 17:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software Informer
[2011/10/31 17:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2011/10/31 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Painslate
[2011/10/29 10:05:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\peggy van soom\Recent
[2011/10/28 17:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\SimilarImages
[2011/10/28 17:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\RSBot
[2011/10/28 17:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\jagexcache
[2011/10/28 16:31:30 | 000,000,000 | ---D | C] -- C:\Java
[2011/10/27 19:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\GetRightToGo
[2011/10/27 18:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/27 18:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/10/27 18:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\My Google Gadgets
[2011/10/27 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google
[2011/10/27 17:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/10/27 17:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Rightload
[2011/10/27 17:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rightload
[2011/10/27 17:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rightload
[2011/10/27 17:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Gholam_Inc
[2011/10/27 17:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\JottiQ
[2011/10/27 16:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Gholam_Inc
[2011/10/26 21:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2011/10/26 21:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JottiQ
[2011/10/26 21:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\JottiQ
[2011/10/26 19:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\PeaZip
[2011/10/26 19:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeaZip
[2011/10/26 19:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2011/10/26 18:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TCPmonitor
[2011/10/26 18:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Autorun
[2011/10/26 18:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Process Eye
[2011/10/26 18:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IP Locator
[2011/10/26 18:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\TCPEye
[2011/10/26 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Wipe
[2011/10/26 18:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malware Eraser
[2011/10/26 17:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Mesa_Dynamics,_LLC
[2011/10/26 17:35:55 | 000,000,000 | ---D | C] -- C:\MSNCleaner
[2011/10/26 14:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic Boss Key
[2011/10/26 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Magicboss
[2011/10/25 19:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\PE Explorer
[2011/10/25 18:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\FTWeak
[2011/10/25 18:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RAMRush
[2011/10/25 18:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\RAMRush
[2011/10/25 18:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FTWeak
[2011/10/25 18:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FCleaner
[2011/10/25 18:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\FCleaner
[2011/10/25 17:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\RealWorld
[2011/10/25 17:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\Camstudio
[2011/10/25 16:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\TechSmith
[2011/10/25 16:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\Camtasia Studio
[2011/10/25 16:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/10/25 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/10/25 16:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/10/25 16:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/10/25 15:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\FK_Monitor
[2011/10/25 15:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\FK_Monitor
[2011/10/24 18:32:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2011/10/24 18:32:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2011/10/24 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2011/10/23 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Thunderbird
[2011/10/23 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Thunderbird
[2011/10/23 10:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1
[2011/10/23 10:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\Messenger Plus!
[2011/10/23 10:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Desktop\New Folder
[2011/10/23 10:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Elliott Kember
[2011/10/23 08:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Help
[2011/10/23 08:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Help
[2011/10/22 17:04:59 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/10/22 17:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Hide-IP
[2011/10/22 17:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Allmyapps
[2011/10/22 10:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/10/22 09:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/10/22 08:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/10/21 18:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/20 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/10/20 17:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/10/20 17:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011/10/19 18:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WZebra
[2011/10/19 18:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\WZebra1
[2011/10/19 16:10:22 | 000,000,000 | ---D | C] -- C:\VD
[2011/10/19 15:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Darwersi
[2011/10/19 15:27:08 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/10/19 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\WZebra
[2011/10/18 17:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImageShack Uploader
[2011/10/18 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ImageShack Uploader
[2011/10/17 18:07:06 | 000,077,824 | ---- | C] (JVSoftware) -- C:\WINDOWS\System32\nmapwin.exe
[2011/10/17 18:07:03 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\WINDOWS\System32\CCGNU32.dll
[2011/10/17 18:06:40 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2011/10/17 18:06:36 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2011/10/16 11:21:23 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/10/15 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/10/15 18:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2011/10/15 17:29:36 | 000,146,904 | ---- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\cbfs_x32.sys
[2011/10/15 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2011/10/15 15:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealWorld
[2011/10/15 15:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Photos
[2011/10/15 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Paint
[2011/10/15 13:04:08 | 000,000,000 | ---D | C] -- C:\USBBACKUPS
[2011/10/14 20:01:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Startup
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\Start Menu
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\SendTo
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\My Documents\My Videos
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\My Documents\My Pictures
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\My Documents\My Music
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\My Documents
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\Favorites
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\Application Data
[2011/10/14 20:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Accessories
[2011/10/14 20:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\UserData
[2011/10/14 20:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\PrivacIE
[2011/10/14 20:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\IETldCache
[2011/10/14 20:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\IECompatCache
[2011/10/14 20:01:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peggy van soom\Cookies
[2011/10/14 20:01:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\peggy van soom\Local Settings
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\WMTools Downloaded Files
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Windows Live Writer
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Windows Live Writer
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\U3
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Tracing
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\The Weather Channel
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Templates
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Temp
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Symantec
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\SupportSoft
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Sun
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Desktop\PSP
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\Proginfo
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\PrintHood
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\PQ DVD Software
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\PCHealth
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\NetHood
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\MSN6
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Mozilla
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Microsoft
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Macromedia
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\LimeWire
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\InterVideo
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Identities
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Identities
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\ICAClient
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\IBM
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Google
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Google
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\My Documents\Downloads
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Desktop\Downloaded
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Desktop
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Contacts
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\CCleaner
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\BVRP Software
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Desktop\Backup DVD
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\AVS4YOU
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\AVS4YOU
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\ApplicationHistory
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Apple_Inc
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Apple Computer
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Apple Computer
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Apple
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\AdobeUM
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\Adobe
[2011/10/14 20:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peggy van soom\Application Data\Adobe
[2011/10/13 16:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/10/13 16:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/10/11 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/11 18:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[8 C:\Documents and Settings\peggy van soom\My Documents\*.tmp files -> C:\Documents and Settings\peggy van soom\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 18:01:20 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C206872-1ACA-4F49-ABEC-EF0A5EB3CF78}.job
[2011/11/08 17:54:14 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CollageIt.lnk
[2011/11/08 17:43:49 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/11/08 17:39:23 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 17:39:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\499399845
[2011/11/08 17:39:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 17:39:10 | 795,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 20:33:01 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 19:49:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/07 19:47:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 19:38:40 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 18:09:21 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Software Informer.lnk
[2011/11/07 17:17:28 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\Give Away Of The Day.url
[2011/11/06 15:42:44 | 000,000,021 | ---- | M] () -- C:\WINDOWS\mgboss_win.ini
[2011/11/06 12:31:26 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_36526.nl_
[2011/11/06 11:16:44 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC To MP3.lnk
[2011/11/05 22:48:54 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/11/05 22:41:03 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/05 21:53:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/05 21:10:50 | 000,001,448 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Souptoys Playsets.lnk
[2011/11/05 21:10:49 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toybox.lnk
[2011/11/05 21:06:11 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\BinaryToys.exe
[2011/11/05 20:58:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 20:25:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2011/11/05 19:29:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Remote Computer Manager.lnk
[2011/11/05 17:51:42 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\Desktop Icon Toy.lnk
[2011/11/05 17:42:52 | 000,000,113 | ---- | M] () -- C:\WINDOWS\mgboss_reg.ini
[2011/11/05 00:47:42 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/11/05 00:47:42 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/11/05 00:47:42 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/11/05 00:47:42 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/11/05 00:47:40 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/11/05 00:47:40 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/11/05 00:47:40 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/11/05 00:47:40 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/11/05 00:47:40 | 000,103,888 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/11/05 00:47:40 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/11/05 00:47:40 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/11/05 00:47:40 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/11/02 17:16:39 | 000,000,559 | ---- | M] () -- C:\hpfr5550.xml
[2011/10/31 19:37:39 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/10/31 18:12:26 | 000,004,474 | ---- | M] () -- C:\WINDOWS\GATHER.KM
[2011/10/31 18:11:12 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/30 14:40:12 | 000,618,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 14:40:11 | 000,126,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/29 10:20:26 | 000,005,104 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed.png
[2011/10/28 17:46:46 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.SimImages
[2011/10/28 17:34:34 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\peggy van soom\random.dat
[2011/10/28 17:31:28 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\peggy van soom\jagex_cl_runescape_LIVE.dat
[2011/10/27 18:13:18 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/27 18:13:18 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/27 17:13:09 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Rightload.lnk
[2011/10/26 19:04:37 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\PeaZip.lnk
[2011/10/26 16:52:17 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/25 20:32:52 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/10/25 19:13:54 | 000,262,198 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\T.bmp
[2011/10/25 19:12:26 | 000,008,747 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\T.jpg
[2011/10/25 19:09:38 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\mseixml.sei
[2011/10/25 19:09:38 | 000,000,022 | ---- | M] () -- C:\WINDOWS\mseixml.sei
[2011/10/25 19:09:38 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\eisavedicon.bmp
[2011/10/25 18:14:43 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\RAMRush.lnk
[2011/10/25 18:14:33 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\FCleaner.lnk
[2011/10/25 17:44:42 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184440.reg
[2011/10/25 17:44:29 | 000,000,424 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184427.reg
[2011/10/25 17:44:11 | 000,234,936 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184405.reg
[2011/10/25 17:36:21 | 000,012,603 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed1.gif
[2011/10/25 17:34:02 | 000,012,603 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed.gif
[2011/10/24 18:36:15 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/24 18:36:13 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\Windows Media Player.lnk
[2011/10/22 18:30:17 | 000,000,891 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/10/22 17:12:06 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/10/22 17:12:06 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/10/22 08:50:54 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/10/19 15:30:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PROTOCOL.INI
[2011/10/18 19:36:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\notepad_ZFX.zip
[2011/10/18 19:35:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hh_ZFX.zip
[2011/10/14 20:01:25 | 001,410,680 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\install_flash_player.exe
[2011/10/14 20:01:25 | 001,216,489 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0040.jpg
[2011/10/14 20:01:25 | 001,124,894 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0039.jpg
[2011/10/14 20:01:25 | 000,959,418 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0037.jpg
[2011/10/14 20:01:25 | 000,721,256 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20091026_195723.reg
[2011/10/14 20:01:25 | 000,033,644 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20110419_121430.reg
[2011/10/14 20:01:25 | 000,005,893 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\Classic xp.Theme
[2011/10/14 20:01:25 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/14 20:01:25 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/14 20:01:25 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\Internet Explorer.lnk
[2011/10/14 20:01:25 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Desktop\AVS4YOU Software Navigator.lnk
[2011/10/14 20:01:25 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\Mijn Gedeelde mappen.lnk
[2011/10/14 20:01:25 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/14 20:01:25 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/10/14 20:01:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/10/14 20:01:25 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\peggy van soom\.plugin141.trace
[2011/10/14 20:01:25 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\Picasa.ini
[2011/10/14 20:01:25 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20110419_121831.reg
[2011/10/14 20:01:25 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\fusioncache.dat
[2011/10/14 20:01:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/13 18:43:52 | 000,000,801 | ---- | M] () -- C:\WINDOWS\CFX.INI
[2011/10/13 18:09:08 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/13 15:47:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/10/13 15:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/10/10 20:23:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/10/10 20:23:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[8 C:\Documents and Settings\peggy van soom\My Documents\*.tmp files -> C:\Documents and Settings\peggy van soom\My Documents\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 17:54:14 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CollageIt.lnk
[2011/11/07 21:11:14 | 000,130,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3623483655-3005599577-2715354904-1008-0.dat
[2011/11/07 20:05:29 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/11/07 19:47:33 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 19:39:37 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/07 18:09:21 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Software Informer.lnk
[2011/11/07 17:16:00 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\Give Away Of The Day.url
[2011/11/06 12:31:26 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_36526.nl_
[2011/11/06 11:16:44 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC To MP3.lnk
[2011/11/05 22:48:54 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/11/05 22:41:03 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/05 21:10:50 | 000,001,448 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Souptoys Playsets.lnk
[2011/11/05 21:10:49 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toybox.lnk
[2011/11/05 21:06:10 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\BinaryToys.exe
[2011/11/05 20:25:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011/11/05 19:29:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Remote Computer Manager.lnk
[2011/11/05 17:51:42 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\Desktop Icon Toy.lnk
[2011/10/31 18:12:26 | 000,004,474 | ---- | C] () -- C:\WINDOWS\GATHER.KM
[2011/10/31 17:42:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\499399845
[2011/10/30 14:34:46 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 17:46:46 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.SimImages
[2011/10/28 17:22:24 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\peggy van soom\jagex_cl_runescape_LIVE.dat
[2011/10/28 17:22:24 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\peggy van soom\random.dat
[2011/10/27 21:15:04 | 000,508,558 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3623483655-3005599577-2715354904-1006-0.dat
[2011/10/27 21:14:49 | 000,130,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/27 18:13:18 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/27 18:13:18 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/27 17:13:09 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Rightload.lnk
[2011/10/26 19:04:37 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\PeaZip.lnk
[2011/10/26 14:40:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\mgboss_reg.ini
[2011/10/26 14:40:08 | 000,000,021 | ---- | C] () -- C:\WINDOWS\mgboss_win.ini
[2011/10/25 20:32:52 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/10/25 19:13:54 | 000,262,198 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\T.bmp
[2011/10/25 19:12:26 | 000,008,747 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\T.jpg
[2011/10/25 19:09:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\mseixml.sei
[2011/10/25 19:09:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\mseixml.sei
[2011/10/25 19:09:38 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\eisavedicon.bmp
[2011/10/25 18:14:43 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\RAMRush.lnk
[2011/10/25 18:14:33 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\FCleaner.lnk
[2011/10/25 17:44:41 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184440.reg
[2011/10/25 17:44:28 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184427.reg
[2011/10/25 17:44:07 | 000,234,936 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20111025_184405.reg
[2011/10/25 17:36:21 | 000,012,603 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed1.gif
[2011/10/25 17:33:47 | 000,012,603 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed.gif
[2011/10/25 17:12:11 | 000,005,104 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\unnamed.png
[2011/10/23 19:38:05 | 000,080,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/22 17:11:24 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/10/22 17:11:24 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/10/22 10:18:15 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/10/22 09:49:02 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2011/10/22 08:50:54 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/10/22 08:50:53 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/19 15:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2011/10/18 19:36:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\notepad_ZFX.zip
[2011/10/18 19:35:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hh_ZFX.zip
[2011/10/17 18:07:05 | 000,809,345 | ---- | C] () -- C:\WINDOWS\System32\nmap-os-fingerprints
[2011/10/17 18:07:05 | 000,557,444 | ---- | C] () -- C:\WINDOWS\System32\nmap-service-probes
[2011/10/17 18:07:05 | 000,482,123 | ---- | C] () -- C:\WINDOWS\System32\nmapwin.chm
[2011/10/17 18:07:05 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2011/10/17 18:07:05 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2011/10/17 18:07:05 | 000,225,546 | ---- | C] () -- C:\WINDOWS\System32\nmap-mac-prefixes
[2011/10/17 18:07:05 | 000,192,007 | ---- | C] () -- C:\WINDOWS\System32\CHANGELOG
[2011/10/17 18:07:05 | 000,108,536 | ---- | C] () -- C:\WINDOWS\System32\nmap-services
[2011/10/17 18:07:05 | 000,025,611 | ---- | C] () -- C:\WINDOWS\System32\COPYING
[2011/10/17 18:07:05 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\nmap.xsl
[2011/10/17 18:07:05 | 000,017,955 | ---- | C] () -- C:\WINDOWS\System32\nmap-rpc
[2011/10/17 18:07:05 | 000,006,318 | ---- | C] () -- C:\WINDOWS\System32\nmap-protocols
[2011/10/17 18:07:05 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\nmap_performance.reg
[2011/10/17 18:06:35 | 000,010,348 | ---- | C] () -- C:\WINDOWS\System32\SubclassingSink.tlb
[2011/10/14 20:01:25 | 001,410,680 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\install_flash_player.exe
[2011/10/14 20:01:25 | 001,216,489 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0040.jpg
[2011/10/14 20:01:25 | 001,124,894 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0039.jpg
[2011/10/14 20:01:25 | 000,959,418 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\IMG_0037.jpg
[2011/10/14 20:01:25 | 000,721,256 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20091026_195723.reg
[2011/10/14 20:01:25 | 000,033,644 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20110419_121430.reg
[2011/10/14 20:01:25 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 20:01:25 | 000,005,893 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\Classic xp.Theme
[2011/10/14 20:01:25 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/14 20:01:25 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/14 20:01:25 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\Internet Explorer.lnk
[2011/10/14 20:01:25 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Remote Assistance.lnk
[2011/10/14 20:01:25 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\AVS4YOU Software Navigator.lnk
[2011/10/14 20:01:25 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\Mijn Gedeelde mappen.lnk
[2011/10/14 20:01:25 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/14 20:01:25 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Internet Explorer.lnk
[2011/10/14 20:01:25 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/14 20:01:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/10/14 20:01:25 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Windows Media Player.lnk
[2011/10/14 20:01:25 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Desktop\Windows Media Player.lnk
[2011/10/14 20:01:25 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Start Menu\Programs\Outlook Express.lnk
[2011/10/14 20:01:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/10/14 20:01:25 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\peggy van soom\.plugin141.trace
[2011/10/14 20:01:25 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\Picasa.ini
[2011/10/14 20:01:25 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\peggy van soom\My Documents\cc_20110419_121831.reg
[2011/10/14 20:01:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Local Settings\Application Data\fusioncache.dat
[2011/10/14 20:01:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\peggy van soom\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/11/19 17:53:27 | 000,000,801 | ---- | C] () -- C:\WINDOWS\CFX.INI
[2008/10/07 18:29:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/17 05:51:26 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2008/05/27 07:03:41 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/05/27 07:03:41 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/05/27 07:03:41 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/27 07:03:40 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/05/27 07:03:40 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/23 03:31:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/27 20:04:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/27 20:03:30 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2005/02/27 20:00:33 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/02/27 19:55:13 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2005/02/27 19:45:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/27 19:45:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/27 19:45:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/27 19:45:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/27 19:45:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/27 19:45:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/27 19:37:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2005/02/27 19:37:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005/02/27 19:36:29 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/02/27 19:35:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2005/02/27 19:14:24 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/02 22:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/19 20:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/03/19 20:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/01/09 14:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/21 17:36:47 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/21 17:34:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/21 17:26:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/21 17:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/02 03:10:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2002/01/10 02:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 15:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 15:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 08:00:00 | 000,618,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 08:00:00 | 000,126,192 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 08:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 08:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980/01/01 08:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 08:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 08:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 08:00:00 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980/01/01 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/26 21:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2011/10/25 18:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FTWeak
[2009/10/19 19:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/10/20 18:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/11/08 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PearlMountainSoft
[2011/10/03 15:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2011/11/05 21:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Souptoys
[2011/11/05 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Souptoys2
[2011/11/07 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/25 16:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/03/31 18:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/10/03 19:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/07 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\602Installer
[2011/10/23 10:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1
[2011/10/25 16:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\FK_Monitor
[2011/10/25 18:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\FTWeak
[2011/10/27 19:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\GetRightToGo
[2011/10/27 17:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Gholam_Inc
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\IBM
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\ICAClient
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\InterVideo
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\LimeWire
[2011/10/25 19:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\PE Explorer
[2011/11/08 17:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\PearlMountainSoft
[2011/10/26 19:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\PeaZip
[2011/10/27 18:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Rightload
[2011/11/08 18:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Software Informer
[2011/11/05 21:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Souptoys
[2011/10/23 15:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Thunderbird
[2011/10/14 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peggy van soom\Application Data\Windows Live Writer
[2011/10/22 17:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Allmyapps
[2011/10/23 08:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Audacity
[2011/10/15 12:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\CoSoSys
[2011/11/07 19:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Gholam_Inc
[2011/11/07 19:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\PeaZip
[2011/11/07 21:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Rightload
[2011/11/07 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Thinking Minds Budiling Bytes
[2011/10/22 08:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Thunderbird
[2009/11/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tibo lebegge\Application Data\Windows Live Writer
[2011/10/04 15:21:31 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2011/11/07 19:47:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/08 17:43:49 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/11/08 18:01:20 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C206872-1ACA-4F49-ABEC-EF0A5EB3CF78}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\499399845:1522744290.exe

< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have the zero access rootkit - I will need to kill that first before I do any other removals. If combofix does not work first time around then rename the programme to iexplorer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


  • Double click on ComboFix.exe & follow the prompts. Allow combofix to install the recovery console
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP