Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

2nd publ. Comp. : Windows Updates hindered, PUP's.


  • This topic is locked This topic is locked

#16
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Again sorry for the time it took before i got around to computer-maintenance again.

17th of nov 2013
MS Security Updates all installed as should be. However now 4 .Net Framework 2.0 sp2 updates keep on presenting themselves while according to Update History as well as Programs & Features they are already installed : kb 2836941 (non-essential) added to the list with (essentials) kb 2863239, 2844285 and 2833940.

Secunia PSI on this computer and Filehippo on the other public computer dis-agree with each-other and both differ from the true updates also. On this computer Secunia PSI says :
Windows XP PRO is up to date, while this is XP Home sp2 ;
.Net Framework v 1, 2, 3 and 4 are all outdated (no 3.5 mentioned, no 4.5 present) ;
MS SIlverlight is outdated ;
CCleaner would be up to date according to Secunia PSI, while it wasn't. It was v 4.2.0.4115 while at that time 4.6.0.4324 was already out ;
According to Secunia PSI Adobe Shockwave was up to date while Firefox Addon Management showed it needed to be updated from v 12.0.4.144 to v 12.0.5.146 ;
iMesh still shows in Secunia PSI while it is not visible in Configuration Screen -> Programms and Features, CCleaner Tools -> Installed Programs nor in Revo Uninstaller.

Only Firefox and Open Office updated via Secunia PSI.
Due to "Unknown Error" at that time i could not download the needed installers to desktop, Downloads-folder, Documents-folder nor to Shared Documents-folder ;
At the 18th of nov. i could download the installers without any problem.

3rd/4th and 4th/5th of december : for 2 nights our "house-burglar" watched porn on this computer. He is arrested.

Today, the 8th of December 2013.
I ran the repairs from Tweaking.com. After some thought i decided to include the option "Reset File Permissions" in the presumption that the reset is for the use of files and not also for writing to the files. I left all default options checked and added the few from your advisory. Also i included the option to "Repair Missing Start Items" although i do not have specific reasons to believe there are any.

VEW : see below, MS SE detected a passible TrojanDownloader:Win32/Brantal.A on the 4th of this month.

While running the Tweak-repairs as well as with the OTLscan i got the Systemtray Message "Beschadigd Bestand. Het bestand of de map C: is beschadigd en onleesbaar. Voer het hulpprogramma CHKDSK uit." (Damaged and unreadable). CHKDSK ran automaticly at reboot after both scans.

i ran Windows Updates and the 4 .Net F updatesstill present itself.

I ran another Secunia PSI to check upon Secunia after the Tweak.com repairs. According to Secunia :
MS XP Pro is up to date while this is XP Home sp2
.NET Framework v 1, 2, 3, and 4 are all outdated, resp. v 1.1.4322.2503 ; v 2.0.50727.3634 ; v 3.0.4506.2152 ; and v 4.0.30319.1 ; No 3.5 mentioned ; no 4.5 present.
MS SIlverlight 5.x is outdated
iMesh v 11.0.0.0 is still detected and deemed up to date
3 Newly visible entries Python v 2.7.5150.1013 (Open Source programming languige - also ported into Java and .Net Framework -, we realy don't need that) detected and deemed up to date, AVG Free Edition 12.x detected and deemed up to date, and AVG IS 12.x detected and deemed up to date.

AVG, iMesh and Python are not visible in Configuration Screen -> Programs and Features, CCleaner Tools -> Installed Programs nor in Revo Uninstaller.
How to un-install their remnants? (Freeware version Revo installed now) With the trial-version from Revo Uninstaller Pro i can perform a "Forced Uninstall" when i have located 1 or more of their respective locations on this comp.

Thank You.

Vino's Event Viewer v01c run on Windows XP in Dutch
Report run at 08/12/2013 10:30:37

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2013 10:06:51
Type: Fout Category: 2
Event: 55 Source: Ntfs
De structuur van het bestandssysteem op de schijf is beschadigd en onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Log: 'System' Date/Time: 07/12/2013 16:15:12
Type: Fout Category: 2
Event: 55 Source: Ntfs
De structuur van het bestandssysteem op de schijf is beschadigd en onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Log: 'System' Date/Time: 07/12/2013 12:36:32
Type: Fout Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware heeft een fout gevonden tijdens het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: Microsoft Update-server Updatefase: Downloaden Bronpad: http://www.microsoft.com Type handtekening: Antivirus Type update: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen.

Log: 'System' Date/Time: 07/12/2013 12:36:32
Type: Fout Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware heeft een fout gevonden tijdens het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: Microsoft Update-server Updatefase: Installeren Bronpad: http://www.microsoft.com Type handtekening: Antivirus Type update: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen.

Log: 'System' Date/Time: 07/12/2013 12:36:32
Type: Fout Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware heeft een fout gevonden tijdens het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: Microsoft Update-server Updatefase: Installeren Bronpad: http://www.microsoft.com Type handtekening: Antivirus Type update: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen.

Log: 'System' Date/Time: 06/12/2013 12:13:21
Type: Fout Category: 8
Event: 20 Source: Windows Update Agent
Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80070643: Beveiligingsupdate voor Microsoft .NET Framework 2.0 SP2 op Windows Server 2003 en Windows XP x86 (KB2863239).

Log: 'System' Date/Time: 26/11/2013 14:12:25
Type: Fout Category: 2
Event: 55 Source: Ntfs
De structuur van het bestandssysteem op de schijf is beschadigd en onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Log: 'System' Date/Time: 24/11/2013 18:06:13
Type: Fout Category: 2
Event: 55 Source: Ntfs
De structuur van het bestandssysteem op de schijf is beschadigd en onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2013 9:16:03
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 07/12/2013 19:50:10
Type: Waarschuwing Category: 0
Event: 1073 Source: USER32
De poging tot het uit van BLOK_L1 is mislukt

Log: 'System' Date/Time: 04/12/2013 16:08:49
Type: Waarschuwing Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware heeft schadelijke of andere mogelijk ongewenste software gedetecteerd. Zie de onderstaande gegevens voor meer informatie: http://go.microsoft....atid=2147683857 Naam: TrojanDownloader:Win32/Brantall.A Id: 2147683857 Ernst: Ernstig Categorie: Downloadprogramma in Trojaans paard Pad: file:_F:\Download\CodecPerformerSetup-2.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Realtime bescherming Gebruiker: BLOK_L1\Gast Procesnaam: C:\WINDOWS\explorer.exe Versie handtekening: AV: 1.163.1156.0, AS: 1.163.1156.0, NIS: 0.0.0.0 Versie engine: AM: 1.1.10100.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 04/12/2013 11:09:33
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 03/12/2013 17:27:37
Type: Waarschuwing Category: 0
Event: 4226 Source: Tcpip
TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.

Log: 'System' Date/Time: 03/12/2013 10:29:13
Type: Waarschuwing Category: 0
Event: 4226 Source: Tcpip
TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.

Log: 'System' Date/Time: 02/12/2013 12:39:56
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 01/12/2013 11:36:45
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 01/12/2013 11:08:14
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 29/11/2013 14:00:20
Type: Waarschuwing Category: 0
Event: 1073 Source: USER32
De poging tot het uit van BLOK_L1 is mislukt

Log: 'System' Date/Time: 28/11/2013 17:39:01
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 26/11/2013 15:18:17
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 26/11/2013 11:31:55
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 24/11/2013 16:48:50
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 22/11/2013 16:42:01
Type: Waarschuwing Category: 0
Event: 4 Source: E100B
Adapter IntelŪ PRO/100 VE Network Connection: Adapter Link Down



OTL logfile created on: 8-12-2013 11:03:38 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

759,48 Mb Total Physical Memory | 431,12 Mb Available Physical Memory | 56,76% Memory free
1,81 Gb Paging File | 1,54 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): C:\pagefile.sys 1140 1140 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,16 Gb Total Space | 23,34 Gb Free Space | 61,15% Space Free | Partition Type: NTFS

Computer Name: BLOK_L1 | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-12-08 09:20:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec -14-OTL.exe
PRC - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-10-23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-04-15 01:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013-12-07 13:08:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-11-17 15:27:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012-07-25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-12-08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2011-12-08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011-12-08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-12-08 05:22:28 | 000,016,384 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flashusb.sys -- (flashusb)
DRV - [2011-12-08 05:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-12-08 05:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-12-08 05:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-12-08 05:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-03-07 17:20:12 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011-03-07 17:16:28 | 000,116,736 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2011-03-07 17:16:28 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011-03-07 17:16:28 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011-03-07 17:16:28 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2002-07-07 12:53:32 | 000,296,179 | ---- | M] (SigmaTel Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97na.sys -- (STAC97NA)
DRV - [2002-07-07 12:52:46 | 000,231,983 | ---- | M] (SigmaTel Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97nh.sys -- (STAC97NH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 9F B0 41 18 C8 CE 01 [binary data]
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-08-08 09:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Extensions
[2013-12-07 13:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\padl07i5.default\extensions
[2013-12-07 13:11:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\padl07i5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013-12-07 13:11:44 | 000,535,138 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\padl07i5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013-11-17 16:50:23 | 000,549,871 | ---- | M] () (No name found) -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\padl07i5.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013-12-07 13:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-12-07 13:08:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-02-29 12:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bing.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-12-08 10:11:01 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Gast\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.1.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271944706703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341573103201 (MUWebControl Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-22 12:42:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {168F8BAC-A269-48E9-BB7A-A51B594CF6FF} - .NET Framework
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamische HTML met gegevensbinding voor Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Geavanceerd bewerken
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0} - .NET Framework
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taakplanner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-12-08 11:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\sun
[2013-12-08 10:54:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-08 10:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013-12-08 09:50:51 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013-12-08 09:31:39 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013-12-08 09:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Tweaking.com
[2013-12-08 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013-12-08 09:20:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec -14-OTL.exe
[2013-12-07 13:25:10 | 004,779,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Eigenaar\Bureaublad\spsetup124.exe
[2013-12-07 13:19:14 | 001,551,008 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Eigenaar\Bureaublad\SkypeSetup.exe
[2013-12-07 13:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-12-07 12:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\PCHealth
[2013-12-03 12:13:02 | 000,000,000 | ---D | C] -- C:\1dc8956cb6d6f51bb24879c7e13e
[2013-11-27 13:03:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013-11-27 12:51:47 | 000,000,000 | ---D | C] -- C:\d8425ee1ea133edf02
[2013-11-27 12:43:00 | 000,000,000 | ---D | C] -- C:\f747da198b4112faf4fd33f608d4cb6e
[2013-11-17 17:37:57 | 004,897,880 | ---- | C] (Adobe Systems Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\Shockwave_Installer_Slim.exe
[2013-11-17 17:17:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\OpenOffice 4.0.1
[2013-11-17 17:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Bureaublad\OpenOffice 4.0.1 (nl) Installation Files
[2013-11-17 16:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice
[2013-11-17 16:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013-11-17 12:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Revo Uninstaller
[2013-11-17 12:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013-11-17 12:51:48 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Eigenaar\Bureaublad\revosetup.exe

========== Files - Modified Within 30 Days ==========

[2013-12-08 11:16:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9199785-CD36-4F9E-B92E-2EFF24E1F45D}.job
[2013-12-08 10:23:51 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-08 10:23:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express Files Updater.job
[2013-12-08 10:22:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-12-08 10:22:55 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-12-08 10:16:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2013-12-08 10:15:06 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013-12-08 10:11:01 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-12-08 10:10:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013-12-08 10:10:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013-12-08 10:09:33 | 000,577,444 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-12-08 10:09:33 | 000,481,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-12-08 10:09:33 | 000,110,726 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-12-08 10:09:33 | 000,079,814 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-12-08 09:30:10 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Tweaking.com - Windows Repair (All in One).lnk
[2013-12-08 09:25:56 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec-13-VEW.exe
[2013-12-08 09:23:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-12-08 09:20:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec -14-OTL.exe
[2013-12-08 09:19:13 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-08 09:13:56 | 005,045,639 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec-12-tweaking.com_windows_repair_aio_setup.exe
[2013-12-07 13:25:55 | 004,779,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Eigenaar\Bureaublad\spsetup124.exe
[2013-12-07 13:19:32 | 001,551,008 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Eigenaar\Bureaublad\SkypeSetup.exe
[2013-12-01 11:16:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-11-19 11:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013-11-17 17:36:58 | 004,897,880 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Eigenaar\Bureaublad\Shockwave_Installer_Slim.exe
[2013-11-17 17:17:08 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\OpenOffice 4.0.1.lnk
[2013-11-17 17:05:15 | 139,734,741 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe
[2013-11-17 16:29:22 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-11-17 15:54:56 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2013-11-17 15:27:08 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-11-17 15:27:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-11-17 14:27:35 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013-11-17 14:22:06 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-11-17 12:56:48 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Revo Uninstaller.lnk
[2013-11-17 12:52:04 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Eigenaar\Bureaublad\revosetup.exe

========== Files Created - No Company Name ==========

[2013-12-08 10:16:00 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2013-12-08 09:30:10 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Tweaking.com - Windows Repair (All in One).lnk
[2013-12-08 09:25:55 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec-13-VEW.exe
[2013-12-08 09:13:49 | 005,045,639 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\8dec-12-tweaking.com_windows_repair_aio_setup.exe
[2013-11-17 17:17:08 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\OpenOffice 4.0.1.lnk
[2013-11-17 17:04:50 | 139,734,741 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe
[2013-11-17 12:56:48 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Bureaublad\Revo Uninstaller.lnk
[2013-10-28 13:34:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2013-06-23 17:59:43 | 000,128,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-11-14 15:31:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
[2012-07-23 09:15:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012-05-10 12:20:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2012-02-16 12:30:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-11 11:53:21 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-31 18:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012-01-31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012-01-31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012-01-31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012-01-31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2012-02-27 15:55:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 01:32:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009-02-09 11:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008-04-15 01:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Maxtor 94098H6
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 38,00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013-04-21 13:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Adobe
[2013-10-28 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Birdstep Technology
[2012-09-15 16:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\EurekaLog
[2012-02-21 12:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Foxit Software
[2012-07-06 19:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Google
[2010-04-22 12:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Identities
[2012-04-25 09:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Kayh
[2012-08-08 09:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Macromedia
[2010-05-11 13:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Malwarebytes
[2012-02-09 16:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\mediabarbs
[2013-01-10 08:52:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Eigenaar\Application Data\Microsoft
[2012-09-11 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Mozilla
[2012-03-19 11:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\NCH Software
[2013-11-17 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice
[2010-05-11 14:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice.org
[2013-12-07 13:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Skype
[2010-05-11 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Sun
[2012-04-24 11:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Ulcido
[2012-04-28 09:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\vudzfeqynw
[2013-10-16 14:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Winamp
[2012-02-09 16:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\wincorebsband
[2012-07-06 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Windows Desktop Search
[2012-07-15 17:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\Windows Search
[2010-04-22 13:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eigenaar\Application Data\WinRAR

< MD5 for: ATAPI.SYS >
[2008-04-15 01:46:08 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 01:46:08 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008-04-15 01:32:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=56332B8FB030700E276E0EA5314B1BA6 -- C:\WINDOWS\system32\csrss.exe
[2008-04-15 01:32:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=56332B8FB030700E276E0EA5314B1BA6 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008-04-15 01:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\explorer.exe
[2008-04-15 01:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008-06-20 18:45:12 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=18740E8EC5BE4B6D66FA0E4CBFD3B9C6 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008-06-20 18:45:12 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=18740E8EC5BE4B6D66FA0E4CBFD3B9C6 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008-06-20 17:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=4522CBE00A9E9EEE36AA82ED4B319148 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008-06-20 17:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=4522CBE00A9E9EEE36AA82ED4B319148 -- C:\WINDOWS\system32\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008-04-15 01:32:36 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=9B4818E388EE441E9E9B0910767C8F14 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008-04-15 01:32:36 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=9B4818E388EE441E9E9B0910767C8F14 -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008-04-15 01:32:40 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=235D0662BAACFD093ADCA7866AB22253 -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008-04-15 01:32:40 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=235D0662BAACFD093ADCA7866AB22253 -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009-02-09 12:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=657B69389B893F440B07590C9E963F23 -- C:\WINDOWS\system32\dllcache\services.exe
[2009-02-09 12:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=657B69389B893F440B07590C9E963F23 -- C:\WINDOWS\system32\services.exe
[2009-02-09 12:19:32 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=D98A222A707FFE40043E533FE7A6BA24 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SVCHOST.EXE >
[2008-04-15 01:33:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008-04-15 01:33:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E410EC73E2BE2A41D923B006F51C8427 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-04-15 01:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008-04-15 01:33:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6818A533ED3B2FA9936DF3DAF45352DF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008-04-15 01:33:20 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 01:33:20 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=1247D4D5444E28519BBE31BE8AB4C029 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008-04-15 01:32:46 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=4E3657569690067C4D12D135FA93B7E8 -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008-04-15 01:32:46 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=4E3657569690067C4D12D135FA93B7E8 -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013-12-07 13:07:50 | 000,874,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013-12-07 13:08:50 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013-10-13 08:00:06 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >







OTL Extras logfile created on: 8-12-2013 11:03:38 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eigenaar\Bureaublad
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

759,48 Mb Total Physical Memory | 431,12 Mb Available Physical Memory | 56,76% Memory free
1,81 Gb Paging File | 1,54 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): C:\pagefile.sys 1140 1140 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,16 Gb Total Space | 23,34 Gb Free Space | 61,15% Space Free | Partition Type: NTFS

Computer Name: BLOK_L1 | User Name: Eigenaar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18BA2F73-9F8E-4938-860E-F7BC31531608}" = Windows Communication Foundation Language Pack - NLD
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
"{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelŪ Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91A605E2-0372-4198-B64D-FA4D7E9FC851}" = Adobe Flash Player 11 Plugin
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06BD059-8EDE-41F3-B91A-73C2C6811187}" = Windows Workflow Foundation NL Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Nederlands
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D610D81C-36EE-4E1B-8346-1F515A5AF032}" = Microsoft .NET Framework 2.0 Language Pack - NLD
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{EA9BAE1A-2D68-4160-81E6-14B712435D66}" = OpenOffice 4.0.1
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{EFC4BB62-CD01-4F63-9165-FC5DEB350469}" = Adobe Flash Player 11 ActiveX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - NLD" = Microsoft .NET Framework 2.0 Language Pack - NLD
"Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 25.0.1 (x86 nl)" = Mozilla Firefox 25.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = IntelŪ PRO Ethernet Adapter and Software
"Revo Uninstaller" = Revo Uninstaller 1.95
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SigmaTel C-Major" = SigmaTel C-Major Audio
"Speccy" = Speccy
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZTE_1.2074.0.4" = ZTE_1.2074.0.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1788223648-2146830767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7-12-2013 8:22:31 | Computer Name = BLOK_L1 | Source = MsiInstaller | ID = 11609
Description =

Error - 8-12-2013 4:50:11 | Computer Name = BLOK_L1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8-12-2013 5:06:13 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF niet
laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:13 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF niet
laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:13 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION
FOUNDATION\SERVICEMODEL.MOF niet laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:14 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF
niet laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:14 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION
FOUNDATION\MUI\0413\SERVICEMODEL.MFL niet laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:15 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF niet
laden tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:06:15 | Computer Name = BLOK_L1 | Source = WinMgmt | ID = 4
Description = Kan MOF C:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF niet laden
tijdens het herstellen van opslagplaatsbestand.

Error - 8-12-2013 5:12:55 | Computer Name = BLOK_L1 | Source = VSS | ID = 4099
Description = Fout in Volume Shadow Copy-service: kan het onderdeel C:\Documents
and Settings\Eigenaar\Bureaublad\SWPRV.DLL niet in de COM+-toepassing MS Software
Shadow Copy Provider installeren. 0x80110401.

[ System Events ]
Error - 24-11-2013 13:06:13 | Computer Name = BLOK_L1 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Error - 26-11-2013 9:12:25 | Computer Name = BLOK_L1 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Error - 6-12-2013 7:13:21 | Computer Name = BLOK_L1 | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: Beveiligingsupdate voor Microsoft .NET Framework 2.0 SP2 op
Windows Server 2003 en Windows XP x86 (KB2863239).

Error - 7-12-2013 7:36:32 | Computer Name = BLOK_L1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 heeft een fout gevonden tijdens het bijwerken van handtekeningen.

Nieuwe
handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: %%859 Updatefase:
%%854 Bronpad: http://www.microsoft.com Type handtekening: %%800 Type update: %%803

Gebruiker:
NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode:
0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht
probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over
het installeren van updates en het oplossen van problemen.

Error - 7-12-2013 7:36:32 | Computer Name = BLOK_L1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 heeft een fout gevonden tijdens het bijwerken van handtekeningen.

Nieuwe
handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: %%859 Updatefase:
%%854 Bronpad: http://www.microsoft.com Type handtekening: %%800 Type update: %%803

Gebruiker:
NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode:
0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht
probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over
het installeren van updates en het oplossen van problemen.

Error - 7-12-2013 7:36:32 | Computer Name = BLOK_L1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 heeft een fout gevonden tijdens het bijwerken van handtekeningen.

Nieuwe
handtekeningversie: Vorige handtekeningversie: 1.163.1360.0 Updatebron: %%859 Updatefase:
%%853 Bronpad: http://www.microsoft.com Type handtekening: %%800 Type update: %%803

Gebruiker:
NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.10100.0 Foutcode:
0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht
probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over
het installeren van updates en het oplossen van problemen.

Error - 7-12-2013 11:15:12 | Computer Name = BLOK_L1 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Error - 8-12-2013 5:06:51 | Computer Name = BLOK_L1 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.

Error - 8-12-2013 6:18:47 | Computer Name = BLOK_L1 | Source = Ntfs | ID = 262199
Description = De structuur van het bestandssysteem op de schijf is beschadigd en
onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume C:.


< End of report >
  • 0

Advertisements


#17
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Superpatchtuesday. Early at work for theWindows Security Updates i finaly had them installed at 12 'o clock and 16:30 h for resp publiccomp no. 1 and 2, and did not get around to updating the office-pc. Lovely to know how rewarding my line of work is, after 8 hours of computing with lunch and early dinner while continuing work, and then have visitors of our evening-shelter be mad and swearing & 1 even threatening becouse i needed another half our after evening-shelter opened. Proud i've never been like that when i lived on the streets. How could i, in my time there was no shelter or social work at all. (The more help they get, the more ppl in denial think they can blame on the social workers atl, therefore the longer their lives remain a mess).

Quick search for only the essential updates didn't work for the public computers while the office-laptop updated without a glitch. I let it run for 5 quarters of an hour. On public comp no. 2 i then tried to update MS SE seperate but that didn't work becouse it could not get Internet-connection while other kinds of internet-connection worked indeed. There-after i installed the 3 essential .Net F 2 sp2 updates to get them out of the way and tried twice more, 1 quick and 1 with non-essential updates included. No luck. I took it offline while studying the updates on Technet.microsoft, and downloaded them on the laptop.

Online again, as soon as i doubleclicked the first manually downloaded update (IE8-WindowsXP-KB2898785-x86-NLD) copied via usb-stick, the updates started roling in automaticly and installed (i unchecked the 3 .Net F 2 sp2 essential updates). At 15:55 h they finaly were all installed and then i checked all other programs manualy for updates, starting with MS SE. No troubles there anymore (did not use Secunia PSI).

By this time i was half an hour late for my evening job, but hey, today that was at the same place as my dayjob and i already had an excessive meal of supermarket-"garbage" brought in by a guest and cooked by our Polish hostess.

[edit] i planned to replace this computer with a spare-computer before these updates were published but i did not have enough time to get the other computer ready for use [endEdit]

Edited by Admirgency, 11 December 2013 - 04:13 PM.

  • 0

#18
Admirgency

Admirgency

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Extra Essential Microsoft Update for .Net Framework 2.0 sp2 (19th of dec for XP, 16th for Vista) installed OK. After that update the 3 earlyer updates didn't present themselves annymore.
However not only our house-burglar but also a normal visitor watched unsafe porn-sites (on both public machines).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP