TechSpot

AVG keeps finding Trojan horse Crypt.AQLW infections and Win32/Sireref.ER Malware

By arnoldkooiker
Mar 4, 2012
  1. Hello,

    Over almost two weeks now AVG keeps finding infections, which can be quarantained but keeps coming back with different (.dll) file names. For what it's worth, I've found similar threats in this forum which also fits this description.

    Anyway,since AVG can't seem to solve the problem I hope I can get some help here. Below the logs of the preliminary steps (subsequently mbam, gmer and both dds logs). By the way, since I live in the Netherlands, some logs contain dutch terms. I don't know if that's a problem?

    ================================================

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.03.04.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    user :: PC [administrator]

    4-3-2012 14:27:24
    mbam-log-2012-03-04 (14-27-24).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 239913
    Verstreken tijd: 16 minuut/minuten, 24 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    ================================================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-04 14:50:16
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502IJ rev.1AA01112
    Running: GMER-gntotgos.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdapob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2240

    ---- EOF - GMER 1.0.15 ----

    ================================================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by user at 15:01:14 on 2012-03-04
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1919.1013 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cerberus\Cerberus.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rserver30\RServer3.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\RapidBIT\cidaemon.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.hotmail.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Lexmark 3100 Series] "c:\program files\lexmark 3100 series\lxbrbmgr.exe"
    mRun: [LXBRKsk] c:\progra~1\lexmar~1\LXBRKsk.exe
    mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\sagemw~1.lnk - c:\program files\sagem wifi manager\WLANUTL.exe
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    LSP: mswsock.dll
    Trusted Zone: enschede.nl\ienoportal
    Trusted Zone: enschede.nl\portal
    Trusted Zone: enschede.nl\webmail
    Trusted Zone: localhost
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.10/uploader2.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112288959018
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    TCP: Interfaces\{52503A0F-5C0B-42B1-B77D-EFE140159F74} : NameServer = 192.168.1.1
    TCP: Interfaces\{A80290E0-1513-4894-83AE-BAB9896987DB} : NameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\windows\system32\rserver30\r3god.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\3jf689pd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\3jf689pd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg2012\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-24 64288]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
    R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2007-2-2 41176]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Cerberus FTP Server;Cerberus FTP Server;c:\program files\cerberus\cerberus.exe -service --> c:\program files\cerberus\Cerberus.exe -Service [?]
    R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2007-2-2 1235032]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2004-10-8 751104]
    R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-1 3328]
    S2 AMService;AMService;c:\windows\temp\npsiif\setup.exe run --> c:\windows\temp\npsiif\setup.exe run [?]
    S2 avg7core;Phnxvcdservice;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 avg7rsw;SGHIDI;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 avg7updsvc;Svcwmu;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 awhost32;Wpshelper;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 ca-messagequeuing;Icdsptsv;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 ccpwdsvc;Spbbcsvc;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 FlexService;Remote Connections Service;c:\program files\rapidbit\cisvc.exe [2009-5-17 41984]
    S2 gupdate;Google Updateservice (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S2 LMIRfsDriver;Konfig;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mcafeeantispyware;UCTblHid;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mcsysmon;Ati2mpaa;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mcupdmgr.exe;Atitunep;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mfebopk;Nidomainservice;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mksupdateint;Motoswitchservice;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 mpfirewl;Adiusbaw;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 naveng;RMSvc;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 ndasbus;Firesvc;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 ofcpfwsvc;Oraclesnmppeerencapsulator;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 Slpsvdr;Lxce_device;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 snoopfree;NETGEAR_MA111;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 starwindserviceae;W200mgmt;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 symantecantibotwatcher;Wampapache;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S2 webrootspysweeperservice;Sscdmdfl;c:\windows\system32\svchost.exe -k netsvcs [2005-3-31 14336]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2012-1-14 50704]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2011-4-6 402432]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-01 21:26:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 21:26:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-29 21:24:13 -------- d-----w- c:\program files\ESET
    2012-02-20 22:22:55 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2012-02-20 22:19:23 -------- dc-h--w- c:\windows\ie8
    2012-02-14 18:50:25 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-14 18:50:25 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-05 14:19:22 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 14:35:41 -------- d-----w- c:\program files\CCleaner
    2012-02-04 14:13:08 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
    2012-02-04 14:12:58 -------- d-----w- c:\documents and settings\user\local settings\application data\Deployment
    .
    ==================== Find3M ====================
    .
    2012-02-05 12:45:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-22 19:36:24 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2012-01-22 10:53:37 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2012-01-14 11:54:23 50704 ----a-w- c:\windows\system32\drivers\npf.sys
    2012-01-14 11:54:23 281104 ----a-w- c:\windows\system32\wpcap.dll
    2012-01-14 11:54:23 100880 ----a-w- c:\windows\system32\Packet.dll
    2012-01-12 17:20:33 1860096 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:42:06 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:42:06 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:42:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:23:17 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 15:01:28,70 ===============

    ================================================


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13-8-2008 11:12:40
    System Uptime: 4-3-2012 14:16:54 (1 hours ago)
    .
    Motherboard: FOXCONN | | A6VMX
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket 940 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 134,137 GiB free.
    D: is FIXED (NTFS) - 225 GiB total, 30,905 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: SAGEM Wi-Fi 11g USB adapter
    Device ID: USB\VID_079B&PID_0062\5&1C9BD01C&0&4
    Manufacturer: Sagem, SA
    Name: SAGEM Wi-Fi 11g USB adapter #2
    PNP Device ID: USB\VID_079B&PID_0062\5&1C9BD01C&0&4
    Service: SG762_XP
    .
    ==== System Restore Points ===================
    .
    RP224: 5-12-2011 22:36:15 - Controlepunt van systeem
    RP225: 6-12-2011 22:41:54 - Controlepunt van systeem
    RP226: 7-12-2011 22:56:40 - Controlepunt van systeem
    RP227: 10-12-2011 13:14:33 - Controlepunt van systeem
    RP228: 11-12-2011 14:02:57 - Controlepunt van systeem
    RP229: 12-12-2011 22:06:44 - Controlepunt van systeem
    RP230: 13-12-2011 22:18:24 - Controlepunt van systeem
    RP231: 13-12-2011 22:55:00 - Software Distribution Service 3.0
    RP232: 15-12-2011 17:53:18 - Controlepunt van systeem
    RP233: 17-12-2011 14:22:59 - Controlepunt van systeem
    RP234: 19-12-2011 22:21:08 - Controlepunt van systeem
    RP235: 21-12-2011 10:21:03 - Controlepunt van systeem
    RP236: 22-12-2011 22:51:16 - Controlepunt van systeem
    RP237: 23-12-2011 23:45:17 - Controlepunt van systeem
    RP238: 28-12-2011 10:48:39 - Controlepunt van systeem
    RP239: 2-1-2012 13:40:20 - Controlepunt van systeem
    RP240: 3-1-2012 13:53:22 - Controlepunt van systeem
    RP241: 4-1-2012 14:53:13 - Controlepunt van systeem
    RP242: 5-1-2012 16:41:29 - Controlepunt van systeem
    RP243: 6-1-2012 17:11:32 - Controlepunt van systeem
    RP244: 8-1-2012 13:36:24 - Controlepunt van systeem
    RP245: 9-1-2012 20:16:36 - Controlepunt van systeem
    RP246: 9-1-2012 21:29:30 - Herstelbewerking
    RP247: 9-1-2012 23:18:29 - Software Distribution Service 3.0
    RP248: 11-1-2012 10:19:01 - Controlepunt van systeem
    RP249: 11-1-2012 10:42:16 - Software Distribution Service 3.0
    RP250: 11-1-2012 23:13:06 - Software Distribution Service 3.0
    RP251: 14-1-2012 14:35:53 - Herstelbewerking
    RP252: 14-1-2012 14:53:29 - na uninstall Alcohol 120% (a347bus.sys BSOD)
    RP253: 14-1-2012 17:42:37 - Geïnstalleerd AVG 2012
    RP254: 14-1-2012 17:42:57 - Geïnstalleerd AVG 2012
    RP255: 14-1-2012 23:24:15 - Software Distribution Service 3.0
    RP256: 16-1-2012 11:40:06 - Controlepunt van systeem
    RP257: 17-1-2012 14:41:13 - Controlepunt van systeem
    RP258: 18-1-2012 16:41:29 - Controlepunt van systeem
    RP259: 19-1-2012 18:13:59 - Controlepunt van systeem
    RP260: 21-1-2012 0:00:28 - Controlepunt van systeem
    RP261: 22-1-2012 11:59:22 - clean, geen threats meer door AVG/TDSSkiller
    RP262: 23-1-2012 12:24:34 - Controlepunt van systeem
    RP263: 24-1-2012 22:17:52 - Controlepunt van systeem
    RP264: 25-1-2012 13:34:21 - Removed SDP Downloader
    RP265: 1-2-2012 8:15:33 - Controlepunt van systeem
    RP266: 2-2-2012 20:36:57 - Herstelbewerking
    RP267: 2-2-2012 20:44:46 - Herstelbewerking
    RP268: 3-2-2012 20:03:27 - Herstelbewerking
    RP269: 4-2-2012 12:31:51 - Herstelbewerking
    RP270: 4-2-2012 14:31:15 - Installed Java(TM) 6 Update 30
    RP271: 4-2-2012 14:35:33 - Removed Java(TM) 6 Update 7
    RP272: 5-2-2012 16:39:41 - Controlepunt van systeem
    RP273: 8-2-2012 15:18:04 - Controlepunt van systeem
    RP274: 13-2-2012 15:38:16 - Controlepunt van systeem
    RP275: 14-2-2012 23:14:02 - Software Distribution Service 3.0
    RP276: 16-2-2012 21:58:45 - Controlepunt van systeem
    RP277: 20-2-2012 22:09:51 - Controlepunt van systeem
    RP278: 20-2-2012 23:15:00 - Software Distribution Service 3.0
    RP279: 21-2-2012 23:26:19 - Software Distribution Service 3.0
    RP280: 24-2-2012 22:48:32 - Controlepunt van systeem
    RP281: 26-2-2012 12:17:42 - Controlepunt van systeem
    RP282: 27-2-2012 22:57:37 - Controlepunt van systeem
    RP283: 29-2-2012 13:22:46 - Controlepunt van systeem
    RP284: 1-3-2012 22:16:49 - Herstelbewerking
    RP285: 4-3-2012 14:01:46 - Herstelbewerking
    RP286: 4-3-2012 14:14:21 - Herstelbewerking
    RP287: 4-3-2012 14:17:40 - Herstelbewerking
    .
    ==== Installed Programs ======================
    .
    .sol Editor 1.1.0.1
    360Share Pro(remove only)
    3DMark06
    7-Zip 9.20
    Aangifte inkomstenbelasting 2007
    Aangifte inkomstenbelasting 2008
    Aangifte inkomstenbelasting 2009
    Aangifte inkomstenbelasting 2010
    ABBYY FineReader 5.0 Sprint
    ABC (remove only)
    AC-3 ACM Codec
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Alky for Applications (Windows XP)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoUpdate
    AVG 2012
    Beveiligingsupdate for Windows Media Player 10 (KB936782)
    Beveiligingsupdate for Windows XP (KB923689)
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Microsoft Windows (KB2564958)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2416400)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2482017)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2497640)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2530548)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2544521)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2559049)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2586448)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2618444)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB2647516)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB911564)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player 11 (KB936782)
    Beveiligingsupdate voor Windows Media Player 11 (KB954154)
    Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2296199)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2393802)
    Beveiligingsupdate voor Windows XP (KB2412687)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2436673)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB2476490)
    Beveiligingsupdate voor Windows XP (KB2476687)
    Beveiligingsupdate voor Windows XP (KB2478960)
    Beveiligingsupdate voor Windows XP (KB2478971)
    Beveiligingsupdate voor Windows XP (KB2479628)
    Beveiligingsupdate voor Windows XP (KB2479943)
    Beveiligingsupdate voor Windows XP (KB2481109)
    Beveiligingsupdate voor Windows XP (KB2483185)
    Beveiligingsupdate voor Windows XP (KB2485376)
    Beveiligingsupdate voor Windows XP (KB2485663)
    Beveiligingsupdate voor Windows XP (KB2503658)
    Beveiligingsupdate voor Windows XP (KB2503665)
    Beveiligingsupdate voor Windows XP (KB2506212)
    Beveiligingsupdate voor Windows XP (KB2506223)
    Beveiligingsupdate voor Windows XP (KB2507618)
    Beveiligingsupdate voor Windows XP (KB2507938)
    Beveiligingsupdate voor Windows XP (KB2508272)
    Beveiligingsupdate voor Windows XP (KB2508429)
    Beveiligingsupdate voor Windows XP (KB2509553)
    Beveiligingsupdate voor Windows XP (KB2510581)
    Beveiligingsupdate voor Windows XP (KB2511455)
    Beveiligingsupdate voor Windows XP (KB2524375)
    Beveiligingsupdate voor Windows XP (KB2535512)
    Beveiligingsupdate voor Windows XP (KB2536276-v2)
    Beveiligingsupdate voor Windows XP (KB2536276)
    Beveiligingsupdate voor Windows XP (KB2544893-v2)
    Beveiligingsupdate voor Windows XP (KB2544893)
    Beveiligingsupdate voor Windows XP (KB2555917)
    Beveiligingsupdate voor Windows XP (KB2562937)
    Beveiligingsupdate voor Windows XP (KB2566454)
    Beveiligingsupdate voor Windows XP (KB2567053)
    Beveiligingsupdate voor Windows XP (KB2567680)
    Beveiligingsupdate voor Windows XP (KB2570222)
    Beveiligingsupdate voor Windows XP (KB2570947)
    Beveiligingsupdate voor Windows XP (KB2584146)
    Beveiligingsupdate voor Windows XP (KB2585542)
    Beveiligingsupdate voor Windows XP (KB2592799)
    Beveiligingsupdate voor Windows XP (KB2598479)
    Beveiligingsupdate voor Windows XP (KB2603381)
    Beveiligingsupdate voor Windows XP (KB2618451)
    Beveiligingsupdate voor Windows XP (KB2619339)
    Beveiligingsupdate voor Windows XP (KB2620712)
    Beveiligingsupdate voor Windows XP (KB2624667)
    Beveiligingsupdate voor Windows XP (KB2631813)
    Beveiligingsupdate voor Windows XP (KB2633171)
    Beveiligingsupdate voor Windows XP (KB2639417)
    Beveiligingsupdate voor Windows XP (KB2646524)
    Beveiligingsupdate voor Windows XP (KB2660465)
    Beveiligingsupdate voor Windows XP (KB2661637)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB938464)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951698)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB953839)
    Beveiligingsupdate voor Windows XP (KB954211)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956391)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956841)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957095)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958690)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960715)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371)
    Beveiligingsupdate voor Windows XP (KB961373)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969898)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB971961)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981349)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    Bonjour
    BrettspielWelt
    Carcassonne
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CD-Text Player
    CDCheck
    Cerberus FTP Server
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    CoCSoft Stream Down 5.1
    Codec Pack - All In 1 6.0.3.0
    Commando
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    DC++ 0.674
    Direct Show Ogg Vorbis Filter (remove only)
    DivX Codec
    DivX Converter
    doPDF 5.3 printer
    DVD-lab PRO 1.53
    DVD Shrink 3.2
    eMule
    ESET Online Scanner v3
    Essentiële update voor Windows Media Player 11 (KB959772)
    ExtractNow
    Feurio! CD-Writer
    ffdshow (remove only)
    FontLab Studio 5
    FTP Explorer
    Gadget Installer
    Gadget voor recente documenten in Microsoft Office 2007
    GoldWave v4.26
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hema Album Software Advanced
    HFX PRO for Studio
    High Definition Audio Driver Package - KB888111
    HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows Internet Explorer 7 (KB947864)
    Hotfix voor Windows Media Player 11 (KB939683)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB2570791)
    Hotfix voor Windows XP (KB2633952)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    IrfanView (remove only)
    iTunes
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 30
    Kinderopvangtoeslag 2010
    Kinderopvangtoeslag 2011
    Lexmark 3100 Series
    LimeWire 4.12.11
    Macromedia Flash MX
    MadOnion.com/3DMark2001 SE
    Malwarebytes Anti-Malware versie 1.60.1.1000
    Maple 8
    Media Markt
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Dutch Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows Journal Viewer
    MobileMe Control Panel
    Mozilla Firefox (3.0.19)
    Mpeg Layer3 Codec FHG-Radium v1.263
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MultipleIEs
    Nero 6 Ultra Edition
    NSIS JPsEffects
    Ogg Codecs 0.81.15562
    Orange Livebox
    Orange USB Wi-Fi drivers
    Orange USB Wi-Fi manager
    Pinnacle Hollywood FX for Studio
    PowerDVD
    QuickTime
    RadLight Ogg Media DirectShow filter (remove only)
    Radmin Server 3.0
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    SAMSUNG PC Share Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Segoe UI
    Skins
    SopCast 3.0.0
    SpeedFan (remove only)
    SPSS DDL 5.5
    SPVOD Player1.8
    Sqirlz Morph
    Studio 9
    Tantrix Match
    TMPGEnc-2.59.47.155-Plus-EN
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 7 (KB976749)
    Update voor Windows Internet Explorer 7 (KB980182)
    Update voor Windows Internet Explorer 8 (KB2598845)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB2467659)
    Update voor Windows XP (KB2541763)
    Update voor Windows XP (KB2616676-v2)
    Update voor Windows XP (KB2616676)
    Update voor Windows XP (KB2641690)
    Update voor Windows XP (KB898461)
    Update voor Windows XP (KB951072-v2)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB955839)
    Update voor Windows XP (KB961503)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971029)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VeryPDF PDF To Image Converter v2.1
    Verzoek of wijziging voorlopige aanslag 2010
    Verzoek of wijziging voorlopige aanslag 2011
    Verzoek voorlopige teruggaaf 2008
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.8a
    WebFldrs XP
    Winamp (remove only)
    WinAVI Video Converter
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Sidebar
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    Xvid 1.1.3 final uninstall
    .
    ==== End Of File ===========================
     
  2. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Addition

    Oh, in addition. Since my System Recovery wasn't functioning as it supposed to be (restore points couldn't be restored, because no changes were made, at least that is what was said), I removed all old restore points by disabling System Recovery and then enabled it again. Now, at least that works fine again, so although it is infected there is a restore point to which I can restore if needed.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  4. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    aswMBR- and bootkit-log

    Hello Broni,

    Already thanks for your help. Below the output of the aswMBR-scan and the bootkit_cleaner.

    ============================================================

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-05 19:08:41
    -----------------------------
    19:08:41.937 OS Version: Windows 5.1.2600 Service Pack 3
    19:08:41.937 Number of processors: 2 586 0x6B02
    19:08:41.937 ComputerName: PC UserName:
    19:08:43.171 Initialize success
    19:09:54.750 AVAST engine defs: 12030500
    19:10:07.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:10:07.640 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01112 Size: 476940MB BusType: 3
    19:10:07.656 Disk 0 MBR read successfully
    19:10:07.671 Disk 0 MBR scan
    19:10:07.687 Disk 0 Windows XP default MBR code
    19:10:07.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
    19:10:07.687 Disk 0 scanning sectors +976768065
    19:10:07.765 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:10:13.203 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Smadow [Rtk]
    19:10:20.781 Disk 0 trace - called modules:
    19:10:20.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb72c9ff0]<<
    19:10:20.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a598ab8]
    19:10:20.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a4d95b0]
    19:10:20.812 \Driver\00000606[0x8a590880] -> IRP_MJ_CREATE -> 0xb72c9ff0
    19:10:21.625 AVAST engine scan C:\WINDOWS
    19:10:49.468 AVAST engine scan C:\WINDOWS\system32
    19:13:41.625 AVAST engine scan C:\WINDOWS\system32\drivers
    19:13:48.687 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Smadow [Rtk]
    19:14:08.687 AVAST engine scan C:\Documents and Settings\user
    19:25:45.375 AVAST engine scan C:\Documents and Settings\All Users
    19:28:51.875 Scan finished successfully
    19:49:46.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Bureaublad\MBR.dat"
    19:49:46.937 The log file has been saved successfully to "C:\Documents and Settings\user\Bureaublad\aswMBR.txt"

    ============================================================

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 69cccfbb74623f0a8d61f6ab49d5681b

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...

    ============================================================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    TDSSKiller log

    23:41:31.0062 5032 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
    23:41:31.0203 5032 ============================================================
    23:41:31.0203 5032 Current date / time: 2012/03/05 23:41:31.0203
    23:41:31.0203 5032 SystemInfo:
    23:41:31.0203 5032
    23:41:31.0203 5032 OS Version: 5.1.2600 ServicePack: 3.0
    23:41:31.0203 5032 Product type: Workstation
    23:41:31.0203 5032 ComputerName: PC
    23:41:31.0203 5032 UserName: user
    23:41:31.0203 5032 Windows directory: C:\WINDOWS
    23:41:31.0203 5032 System windows directory: C:\WINDOWS
    23:41:31.0203 5032 Processor architecture: Intel x86
    23:41:31.0203 5032 Number of processors: 2
    23:41:31.0203 5032 Page size: 0x1000
    23:41:31.0203 5032 Boot type: Normal boot
    23:41:31.0203 5032 ============================================================
    23:41:33.0046 5032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:41:33.0093 5032 Drive \Device\Harddisk5\DR6 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:41:33.0109 5032 \Device\Harddisk0\DR0:
    23:41:33.0109 5032 MBR used
    23:41:33.0109 5032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    23:41:33.0109 5032 \Device\Harddisk5\DR6:
    23:41:33.0109 5032 MBR used
    23:41:33.0109 5032 \Device\Harddisk5\DR6\Partition0: MBR, Type 0x7, StartLBA 0xF9CA3B, BlocksNum 0x1C223C85
    23:41:33.0187 5032 Initialize success
    23:41:33.0187 5032 ============================================================
    23:41:40.0156 2912 ============================================================
    23:41:40.0156 2912 Scan started
    23:41:40.0156 2912 Mode: Manual;
    23:41:40.0156 2912 ============================================================
    23:41:40.0703 2912 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    23:41:40.0703 2912 61883 - ok
    23:41:40.0718 2912 Abiosdsk - ok
    23:41:40.0718 2912 abp480n5 - ok
    23:41:40.0781 2912 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:41:40.0781 2912 ACPI - ok
    23:41:40.0812 2912 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:41:40.0812 2912 ACPIEC - ok
    23:41:40.0843 2912 adpu160m - ok
    23:41:40.0875 2912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:41:40.0875 2912 aec - ok
    23:41:40.0921 2912 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    23:41:40.0921 2912 AFD - ok
    23:41:40.0921 2912 Aha154x - ok
    23:41:40.0937 2912 aic78u2 - ok
    23:41:40.0953 2912 aic78xx - ok
    23:41:40.0968 2912 AliIde - ok
    23:41:40.0984 2912 amsint - ok
    23:41:41.0046 2912 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:41:41.0046 2912 Arp1394 - ok
    23:41:41.0109 2912 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
    23:41:41.0109 2912 ASAPIW2k - ok
    23:41:41.0125 2912 asc - ok
    23:41:41.0125 2912 asc3350p - ok
    23:41:41.0140 2912 asc3550 - ok
    23:41:41.0171 2912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:41:41.0171 2912 AsyncMac - ok
    23:41:41.0218 2912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:41:41.0218 2912 atapi - ok
    23:41:41.0218 2912 Atdisk - ok
    23:41:41.0359 2912 ati2mtag (6b618c7764e03a78599d74e31b8ab17b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:41:41.0390 2912 ati2mtag - ok
    23:41:41.0406 2912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:41:41.0406 2912 Atmarpc - ok
    23:41:41.0468 2912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:41:41.0468 2912 audstub - ok
    23:41:41.0531 2912 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    23:41:41.0531 2912 Avc - ok
    23:41:41.0593 2912 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
    23:41:41.0593 2912 AVCSTRM - ok
    23:41:41.0671 2912 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    23:41:41.0796 2912 AVGIDSDriver - ok
    23:41:41.0828 2912 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    23:41:41.0828 2912 AVGIDSEH - ok
    23:41:41.0859 2912 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    23:41:41.0859 2912 AVGIDSFilter - ok
    23:41:41.0906 2912 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    23:41:41.0906 2912 AVGIDSShim - ok
    23:41:41.0968 2912 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    23:41:41.0968 2912 Avgldx86 - ok
    23:41:42.0000 2912 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    23:41:42.0000 2912 Avgmfx86 - ok
    23:41:42.0046 2912 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    23:41:42.0046 2912 Avgrkx86 - ok
    23:41:42.0125 2912 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    23:41:42.0140 2912 Avgtdix - ok
    23:41:42.0234 2912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:41:42.0234 2912 Beep - ok
    23:41:42.0359 2912 Cap713x (8f36328ce5a41880d1f208797289961e) C:\WINDOWS\system32\DRIVERS\Cap713x.sys
    23:41:42.0359 2912 Cap713x - ok
    23:41:42.0406 2912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:41:42.0406 2912 cbidf2k - ok
    23:41:42.0468 2912 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:41:42.0468 2912 CCDECODE - ok
    23:41:42.0484 2912 cd20xrnt - ok
    23:41:42.0546 2912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:41:42.0562 2912 Cdaudio - ok
    23:41:42.0578 2912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:41:42.0593 2912 Cdfs - ok
    23:41:42.0656 2912 Cdrom (c17e85f23a160fd7840cabb958861a84) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:41:42.0656 2912 Cdrom - ok
    23:41:42.0703 2912 Changer - ok
    23:41:42.0734 2912 CmdIde - ok
    23:41:42.0750 2912 Cpqarray - ok
    23:41:42.0812 2912 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
    23:41:42.0812 2912 ctxusbm - ok
    23:41:42.0843 2912 dac2w2k - ok
    23:41:42.0859 2912 dac960nt - ok
    23:41:42.0890 2912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:41:42.0890 2912 Disk - ok
    23:41:42.0968 2912 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    23:41:42.0968 2912 dmboot - ok
    23:41:42.0984 2912 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    23:41:42.0984 2912 dmio - ok
    23:41:43.0000 2912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:41:43.0000 2912 dmload - ok
    23:41:43.0031 2912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:41:43.0031 2912 DMusic - ok
    23:41:43.0046 2912 dpti2o - ok
    23:41:43.0046 2912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:41:43.0046 2912 drmkaud - ok
    23:41:43.0140 2912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:41:43.0140 2912 Fastfat - ok
    23:41:43.0187 2912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:41:43.0187 2912 Fdc - ok
    23:41:43.0218 2912 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    23:41:43.0218 2912 Fips - ok
    23:41:43.0312 2912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:41:43.0312 2912 Flpydisk - ok
    23:41:43.0359 2912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:41:43.0359 2912 FltMgr - ok
    23:41:43.0390 2912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:41:43.0390 2912 Fs_Rec - ok
    23:41:43.0421 2912 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:41:43.0421 2912 Ftdisk - ok
    23:41:43.0437 2912 FXDrv32 - ok
    23:41:43.0453 2912 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    23:41:43.0453 2912 gagp30kx - ok
    23:41:43.0500 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    23:41:43.0500 2912 GEARAspiWDM - ok
    23:41:43.0546 2912 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    23:41:43.0546 2912 giveio - ok
    23:41:43.0593 2912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:41:43.0593 2912 Gpc - ok
    23:41:43.0625 2912 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:41:43.0625 2912 HDAudBus - ok
    23:41:43.0687 2912 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:41:43.0687 2912 HidUsb - ok
    23:41:43.0703 2912 hpn - ok
    23:41:43.0765 2912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:41:43.0765 2912 HTTP - ok
    23:41:43.0781 2912 i2omgmt - ok
    23:41:43.0796 2912 i2omp - ok
    23:41:43.0796 2912 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:41:43.0812 2912 i8042prt - ok
    23:41:43.0843 2912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:41:43.0843 2912 Imapi - ok
    23:41:43.0859 2912 ini910u - ok
    23:41:44.0031 2912 IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    23:41:44.0078 2912 IntcAzAudAddService - ok
    23:41:44.0125 2912 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:41:44.0125 2912 IntelIde - ok
    23:41:44.0187 2912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:41:44.0187 2912 Ip6Fw - ok
    23:41:44.0203 2912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:41:44.0203 2912 IpFilterDriver - ok
    23:41:44.0218 2912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:41:44.0218 2912 IpInIp - ok
    23:41:44.0265 2912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:41:44.0265 2912 IpNat - ok
    23:41:44.0312 2912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:41:44.0312 2912 IPSec - ok
    23:41:44.0359 2912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:41:44.0359 2912 IRENUM - ok
    23:41:44.0375 2912 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:41:44.0375 2912 isapnp - ok
    23:41:44.0421 2912 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:41:44.0421 2912 Kbdclass - ok
    23:41:44.0468 2912 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:41:44.0468 2912 kbdhid - ok
    23:41:44.0515 2912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:41:44.0515 2912 kmixer - ok
    23:41:44.0578 2912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:41:44.0578 2912 KSecDD - ok
    23:41:44.0625 2912 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    23:41:44.0625 2912 Lbd - ok
    23:41:44.0640 2912 lbrtfdc - ok
    23:41:44.0765 2912 mirrorv3 (d96ea49ab9a9174331bc023fd0cadc18) C:\WINDOWS\system32\DRIVERS\rminiv3.sys
    23:41:44.0781 2912 mirrorv3 - ok
    23:41:44.0812 2912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:41:44.0812 2912 mnmdd - ok
    23:41:44.0859 2912 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    23:41:44.0859 2912 Modem - ok
    23:41:44.0890 2912 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:41:44.0890 2912 Mouclass - ok
    23:41:44.0906 2912 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:41:44.0906 2912 mouhid - ok
    23:41:44.0921 2912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:41:44.0937 2912 MountMgr - ok
    23:41:44.0937 2912 mraid35x - ok
    23:41:44.0984 2912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:41:44.0984 2912 MRxDAV - ok
    23:41:45.0046 2912 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:41:45.0046 2912 MRxSmb - ok
    23:41:45.0093 2912 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    23:41:45.0093 2912 MSDV - ok
    23:41:45.0140 2912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:41:45.0140 2912 Msfs - ok
    23:41:45.0140 2912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:41:45.0140 2912 MSKSSRV - ok
    23:41:45.0171 2912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:41:45.0187 2912 MSPCLOCK - ok
    23:41:45.0187 2912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:41:45.0187 2912 MSPQM - ok
    23:41:45.0250 2912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:41:45.0250 2912 mssmbios - ok
    23:41:45.0328 2912 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
    23:41:45.0343 2912 MSTAPE - ok
    23:41:45.0375 2912 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:41:45.0375 2912 MSTEE - ok
    23:41:45.0406 2912 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:41:45.0406 2912 Mup - ok
    23:41:45.0484 2912 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:41:45.0484 2912 NABTSFEC - ok
    23:41:45.0593 2912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:41:45.0609 2912 NDIS - ok
    23:41:45.0625 2912 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:41:45.0640 2912 NdisIP - ok
    23:41:45.0687 2912 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:41:45.0687 2912 NdisTapi - ok
    23:41:45.0703 2912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:41:45.0703 2912 Ndisuio - ok
    23:41:45.0718 2912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:41:45.0734 2912 NdisWan - ok
    23:41:45.0781 2912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:41:45.0781 2912 NDProxy - ok
    23:41:45.0828 2912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:41:45.0828 2912 NetBIOS - ok
    23:41:45.0859 2912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:41:45.0859 2912 NetBT - ok
    23:41:45.0906 2912 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:41:45.0906 2912 NIC1394 - ok
    23:41:45.0968 2912 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    23:41:45.0968 2912 NPF - ok
    23:41:45.0984 2912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:41:45.0984 2912 Npfs - ok
    23:41:46.0046 2912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:41:46.0062 2912 Ntfs - ok
    23:41:46.0140 2912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:41:46.0140 2912 Null - ok
    23:41:46.0156 2912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:41:46.0156 2912 NwlnkFlt - ok
    23:41:46.0187 2912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:41:46.0187 2912 NwlnkFwd - ok
    23:41:46.0218 2912 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:41:46.0218 2912 ohci1394 - ok
    23:41:46.0312 2912 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:41:46.0312 2912 Parport - ok
    23:41:46.0312 2912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:41:46.0312 2912 PartMgr - ok
    23:41:46.0359 2912 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:41:46.0359 2912 ParVdm - ok
    23:41:46.0375 2912 PCANDIS5 - ok
    23:41:46.0390 2912 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:41:46.0390 2912 PCI - ok
    23:41:46.0390 2912 PCIDump - ok
    23:41:46.0421 2912 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:41:46.0421 2912 PCIIde - ok
    23:41:46.0468 2912 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
    23:41:46.0468 2912 PCLEPCI - ok
    23:41:46.0484 2912 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:41:46.0484 2912 Pcmcia - ok
    23:41:46.0500 2912 PDCOMP - ok
    23:41:46.0515 2912 PDFRAME - ok
    23:41:46.0531 2912 PDRELI - ok
    23:41:46.0546 2912 PDRFRAME - ok
    23:41:46.0546 2912 perc2 - ok
    23:41:46.0562 2912 perc2hib - ok
    23:41:46.0625 2912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:41:46.0625 2912 PptpMiniport - ok
    23:41:46.0687 2912 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:41:46.0687 2912 Processor - ok
    23:41:46.0703 2912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:41:46.0703 2912 PSched - ok
    23:41:46.0734 2912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:41:46.0734 2912 Ptilink - ok
    23:41:46.0765 2912 ql1080 - ok
    23:41:46.0765 2912 Ql10wnt - ok
    23:41:46.0781 2912 ql12160 - ok
    23:41:46.0781 2912 ql1240 - ok
    23:41:46.0796 2912 ql1280 - ok
    23:41:46.0828 2912 raddrvv3 (bfadb3f81e4e8ab07bca46f2882989da) C:\WINDOWS\system32\rserver30\raddrvv3.sys
    23:41:46.0843 2912 raddrvv3 - ok
    23:41:46.0843 2912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:41:46.0843 2912 RasAcd - ok
    23:41:46.0875 2912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:41:46.0875 2912 Rasl2tp - ok
    23:41:46.0890 2912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:41:46.0890 2912 RasPppoe - ok
    23:41:46.0906 2912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:41:46.0906 2912 Raspti - ok
    23:41:46.0968 2912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:41:46.0968 2912 Rdbss - ok
    23:41:46.0984 2912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:41:47.0000 2912 RDPCDD - ok
    23:41:47.0031 2912 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:41:47.0046 2912 RDPWD - ok
    23:41:47.0062 2912 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:41:47.0078 2912 redbook - ok
    23:41:47.0171 2912 RTL8023xp (6dbd011d47ebd394a5ea7843b8afa7ea) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    23:41:47.0171 2912 RTL8023xp - ok
    23:41:47.0234 2912 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    23:41:47.0234 2912 rtl8139 - ok
    23:41:47.0296 2912 RTLE8023xp (3400495f5b219d5153c770a95499579c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    23:41:47.0296 2912 RTLE8023xp - ok
    23:41:47.0437 2912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:41:47.0437 2912 Secdrv - ok
    23:41:47.0484 2912 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:41:47.0484 2912 serenum - ok
    23:41:47.0515 2912 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:41:47.0515 2912 Serial - ok
    23:41:47.0578 2912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:41:47.0578 2912 Sfloppy - ok
    23:41:47.0640 2912 SG762_XP (478b4415dfb3a45b6fe61ec781e07d7b) C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
    23:41:47.0656 2912 SG762_XP - ok
    23:41:47.0671 2912 Simbad - ok
    23:41:47.0734 2912 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:41:47.0734 2912 SLIP - ok
    23:41:47.0750 2912 Sparrow - ok
    23:41:47.0812 2912 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    23:41:47.0828 2912 speedfan - ok
    23:41:47.0843 2912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:41:47.0843 2912 splitter - ok
    23:41:47.0859 2912 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:41:47.0859 2912 sr - ok
    23:41:47.0890 2912 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:41:47.0921 2912 Srv - ok
    23:41:47.0953 2912 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:41:47.0953 2912 streamip - ok
    23:41:48.0015 2912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:41:48.0015 2912 swenum - ok
    23:41:48.0031 2912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:41:48.0031 2912 swmidi - ok
    23:41:48.0046 2912 symc810 - ok
    23:41:48.0062 2912 symc8xx - ok
    23:41:48.0093 2912 sym_hi - ok
    23:41:48.0093 2912 sym_u3 - ok
    23:41:48.0156 2912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:41:48.0156 2912 sysaudio - ok
    23:41:48.0187 2912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:41:48.0187 2912 Tcpip - ok
    23:41:48.0218 2912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:41:48.0218 2912 TDPIPE - ok
    23:41:48.0234 2912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:41:48.0234 2912 TDTCP - ok
    23:41:48.0250 2912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:41:48.0265 2912 TermDD - ok
    23:41:48.0296 2912 TosIde - ok
    23:41:48.0390 2912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:41:48.0390 2912 Udfs - ok
    23:41:48.0406 2912 ultra - ok
    23:41:48.0453 2912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:41:48.0453 2912 Update - ok
    23:41:48.0484 2912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:41:48.0484 2912 usbccgp - ok
    23:41:48.0531 2912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:41:48.0531 2912 usbehci - ok
    23:41:48.0593 2912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:41:48.0593 2912 usbhub - ok
    23:41:48.0656 2912 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:41:48.0671 2912 usbohci - ok
    23:41:48.0703 2912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:41:48.0703 2912 usbprint - ok
    23:41:48.0734 2912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:41:48.0734 2912 usbscan - ok
    23:41:48.0750 2912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:41:48.0750 2912 USBSTOR - ok
    23:41:48.0828 2912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:41:48.0828 2912 VgaSave - ok
    23:41:48.0859 2912 ViaIde - ok
    23:41:48.0890 2912 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:41:48.0906 2912 VolSnap - ok
    23:41:48.0937 2912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:41:48.0937 2912 Wanarp - ok
    23:41:48.0953 2912 WDICA - ok
    23:41:49.0000 2912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:41:49.0015 2912 wdmaud - ok
    23:41:49.0140 2912 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:41:49.0140 2912 WSTCODEC - ok
    23:41:49.0156 2912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:41:49.0156 2912 WudfPf - ok
    23:41:49.0187 2912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:41:49.0187 2912 WudfRd - ok
    23:41:49.0203 2912 ZDCndis5 - ok
    23:41:49.0250 2912 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
    23:41:49.0250 2912 ZDPSp50 - ok
    23:41:49.0312 2912 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    23:41:49.0468 2912 \Device\Harddisk0\DR0 - ok
    23:41:49.0484 2912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR6
    23:41:49.0718 2912 \Device\Harddisk5\DR6 - ok
    23:41:49.0718 2912 Boot (0x1200) (976bbb25b46b842757750c3ac7825dbd) \Device\Harddisk0\DR0\Partition0
    23:41:49.0718 2912 \Device\Harddisk0\DR0\Partition0 - ok
    23:41:49.0734 2912 Boot (0x1200) (1baf50819c3ee4b97c0ed3380ee5967a) \Device\Harddisk5\DR6\Partition0
    23:41:49.0734 2912 \Device\Harddisk5\DR6\Partition0 - ok
    23:41:49.0734 2912 ============================================================
    23:41:49.0734 2912 Scan finished
    23:41:49.0734 2912 ============================================================
    23:41:49.0750 4584 Detected object count: 0
    23:41:49.0750 4584 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Combofix log

    I ran combofix, below the log. For your information, at the last reboot Combofix stated that I should approve a reboot by Combofix, but there didn't came up anything to confirm. Since I had no other option, I had to manually restart the pc (I think this situation may resulted because not everything was completely booted after the first reboot by Combofix when it found a rootkit - for example there was not ready a taskbar shown).

    I trust you inform me when I can reinstall AVG?

    ===========================================

    ComboFix 12-03-06.01 - user 07-03-2012 8:32.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1919.1531 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\config.Bin
    c:\documents and settings\user\WINDOWS
    c:\windows\$NtUninstallKB22540$\2881797448
    c:\windows\$NtUninstallKB22540$\3428815955\@
    c:\windows\$NtUninstallKB22540$\3428815955\bckfg.tmp
    c:\windows\$NtUninstallKB22540$\3428815955\cfg.ini
    c:\windows\$NtUninstallKB22540$\3428815955\Desktop.ini
    c:\windows\$NtUninstallKB22540$\3428815955\kwrd.dll
    c:\windows\$NtUninstallKB22540$\3428815955\L\gvkvicoc
    c:\windows\$NtUninstallKB22540$\3428815955\twl.dll
    c:\windows\$NtUninstallKB22540$\3428815955\U\00000001.@
    c:\windows\$NtUninstallKB22540$\3428815955\U\00000002.@
    c:\windows\$NtUninstallKB22540$\3428815955\U\00000004.@
    c:\windows\$NtUninstallKB22540$\3428815955\U\80000000.@
    c:\windows\$NtUninstallKB22540$\3428815955\U\80000004.@
    c:\windows\$NtUninstallKB22540$\3428815955\U\80000032.@
    c:\windows\$NtUninstallKB22540$\3428815955\version
    c:\windows\IsUn0413.exe
    c:\windows\iun6002.exe
    c:\windows\system32\alcan5wn.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Nagasoft
    c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
    c:\windows\system32\Nagasoft\Codecs\atrc.dll
    c:\windows\system32\Nagasoft\Codecs\cook.dll
    c:\windows\system32\Nagasoft\Codecs\drvc.dll
    c:\windows\system32\Nagasoft\Codecs\msvcr71.dll
    c:\windows\system32\Nagasoft\Codecs\raac.dll
    c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
    c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
    c:\windows\system32\Nagasoft\GifShower.dll
    c:\windows\system32\Nagasoft\Uninstall.exe
    c:\windows\system32\Nagasoft\vjocx.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\se2Bnd5.dll
    c:\windows\system32\SET8E.tmp
    c:\windows\system32\SET9A.tmp
    c:\windows\system32\SETE1.tmp
    c:\windows\system32\SETE6.tmp
    c:\windows\system32\wpcap.dll
    .
    Besmet exemplaar van c:\windows\system32\drivers\cdrom.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - The cat found it :)
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AMSERVICE
    -------\Legacy_FRAMEWORK
    -------\Legacy_MI-RAYSAT_3DSMAX8
    -------\Legacy_NPF
    -------\Service_AMService
    -------\Service_framework
    -------\Service_mi-raysat_3dsmax8
    -------\Service_NPF
    -------\Legacy_ltxred
    -------\Legacy_vvdsvc
    -------\Legacy_vvdsvc
    -------\Service_ltxred
    -------\Service_vvdsvc
    -------\Service_vvdsvc
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-07 07:28 . 2008-04-13 22:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-03-04 14:52 . 2012-03-04 14:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-03-01 21:26 . 2012-03-01 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-01 21:26 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-29 21:24 . 2012-02-29 21:24 -------- d-----w- c:\program files\ESET
    2012-02-21 18:54 . 2012-02-21 18:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2012-02-20 22:22 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2012-02-20 22:19 . 2012-02-20 22:20 -------- dc-h--w- c:\windows\ie8
    2012-02-14 18:50 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-14 18:50 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-07 07:21 . 2012-02-05 14:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-05 12:45 . 2011-05-16 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-22 19:36 . 2008-01-30 10:22 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2012-01-22 10:53 . 2005-03-31 17:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2012-01-12 17:20 . 2005-03-31 17:55 1860096 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:42 . 2005-03-31 17:55 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:42 . 2005-03-31 17:55 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:42 . 2005-03-31 17:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:23 . 2005-03-31 17:55 385024 ------w- c:\windows\system32\html.iec
    2010-03-10 23:01 . 2010-03-10 23:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-03-10 23:40 . 2010-03-10 23:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-03-10 23:02 . 2010-03-10 23:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-03-10 23:01 . 2010-03-10 23:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-03-10 23:01 . 2010-03-10 23:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-03-10 23:00 . 2010-03-10 23:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-03-10 23:01 . 2010-03-10 23:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-03-10 23:01 . 2010-03-10 23:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-10-05 12:49 . 2009-10-05 12:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-03-10 23:02 . 2010-03-10 23:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-05-07 1280000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
    "Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
    "LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 282624]
    "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2011-4-6 925696]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "d:\\D-schijf\\Games\\World Series of Poker TOC\\WSOPTOC.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "c:\\Program Files\\ABC\\abc.exe"=
    "c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
    "c:\\Program Files\\Audiograbber\\audiograbber.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Maple 8\\bin.win\\mserver.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Samsung PC Share Manager\\WiselinkPro.exe"=
    "c:\\Program Files\\Samsung PC Share Manager\\http_ss_win_pro.exe"=
    "d:\\D-schijf\\Games\\Commandos, Behind Enemy Lines\\mpserver.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Cerberus\\Cerberus.exe"=
    "c:\\Program Files\\FTP Explorer\\ftpx.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
    "%windir%\explorer.exe"= %windir%\explorer.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4899:TCP"= 4899:TCP:Remote Administrator
    "21:TCP"= 21:TCP:FTP
    "2121:TCP"= 2121:TCP:FTP 2121
    "1179:UDP"= 1179:UDP:Windows Media Format SDK (sidebar.exe)
    "1178:UDP"= 1178:UDP:Windows Media Format SDK (sidebar.exe)
    .
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [5-10-2009 10:08 65584]
    R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2-2-2007 13:54 41176]
    R2 Cerberus FTP Server;Cerberus FTP Server;c:\program files\Cerberus\Cerberus.exe -Service --> c:\program files\Cerberus\Cerberus.exe -Service [?]
    R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2-2-2007 13:35 1235032]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8-10-2004 15:58 751104]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [6-4-2011 9:11 402432]
    S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [17-5-2009 5:16 41984]
    S2 gupdate;Google Updateservice (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung PC Share Manager\WiselinkPro.exe [16-7-2010 16:23 6638080]
    S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    HPFXBULK
    vaiomediaplatform-photoserver-appserver
    regsrvc
    backupexecalertserver
    jtagserver
    SE2Bmdm
    tapeware
    symwsc
    s125obex
    NvNdis
    FVNETusb
    AtcL002
    mksupdateint
    mfebopk
    w200obex
    mmc_2K
    viagfx
    ELhid
    se59unic
    avidsdmservice
    SaiClass
    GoBack2K
    BrPar
    ql2100
    rimmptsk
    winpower
    ose
    WaveEnrollmentService
    SE2Cobex
    wmccds
    pmshellsrv
    symids
    mvserver
    rtl8029
    vncmirror
    MRENDIS5
    tphkdrv
    inspect
    ccpwdsvc
    nocashio
    SE27mdfl
    viaagp1
    sbhooksvc
    NWSAP
    clsched
    gusvc
    btfirst
    se45obex
    bcftdi
    blueletscoaudio
    MSW_USB
    SaiH040B
    Defrag32b
    ilicensesvc
    ssdiagn
    nvax
    isdrv120
    cidaemon
    F700iob
    tsircsrv
    wacomvhid
    AVerBDA
    SbcpHid
    k750mdfl
    yats32
    logonsvcid
    EACSys
    w550bus
    starwindserviceae
    awhost32
    adpu320
    ZSMC211
    clnt_clientman
    taphss
    aamqdispatcher
    SE2Dmgmt
    int15
    radclock
    FETNDIS
    adaptecstoragemanageragent
    iaimfp4
    digictrl
    amdk77
    sermouse
    dot4print
    w300bus
    lxdj_device
    iviregmgr
    netwg311
    w810obex
    pdlncbas
    k750mdm
    rimusb
    traprcvr
    ZTEusbmdm6k
    IntuitUpdateService
    nmservice
    HBtnKey
    eamon
    WmUsbHid
    EPSON_EB_RPCV4_01
    QWAVE
    mlkkbdntdriver
    aolavupd
    aswlsvc
    cercsr6
    lvprcsrv
    PGPwded
    RVIEG01
    bc_pat_f
    idebusdr
    dvpapi
    carboniteservice
    ntgrip
    wg6n
    {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
    avg7updsvc
    CnxTrUsb
    marvinbus
    psadd
    NETw5x32
    stunnel
    Slpsvdr
    p1110vid
    fallback
    admjoy
    dlcf_device
    TryAndDecideService
    fa_scheduler
    uhcd
    MobilePreInstallerService
    mrvw245
    ec2007service
    WNCPKT
    mcafeeantispyware
    belgium_id_card_service
    btwaudio
    MA_CMIDI
    avcgbdr
    PCISys
    usnsvc
    trackcam4
    CVirtA
    ofcpfwsvc
    botcbs
    viamraid
    WLAN_USB
    PTDCMdm
    tphdexlgsvc
    p17xfilt
    MRESP50
    omsad
    atitunep
    Hotkey
    anio
    dlacdbhm
    USBVCD
    SetupNT
    CTDevice_Srv
    RTHDMIAzAudService
    hsvcmod
    mi-raysat_3dsMax2008_32
    s116unic
    pinnaclemarvinusb
    ixiaendpoint
    USBCamera
    oracleorahomemanagementserver
    ctprxy2k
    bc_ip_f
    konfig
    S7oppilx
    WavxDMgr
    pelmouse
    rpskt
    BcmSqlStartupSvc
    pwd_2K
    avupdsvc
    igateway
    cdrbsdrv
    papycpu2
    oraclexeclragent
    GTWModem
    CXTUNE
    sthda
    A88xTuner
    pinetmgr
    bdpredir
    ltxred
    MegaSR
    iaantmon
    aswtdi
    pgsql-8.0
    UCTblHid
    alertservice
    ShockMgr
    vmx86
    lwwlicenseservice
    se58mdm
    b57w2k
    SymIM
    pdengine
    merakpop3
    sndsrvc
    bwcsrv
    defragfs
    cvsnt
    WD_FireWire_HID
    SE27mgmt
    sonicstagemonitoring
    SSFS0BB9
    cpqdfw
    streamloadservice
    Wdf01000
    mcnasvc
    superproserver
    webfilter
    IWCA
    HWSCtrl
    alcaudsl
    us30sys
    npkcsvc
    hidbatt
    ftpqueue
    nimxdfk
    olregcap
    ATMsg
    mgisvr
    REVOSENS
    enethusb
    SilverLink
    ISODrive
    ONSIO
    webrootspysweeperservice
    s217unic
    p3
    DCamUSBSQTECH
    CYGF32X
    websenseclientdeployservice
    PID_08A0
    SunkFilt39
    qmofiltr
    CTHWIUT.DLL
    raysatxsi5_0server
    aeaudio
    rkhdrv31
    DSI_SiUSBXp_3_1
    fingrd32
    s125bus
    cfosspeed
    cpqnicmgmt
    amoagent
    vmkbd2
    ypcservice
    zpsc
    cmudau
    basic2
    ssm_bus
    nlsvc
    backupexecdevicemediaservice
    nsausvc
    tvichw32
    v2imount
    backupexecnamingservice
    MTDVC2_ENUM
    imagesrv
    RivaTuner32
    ssscsisv
    rismxdp
    trufos
    lktimesync
    snoopfree
    scanexplicit
    ireike
    qcmerced
    oracle_load_balancer_60_client-forms6i
    s616nd5
    mwsejcap
    procexp90
    U2SP
    sonywbms
    WmiAcpi
    NCPro
    mcupdmgr.exe
    DfwWebAgent
    SQLAgent$MICROSOFTSMLBIZ
    mcsysmon
    dladresn
    se58nd5
    hsxhwazl
    USBMN1X1
    vpcnets2
    btwdndis
    MRV6X32P
    tosrfnds
    transbaseservice
    s116obex
    AsusACPI
    naveng
    forcewarewebinterface
    fuj02b1
    upperdev
    pptchpad
    zntport
    hsf_msft
    mssql$microsoftbcm
    Maplom
    s117unic
    WINFLASH
    KMWDFilter
    tdimsys
    ctxcpuusync
    revudfservice
    EpmPsd
    cpntsrv
    CSRBC
    PAC7302
    DCamUSBGrandTek
    WmVirHid
    qconsvc
    ati2mtaa
    mcdbus
    vwlogger
    bdselfpr
    nvnetbus
    servicelayer
    tpsrv
    minilog
    ndasbus
    McciCMService
    sqlagent$sony_mediamgr
    EL2000
    asmagent
    cwcspud
    BrUsbSer
    sfhlp01
    naimagent32
    vcsw
    noipducservice
    psasrv
    iaimtv3
    avg7core
    ClntMgmt.sys
    mrpostman
    emu10k1
    w550mdfl
    cwafadmincontroller
    ha20x2k
    FontCache3.0.0.0.
    tosrfbd
    autocomplete
    msmframework
    websenseusagemonitor
    AdfuUd
    usb20l
    symantecantibotwatcher
    pnmsrv
    emupia
    Sk99202k
    mpfirewl
    gmer
    zebrsce
    bwmservice
    hcf_msft
    avg7rsw
    AFGSp50
    omnidrv
    pdlndsdl
    dcsloader
    govsrv
    LMIRfsDriver
    omniserv
    PGPdisk
    SE2Dbus
    SfCtlCom
    ca-messagequeuing
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006Core.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 14:13]
    .
    2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006UA.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 14:13]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.hotmail.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Trusted Zone: enschede.nl\ienoportal
    Trusted Zone: enschede.nl\portal
    Trusted Zone: enschede.nl\webmail
    Trusted Zone: localhost
    TCP: Interfaces\{52503A0F-5C0B-42B1-B77D-EFE140159F74}: NameServer = 192.168.1.1
    TCP: Interfaces\{A80290E0-1513-4894-83AE-BAB9896987DB}: NameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    SafeBoot-67199368.sys
    MSConfigStartUp-lphccg8j0ej6p - c:\windows\system32\lphccg8j0ej6p.exe
    AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe
    AddRemove-ComandoDeinstKey - c:\games\Commandos
    AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
    AddRemove-Feurio - c:\program files\Feurio!\Feurio_Uninstall.exe
    AddRemove-JPsEffects - c:\program files\Pinnacle\Studio 9\Plugins\JPsEffects\uninstall_9.exe
    AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
    AddRemove-SPVOD Player1.8 - c:\windows\system32\Nagasoft\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-07 08:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    .
    c:\windows\$NtUninstallKB22540$:SummaryInformation 0 bytes hidden from API
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(944)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3996)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\ftpxext.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cerberus\Cerberus.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rserver30\FamItrfc.Exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Lexmark 3100 Series\lxbrbmon.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\Citrix\ICA Client\wfcrun32.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\RapidBIT\cidaemon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-03-07 09:02:35 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-03-07 08:02
    .
    Pre-Run: 148.798.455.808 bytes beschikbaar
    Post-Run: 153.039.630.336 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 138C7C98A07DE7AD756499FEE01997F5
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    How is computer doing?

    Reinstall AVG and see if it'll complain about anything.

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    serial.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Good to hear it looks good. So far no complaints, everythings seems to work as it should be. I'm now reinstalling AVG. I'll get back to you after that, to tell you how that works out and then proceed to OTL.
     
  11. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    AVG reinstall

    After reinstalling AVG I ran a full computer scan and an anti-rootkit scan. The latter didn't turn up anything, but on the full computer scan it came up with an infection of the c:\windows\system32\drivers\serial.sys. I've copied the scanresult and put it here below (between []-brackets I've put a translation to english of the dutch messages).

    Can I still proceed to the OTL-step as you instructed above? Or maybe should I perform something else first?

    Besides this, everything still seems to work okay and no problems encountered yet. Also so far no new AVG detections of the original problem (but I realize it might be far to early to jump to any conclusion)

    ==============================================
    Infections:

    "";"C:\WINDOWS\system32\DRIVERS\serial.sys";"Trojan horse PSW.Agent.ASTO";"Object staat op de witte lijst [Object is on white list] (systeemkritisch bestand/systeembestand dat niet verwijderd moet worden) [systemcritical file that cannot be removed]"
    "";"C:\WINDOWS\system32\drivers\serial.sys";"Trojan horse PSW.Agent.ASTO";"Object staat op de witte lijst [Object is on white list] (systeemkritisch bestand/systeembestand dat niet verwijderd moet worden) [systemcritical file that cannot be removed]"

    Warnings:
    "";"HKLM\SYSTEM\CurrentControlSet\services\Serial";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand [Registerkey found directing to infected file] C:\WINDOWS\system32\DRIVERS\serial.sys";"Verplaatst naar de quarantaine" [Moved to quarantaine]
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll check on that file.
    I adjusted OTL script so you can run it now.
     
  13. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Thanks, I've seen the modification at the end. I'll run it tomorrow (it's almost 12 a.m. here now)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  15. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    OTL.txt - part 1

    OTL logfile created on: 8-3-2012 20:07:01 - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\user\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,87 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 70,86% Memory free
    3,72 Gb Paging File | 3,18 Gb Available in Paging File | 85,48% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 142,06 Gb Free Space | 30,50% Space Free | Partition Type: NTFS
    Drive D: | 225,07 Gb Total Space | 31,05 Gb Free Space | 13,80% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-03-07 21:07:25 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    PRC - [2012-03-07 20:36:39 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011-10-10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011-09-08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011-08-15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011-02-05 21:19:13 | 000,494,592 | --S- | M] (BitMicro Software Corporation) -- C:\Program Files\RapidBIT\cidaemon.exe
    PRC - [2010-03-11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010-03-11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-02-02 14:40:20 | 000,100,504 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    PRC - [2007-02-02 14:35:06 | 001,235,032 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\rserver3.exe
    PRC - [2006-01-19 15:54:34 | 000,925,696 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
    PRC - [2004-09-22 22:17:18 | 000,815,104 | ---- | M] (Grant Averett) -- C:\Program Files\Cerberus\Cerberus.exe
    PRC - [2003-09-04 03:30:52 | 000,106,496 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    PRC - [2003-09-04 03:11:50 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    PRC - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-03-07 20:36:39 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    MOD - [2012-02-15 09:05:18 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
    MOD - [2012-02-15 09:05:03 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
    MOD - [2012-02-15 09:04:12 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
    MOD - [2012-02-15 09:03:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    MOD - [2012-02-15 09:01:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    MOD - [2012-02-15 09:01:49 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    MOD - [2012-02-15 09:01:37 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    MOD - [2012-02-15 09:01:22 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
    MOD - [2012-02-15 08:59:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    MOD - [2012-02-14 23:22:18 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012-02-14 23:22:14 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2012-02-14 23:22:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2011-10-14 02:08:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2010-02-17 19:57:19 | 000,022,016 | ---- | M] () -- C:\WINDOWS\system32\rserver30\R3GOD.DLL
    MOD - [2008-03-23 00:01:42 | 000,026,576 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vshell32.dll
    MOD - [2008-03-23 00:01:40 | 000,040,400 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuser32.dll
    MOD - [2008-03-23 00:01:40 | 000,011,216 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuxtheme.dll
    MOD - [2008-03-23 00:01:36 | 000,082,384 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vntdll.dll
    MOD - [2008-03-23 00:01:36 | 000,058,320 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vkernel32.dll
    MOD - [2008-03-23 00:01:34 | 000,019,920 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vmsvcrt.dll
    MOD - [2008-03-23 00:01:32 | 000,046,032 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vadvapi32.dll
    MOD - [2008-03-23 00:01:30 | 000,047,056 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vgdiplus.dll
    MOD - [2008-03-23 00:01:30 | 000,008,144 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vdwmapi.dll
    MOD - [2008-03-23 00:00:36 | 000,096,208 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vcomctl32.dll
    MOD - [2008-01-30 11:19:30 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2635.38726__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2635.38926__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2635.38683__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2635.38740__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2635.38956__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2635.38945__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2635.38717__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2635.38739__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2635.38702__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2635.38839__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2635.38985__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:29 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2635.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2635.38991__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2635.38733__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2635.38918__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:29 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2635.38697__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2635.38911__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2635.38902__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2635.38732__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,913,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2635.38951__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2635.38850__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2635.38906__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2635.38754__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2635.38842__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2635.38704__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2635.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:28 | 000,319,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2635.38834__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2635.38747__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2635.38870__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2635.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2635.38846__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2635.38846__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2635.38759__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2635.38869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2635.38888__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2613.19911__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2613.19938__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2613.19938__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2613.19946__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008-01-30 11:19:27 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2613.19937__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2613.19903__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2613.19914__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2613.19936__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2613.19946__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2613.19936__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2635.39013__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008-01-30 11:19:27 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2613.19902__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2613.19973__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2613.19924__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2613.19906__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2613.19923__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2613.19922__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2613.19937__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2613.19902__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2613.19937__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2613.19921__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2613.19911__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2613.19910__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2613.19931__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2613.19921__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2613.19938__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2613.19934__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2613.19924__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2613.19916__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008-01-30 11:19:26 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2635.38712__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008-01-30 11:19:26 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2635.38969__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008-01-30 11:19:26 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2635.38682__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008-01-30 11:19:26 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2635.38968__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008-01-30 11:19:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2613.19921__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2613.19906__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2613.19944__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2613.19922__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2613.19908__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2613.19916__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2635.38692__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008-01-30 11:19:25 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2635.38682__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008-01-30 11:19:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2635.38680__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008-01-30 11:19:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2613.19912__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008-01-30 11:19:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2613.19938__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2635.38969__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2006-01-18 13:09:40 | 000,045,056 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\ZDWlan.dll
    MOD - [2006-01-18 13:09:36 | 000,212,992 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\dot1x_dll.dll
    MOD - [2003-09-04 03:11:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\mcrdchkr.dll
    MOD - [2003-09-04 03:11:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\regutil.dll
    MOD - [2003-07-29 10:45:10 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL
    MOD - [2003-06-23 10:01:48 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\ConvDIB.dll
    MOD - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ZTEusbmdm6k)
    SRV - File not found [Auto | Stopped] -- -- (ZSMC211)
    SRV - File not found [Auto | Stopped] -- -- (zpsc)
    SRV - File not found [Auto | Stopped] -- -- (zntport)
    SRV - File not found [Auto | Stopped] -- -- (zebrsce)
    SRV - File not found [Auto | Stopped] -- -- (ypcservice)
    SRV - File not found [Auto | Stopped] -- -- (yats32)
    SRV - File not found [Auto | Stopped] -- -- (WNCPKT)
    SRV - File not found [Auto | Stopped] -- -- (WmVirHid)
    SRV - File not found [Auto | Stopped] -- -- (WmUsbHid)
    SRV - File not found [Auto | Stopped] -- -- (WmiAcpi)
    SRV - File not found [Auto | Stopped] -- -- (wmccds)
    SRV - File not found [Auto | Stopped] -- -- (WLAN_USB)
    SRV - File not found [Auto | Stopped] -- -- (winpower)
    SRV - File not found [Auto | Stopped] -- -- (WINFLASH)
    SRV - File not found [Auto | Stopped] -- -- (wg6n)
    SRV - File not found [Auto | Stopped] -- -- (websenseusagemonitor)
    SRV - File not found [Auto | Stopped] -- -- (websenseclientdeployservice)
    SRV - File not found [Auto | Stopped] -- -- (webrootspysweeperservice)
    SRV - File not found [Auto | Stopped] -- -- (webfilter)
    SRV - File not found [Auto | Stopped] -- -- (Wdf01000)
    SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
    SRV - File not found [Auto | Stopped] -- -- (WavxDMgr)
    SRV - File not found [Auto | Stopped] -- -- (WaveEnrollmentService)
    SRV - File not found [Auto | Stopped] -- -- (wacomvhid)
    SRV - File not found [Auto | Stopped] -- -- (w810obex)
    SRV - File not found [Auto | Stopped] -- -- (w550mdfl)
    SRV - File not found [Auto | Stopped] -- -- (w550bus)
    SRV - File not found [Auto | Stopped] -- -- (w300bus)
    SRV - File not found [Auto | Stopped] -- -- (w200obex)
    SRV - File not found [Auto | Stopped] -- -- (vwlogger)
    SRV - File not found [Auto | Stopped] -- -- (vpcnets2)
    SRV - File not found [Auto | Stopped] -- -- (vncmirror)
    SRV - File not found [Auto | Stopped] -- -- (vmx86)
    SRV - File not found [Auto | Stopped] -- -- (vmkbd2)
    SRV - File not found [Auto | Stopped] -- -- (viamraid)
    SRV - File not found [Auto | Stopped] -- -- (viagfx)
    SRV - File not found [Auto | Stopped] -- -- (viaagp1)
    SRV - File not found [Auto | Stopped] -- -- (vcsw)
    SRV - File not found [Auto | Stopped] -- -- (vaiomediaplatform-photoserver-appserver)
    SRV - File not found [Auto | Stopped] -- -- (v2imount)
    SRV - File not found [Auto | Stopped] -- -- (usnsvc)
    SRV - File not found [Auto | Stopped] -- -- (USBVCD)
    SRV - File not found [Auto | Stopped] -- -- (USBMN1X1)
    SRV - File not found [Auto | Stopped] -- -- (USBCamera)
    SRV - File not found [Auto | Stopped] -- -- (usb20l)
    SRV - File not found [Auto | Stopped] -- -- (us30sys)
    SRV - File not found [Auto | Stopped] -- -- (upperdev)
    SRV - File not found [Auto | Stopped] -- -- (uhcd)
    SRV - File not found [Auto | Stopped] -- -- (UCTblHid)
    SRV - File not found [Auto | Stopped] -- -- (U2SP)
    SRV - File not found [Auto | Stopped] -- -- (tvichw32)
    SRV - File not found [Auto | Stopped] -- -- (tsircsrv)
    SRV - File not found [Auto | Stopped] -- -- (TryAndDecideService)
    SRV - File not found [Auto | Stopped] -- -- (trufos)
    SRV - File not found [Auto | Stopped] -- -- (traprcvr)
    SRV - File not found [Auto | Stopped] -- -- (transbaseservice)
    SRV - File not found [Auto | Stopped] -- -- (trackcam4)
    SRV - File not found [Auto | Stopped] -- -- (tpsrv)
    SRV - File not found [Auto | Stopped] -- -- (tphkdrv)
    SRV - File not found [Auto | Stopped] -- -- (tphdexlgsvc)
    SRV - File not found [Auto | Stopped] -- -- (tosrfnds)
    SRV - File not found [Auto | Stopped] -- -- (tosrfbd)
    SRV - File not found [Auto | Stopped] -- -- (tdimsys)
    SRV - File not found [Auto | Stopped] -- -- (taphss)
    SRV - File not found [Auto | Stopped] -- -- (tapeware)
    SRV - File not found [Auto | Stopped] -- -- (symwsc)
    SRV - File not found [Auto | Stopped] -- -- (SymIM)
    SRV - File not found [Auto | Stopped] -- -- (symids)
    SRV - File not found [Auto | Stopped] -- -- (symantecantibotwatcher)
    SRV - File not found [Auto | Stopped] -- -- (superproserver)
    SRV - File not found [Auto | Stopped] -- -- (SunkFilt39)
    SRV - File not found [Auto | Stopped] -- -- (stunnel)
    SRV - File not found [Auto | Stopped] -- -- (streamloadservice)
    SRV - File not found [Auto | Stopped] -- -- (sthda)
    SRV - File not found [Auto | Stopped] -- -- (starwindserviceae)
    SRV - File not found [Auto | Stopped] -- -- (ssscsisv)
    SRV - File not found [Auto | Stopped] -- -- (ssm_bus)
    SRV - File not found [Auto | Stopped] -- -- (SSFS0BB9)
    SRV - File not found [Auto | Stopped] -- -- (ssdiagn)
    SRV - File not found [Auto | Stopped] -- -- (sqlagent$sony_mediamgr)
    SRV - File not found [Auto | Stopped] -- -- (SQLAgent$MICROSOFTSMLBIZ)
    SRV - File not found [Auto | Stopped] -- -- (sonywbms)
    SRV - File not found [Auto | Stopped] -- -- (sonicstagemonitoring)
    SRV - File not found [Auto | Stopped] -- -- (snoopfree)
    SRV - File not found [Auto | Stopped] -- -- (sndsrvc)
    SRV - File not found [Auto | Stopped] -- -- (Slpsvdr)
    SRV - File not found [Auto | Stopped] -- -- (Sk99202k)
    SRV - File not found [Auto | Stopped] -- -- (SilverLink)
    SRV - File not found [Auto | Stopped] -- -- (ShockMgr)
    SRV - File not found [Auto | Stopped] -- -- (sfhlp01)
    SRV - File not found [Auto | Stopped] -- -- (SfCtlCom)
    SRV - File not found [Auto | Stopped] -- -- (SetupNT)
    SRV - File not found [Auto | Stopped] -- -- (servicelayer)
    SRV - File not found [Auto | Stopped] -- -- (sermouse)
    SRV - File not found [Auto | Stopped] -- -- (se59unic)
    SRV - File not found [Auto | Stopped] -- -- (se58nd5)
    SRV - File not found [Auto | Stopped] -- -- (se58mdm)
    SRV - File not found [Auto | Stopped] -- -- (se45obex)
    SRV - File not found [Auto | Stopped] -- -- (SE2Dmgmt)
    SRV - File not found [Auto | Stopped] -- -- (SE2Dbus)
    SRV - File not found [Auto | Stopped] -- -- (SE2Cobex)
    SRV - File not found [Auto | Stopped] -- -- (SE2Bmdm)
    SRV - File not found [Auto | Stopped] -- -- (SE27mgmt)
    SRV - File not found [Auto | Stopped] -- -- (SE27mdfl)
    SRV - File not found [Auto | Stopped] -- -- (scanexplicit)
    SRV - File not found [Auto | Stopped] -- -- (sbhooksvc)
    SRV - File not found [Auto | Stopped] -- -- (SbcpHid)
    SRV - File not found [Auto | Stopped] -- -- (SaiH040B)
    SRV - File not found [Auto | Stopped] -- -- (SaiClass)
    SRV - File not found [Auto | Stopped] -- -- (S7oppilx)
    SRV - File not found [Auto | Stopped] -- -- (s616nd5)
    SRV - File not found [Auto | Stopped] -- -- (s217unic)
    SRV - File not found [Auto | Stopped] -- -- (s125obex)
    SRV - File not found [Auto | Stopped] -- -- (s125bus)
    SRV - File not found [Auto | Stopped] -- -- (s117unic)
    SRV - File not found [Auto | Stopped] -- -- (s116unic)
    SRV - File not found [Auto | Stopped] -- -- (s116obex)
    SRV - File not found [Auto | Stopped] -- -- (RVIEG01)
    SRV - File not found [Auto | Stopped] -- -- (rtl8029)
    SRV - File not found [Auto | Stopped] -- -- (RTHDMIAzAudService)
    SRV - File not found [Auto | Stopped] -- -- (rpskt)
    SRV - File not found [Auto | Stopped] -- -- (rkhdrv31)
    SRV - File not found [Auto | Stopped] -- -- (RivaTuner32)
    SRV - File not found [Auto | Stopped] -- -- (rismxdp)
    SRV - File not found [Auto | Stopped] -- -- (rimusb)
    SRV - File not found [Auto | Stopped] -- -- (rimmptsk)
    SRV - File not found [Auto | Stopped] -- -- (revudfservice)
    SRV - File not found [Auto | Stopped] -- -- (REVOSENS)
    SRV - File not found [Auto | Stopped] -- -- (regsrvc)
    SRV - File not found [Auto | Stopped] -- -- (raysatxsi5_0server)
    SRV - File not found [Auto | Stopped] -- -- (radclock)
    SRV - File not found [Auto | Stopped] -- -- (QWAVE)
    SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
    SRV - File not found [Auto | Stopped] -- -- (ql2100)
    SRV - File not found [Auto | Stopped] -- -- (qconsvc)
    SRV - File not found [Auto | Stopped] -- -- (qcmerced)
    SRV - File not found [Auto | Stopped] -- -- (pwd_2K)
    SRV - File not found [Auto | Stopped] -- -- (PTDCMdm)
    SRV - File not found [Auto | Stopped] -- -- (psasrv)
    SRV - File not found [Auto | Stopped] -- -- (psadd)
    SRV - File not found [Auto | Stopped] -- -- (procexp90)
    SRV - File not found [Auto | Stopped] -- -- (pptchpad)
    SRV - File not found [Auto | Stopped] -- -- (pnmsrv)
    SRV - File not found [Auto | Stopped] -- -- (pmshellsrv)
    SRV - File not found [Auto | Stopped] -- -- (pinnaclemarvinusb)
    SRV - File not found [Auto | Stopped] -- -- (pinetmgr)
    SRV - File not found [Auto | Stopped] -- -- (PID_08A0)
    SRV - File not found [Auto | Stopped] -- -- (pgsql-8.0)
    SRV - File not found [Auto | Stopped] -- -- (PGPwded)
    SRV - File not found [Auto | Stopped] -- -- (PGPdisk)
    SRV - File not found [Auto | Stopped] -- -- (pelmouse)
    SRV - File not found [Auto | Stopped] -- -- (pdlndsdl)
    SRV - File not found [Auto | Stopped] -- -- (pdlncbas)
    SRV - File not found [Auto | Stopped] -- -- (pdengine)
    SRV - File not found [Auto | Stopped] -- -- (PCISys)
    SRV - File not found [Auto | Stopped] -- -- (papycpu2)
    SRV - File not found [Auto | Stopped] -- -- (PAC7302)
    SRV - File not found [Auto | Stopped] -- -- (p3)
    SRV - File not found [Auto | Stopped] -- -- (p17xfilt)
    SRV - File not found [Auto | Stopped] -- -- (p1110vid)
    SRV - File not found [Auto | Stopped] -- -- (ose)
    SRV - File not found [Auto | Stopped] -- -- (oraclexeclragent)
    SRV - File not found [Auto | Stopped] -- -- (oracleorahomemanagementserver)
    SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_client-forms6i)
    SRV - File not found [Auto | Stopped] -- -- (ONSIO)
    SRV - File not found [Auto | Stopped] -- -- (omsad)
    SRV - File not found [Auto | Stopped] -- -- (omniserv)
    SRV - File not found [Auto | Stopped] -- -- (omnidrv)
    SRV - File not found [Auto | Stopped] -- -- (olregcap)
    SRV - File not found [Auto | Stopped] -- -- (ofcpfwsvc)
    SRV - File not found [Auto | Stopped] -- -- (NWSAP)
    SRV - File not found [Auto | Stopped] -- -- (nvnetbus)
    SRV - File not found [Auto | Stopped] -- -- (NvNdis)
    SRV - File not found [Auto | Stopped] -- -- (nvax)
    SRV - File not found [Auto | Stopped] -- -- (ntgrip)
    SRV - File not found [Auto | Stopped] -- -- (nsausvc)
    SRV - File not found [Auto | Stopped] -- -- (npkcsvc)
    SRV - File not found [Auto | Stopped] -- -- (noipducservice)
    SRV - File not found [Auto | Stopped] -- -- (nocashio)
    SRV - File not found [Auto | Stopped] -- -- (nmservice)
    SRV - File not found [Auto | Stopped] -- -- (nlsvc)
    SRV - File not found [Auto | Stopped] -- -- (nimxdfk)
    SRV - File not found [Auto | Stopped] -- -- (netwg311)
    SRV - File not found [Auto | Stopped] -- -- (NETw5x32)
    SRV - File not found [Auto | Stopped] -- -- (ndasbus)
    SRV - File not found [Auto | Stopped] -- -- (NCPro)
    SRV - File not found [Auto | Stopped] -- -- (naveng)
    SRV - File not found [Auto | Stopped] -- -- (naimagent32)
    SRV - File not found [Auto | Stopped] -- -- (mwsejcap)
    SRV - File not found [Auto | Stopped] -- -- (mvserver)
    SRV - File not found [Auto | Stopped] -- -- (MTDVC2_ENUM)
    SRV - File not found [Auto | Stopped] -- -- (MSW_USB)
    SRV - File not found [Auto | Stopped] -- -- (mssql$microsoftbcm)
    SRV - File not found [Auto | Stopped] -- -- (msmframework)
    SRV - File not found [Auto | Stopped] -- -- (mrvw245)
    SRV - File not found [Auto | Stopped] -- -- (MRV6X32P)
    SRV - File not found [Auto | Stopped] -- -- (mrpostman)
    SRV - File not found [Auto | Stopped] -- -- (MRESP50)
    SRV - File not found [Auto | Stopped] -- -- (MRENDIS5)
    SRV - File not found [Auto | Stopped] -- -- (mpfirewl)
    SRV - File not found [Auto | Stopped] -- -- (MobilePreInstallerService)
    SRV - File not found [Auto | Stopped] -- -- (mmc_2K)
    SRV - File not found [Auto | Stopped] -- -- (mlkkbdntdriver)
    SRV - File not found [Auto | Stopped] -- -- (mksupdateint)
    SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsMax2008_32)
    SRV - File not found [Auto | Stopped] -- -- (minilog)
    SRV - File not found [Auto | Stopped] -- -- (mgisvr)
    SRV - File not found [Auto | Stopped] -- -- (mfebopk)
    SRV - File not found [Auto | Stopped] -- -- (merakpop3)
    SRV - File not found [Auto | Stopped] -- -- (MegaSR)
    SRV - File not found [Auto | Stopped] -- -- (mcupdmgr.exe)
    SRV - File not found [Auto | Stopped] -- -- (mcsysmon)
    SRV - File not found [Auto | Stopped] -- -- (mcnasvc)
    SRV - File not found [Auto | Stopped] -- -- (mcdbus)
    SRV - File not found [Auto | Stopped] -- -- (McciCMService)
    SRV - File not found [Auto | Stopped] -- -- (mcafeeantispyware)
    SRV - File not found [Auto | Stopped] -- -- (marvinbus)
    SRV - File not found [Auto | Stopped] -- -- (Maplom)
    SRV - File not found [Auto | Stopped] -- -- (MA_CMIDI)
    SRV - File not found [Auto | Stopped] -- -- (lxdj_device)
    SRV - File not found [Auto | Stopped] -- -- (lwwlicenseservice)
    SRV - File not found [Auto | Stopped] -- -- (lvprcsrv)
    SRV - File not found [Auto | Stopped] -- -- (logonsvcid)
    SRV - File not found [Auto | Stopped] -- -- (LMIRfsDriver)
    SRV - File not found [Auto | Stopped] -- -- (lktimesync)
    SRV - File not found [Auto | Stopped] -- -- (konfig)
    SRV - File not found [Auto | Stopped] -- -- (KMWDFilter)
    SRV - File not found [Auto | Stopped] -- -- (k750mdm)
    SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
    SRV - File not found [Auto | Stopped] -- -- (jtagserver)
    SRV - File not found [Auto | Stopped] -- -- (ixiaendpoint)
    SRV - File not found [Auto | Stopped] -- -- (IWCA)
    SRV - File not found [Auto | Stopped] -- -- (iviregmgr)
    SRV - File not found [Auto | Stopped] -- -- (ISODrive)
    SRV - File not found [Auto | Stopped] -- -- (isdrv120)
    SRV - File not found [Auto | Stopped] -- -- (irmon)
    SRV - File not found [Auto | Stopped] -- -- (ireike)
    SRV - File not found [Auto | Stopped] -- -- (IntuitUpdateService)
    SRV - File not found [Auto | Stopped] -- -- (int15)
    SRV - File not found [Auto | Stopped] -- -- (inspect)
    SRV - File not found [Auto | Stopped] -- -- (imagesrv)
    SRV - File not found [Auto | Stopped] -- -- (ilicensesvc)
    SRV - File not found [Auto | Stopped] -- -- (igateway)
    SRV - File not found [Auto | Stopped] -- -- (idebusdr)
    SRV - File not found [Auto | Stopped] -- -- (iaimtv3)
    SRV - File not found [Auto | Stopped] -- -- (iaimfp4)
    SRV - File not found [Auto | Stopped] -- -- (iaantmon)
    SRV - File not found [Auto | Stopped] -- -- (HWSCtrl)
    SRV - File not found [Auto | Stopped] -- -- (hsxhwazl)
    SRV - File not found [Auto | Stopped] -- -- (hsvcmod)
    SRV - File not found [Auto | Stopped] -- -- (hsf_msft)
    SRV - File not found [Auto | Stopped] -- -- (HPFXBULK)
    SRV - File not found [Auto | Stopped] -- -- (Hotkey)
    SRV - File not found [Auto | Stopped] -- -- (hidbatt)
    SRV - File not found [Auto | Stopped] -- -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- -- (HBtnKey)
    SRV - File not found [Auto | Stopped] -- -- (ha20x2k)
    SRV - File not found [Auto | Stopped] -- -- (gusvc)
    SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-service (gupdatem)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Updateservice (gupdate)
    SRV - File not found [Auto | Stopped] -- -- (GTWModem)
    SRV - File not found [Auto | Stopped] -- -- (govsrv)
    SRV - File not found [Auto | Stopped] -- -- (GoBack2K)
    SRV - File not found [Auto | Stopped] -- -- (FVNETusb)
    SRV - File not found [Auto | Stopped] -- -- (fuj02b1)
    SRV - File not found [Auto | Stopped] -- -- (ftpqueue)
    SRV - File not found [Auto | Stopped] -- -- (forcewarewebinterface)
    SRV - File not found [Auto | Stopped] -- -- (FontCache3.0.0.0.)
    SRV - File not found [Auto | Stopped] -- -- (fingrd32)
    SRV - File not found [Auto | Stopped] -- -- (FETNDIS)
    SRV - File not found [Auto | Stopped] -- -- (fallback)
    SRV - File not found [Auto | Stopped] -- -- (fa_scheduler)
    SRV - File not found [Auto | Stopped] -- -- (F700iob)
    SRV - File not found [Auto | Stopped] -- -- (EPSON_EB_RPCV4_01)
    SRV - File not found [Auto | Stopped] -- -- (EpmPsd)
    SRV - File not found [Auto | Stopped] -- -- (enethusb)
    SRV - File not found [Auto | Stopped] -- -- (emupia)
    SRV - File not found [Auto | Stopped] -- -- (emu10k1)
    SRV - File not found [Auto | Stopped] -- -- (ELhid)
    SRV - File not found [Auto | Stopped] -- -- (EL2000)
    SRV - File not found [Auto | Stopped] -- -- (ec2007service)
    SRV - File not found [Auto | Stopped] -- -- (eamon)
    SRV - File not found [Auto | Stopped] -- -- (EACSys)
    SRV - File not found [Auto | Stopped] -- -- (dvpapi)
    SRV - File not found [Auto | Stopped] -- -- (DSI_SiUSBXp_3_1)
    SRV - File not found [Auto | Stopped] -- -- (dot4print)
    SRV - File not found [Auto | Stopped] -- -- (dlcf_device)
    SRV - File not found [Auto | Stopped] -- -- (dladresn)
    SRV - File not found [Auto | Stopped] -- -- (dlacdbhm)
    SRV - File not found [Auto | Stopped] -- -- (digictrl)
    SRV - File not found [Auto | Stopped] -- -- (DfwWebAgent)
    SRV - File not found [Auto | Stopped] -- -- (defragfs)
    SRV - File not found [Auto | Stopped] -- -- (Defrag32b)
    SRV - File not found [Auto | Stopped] -- -- (dcsloader)
    SRV - File not found [Auto | Stopped] -- -- (DCamUSBSQTECH)
    SRV - File not found [Auto | Stopped] -- -- (DCamUSBGrandTek)
    SRV - File not found [Auto | Stopped] -- -- (CYGF32X)
    SRV - File not found [Auto | Stopped] -- -- (CXTUNE)
    SRV - File not found [Auto | Stopped] -- -- (cwcspud)
    SRV - File not found [Auto | Stopped] -- -- (cwafadmincontroller)
    SRV - File not found [Auto | Stopped] -- -- (cvsnt)
    SRV - File not found [Auto | Stopped] -- -- (CVirtA)
    SRV - File not found [Auto | Stopped] -- -- (ctxcpuusync)
    SRV - File not found [Auto | Stopped] -- -- (ctprxy2k)
    SRV - File not found [Auto | Stopped] -- -- (CTHWIUT.DLL)
    SRV - File not found [Auto | Stopped] -- -- (CTDevice_Srv)
    SRV - File not found [Auto | Stopped] -- -- (CSRBC)
    SRV - File not found [Auto | Stopped] -- -- (cpqnicmgmt)
    SRV - File not found [Auto | Stopped] -- -- (cpqdfw)
    SRV - File not found [Auto | Stopped] -- -- (cpntsrv)
    SRV - File not found [Auto | Stopped] -- -- (CnxTrUsb)
    SRV - File not found [Auto | Stopped] -- -- (cmudau)
    SRV - File not found [Auto | Stopped] -- -- (clsched)
    SRV - File not found [Auto | Stopped] -- -- (ClntMgmt.sys)
    SRV - File not found [Auto | Stopped] -- -- (clnt_clientman)
    SRV - File not found [Auto | Stopped] -- -- (cidaemon)
    SRV - File not found [Auto | Stopped] -- -- (cfosspeed)
    SRV - File not found [Auto | Stopped] -- -- (cercsr6)
    SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
    SRV - File not found [Auto | Stopped] -- -- (ccpwdsvc)
    SRV - File not found [Auto | Stopped] -- -- (carboniteservice)
    SRV - File not found [Auto | Stopped] -- -- (ca-messagequeuing)
    SRV - File not found [Auto | Stopped] -- -- (bwmservice)
    SRV - File not found [Auto | Stopped] -- -- (bwcsrv)
    SRV - File not found [Auto | Stopped] -- -- (btwdndis)
    SRV - File not found [Auto | Stopped] -- -- (btwaudio)
    SRV - File not found [Auto | Stopped] -- -- (btfirst)
    SRV - File not found [Auto | Stopped] -- -- (BrUsbSer)
    SRV - File not found [Auto | Stopped] -- -- (BrPar)
    SRV - File not found [Auto | Stopped] -- -- (botcbs)
    SRV - File not found [Auto | Stopped] -- -- (blueletscoaudio)
    SRV - File not found [Auto | Stopped] -- -- (belgium_id_card_service)
    SRV - File not found [Auto | Stopped] -- -- (bdselfpr)
    SRV - File not found [Auto | Stopped] -- -- (bdpredir)
    SRV - File not found [Auto | Stopped] -- -- (BcmSqlStartupSvc)
    SRV - File not found [Auto | Stopped] -- -- (bcftdi)
    SRV - File not found [Auto | Stopped] -- -- (bc_pat_f)
    SRV - File not found [Auto | Stopped] -- -- (bc_ip_f)
    SRV - File not found [Auto | Stopped] -- -- (basic2)
    SRV - File not found [Auto | Stopped] -- -- (backupexecnamingservice)
    SRV - File not found [Auto | Stopped] -- -- (backupexecdevicemediaservice)
    SRV - File not found [Auto | Stopped] -- -- (backupexecalertserver)
    SRV - File not found [Auto | Stopped] -- -- (b57w2k)
    SRV - File not found [Auto | Stopped] -- -- (awhost32)
    SRV - File not found [Auto | Stopped] -- -- (avupdsvc)
    SRV - File not found [Auto | Stopped] -- -- (avidsdmservice)
    SRV - File not found [Auto | Stopped] -- -- (avg7updsvc)
    SRV - File not found [Auto | Stopped] -- -- (avg7rsw)
    SRV - File not found [Auto | Stopped] -- -- (avg7core)
    SRV - File not found [Auto | Stopped] -- -- (AVerBDA)
    SRV - File not found [Auto | Stopped] -- -- (avcgbdr)
    SRV - File not found [Auto | Stopped] -- -- (autocomplete)
    SRV - File not found [Auto | Stopped] -- -- (ATMsg)
    SRV - File not found [Auto | Stopped] -- -- (atitunep)
    SRV - File not found [Auto | Stopped] -- -- (ati2mtaa)
    SRV - File not found [Auto | Stopped] -- -- (AtcL002)
    SRV - File not found [Auto | Stopped] -- -- (aswtdi)
    SRV - File not found [Auto | Stopped] -- -- (aswlsvc)
    SRV - File not found [Auto | Stopped] -- -- (AsusACPI)
    SRV - File not found [Auto | Stopped] -- -- (asmagent)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (aolavupd)
    SRV - File not found [Auto | Stopped] -- -- (anio)
    SRV - File not found [Auto | Stopped] -- -- (amoagent)
    SRV - File not found [Auto | Stopped] -- -- (amdk77)
    SRV - File not found [Auto | Stopped] -- -- (alertservice)
    SRV - File not found [Auto | Stopped] -- -- (alcaudsl)
    SRV - File not found [Auto | Stopped] -- -- (AFGSp50)
    SRV - File not found [Auto | Stopped] -- -- (aeaudio)
    SRV - File not found [Auto | Stopped] -- -- (adpu320)
    SRV - File not found [Auto | Stopped] -- -- (admjoy)
    SRV - File not found [Auto | Stopped] -- -- (AdfuUd)
    SRV - File not found [Auto | Stopped] -- -- (adaptecstoragemanageragent)
    SRV - File not found [Auto | Stopped] -- -- (aamqdispatcher)
    SRV - File not found [Auto | Stopped] -- -- (A88xTuner)
    SRV - File not found [Auto | Stopped] -- -- ({85ccb53b-23d8-4e73-b1b7-9ddb71827d9b})
    SRV - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010-07-16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung PC Share Manager\WiselinkPro.exe -- (AllShare)
    SRV - [2009-05-17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
    SRV - [2007-02-02 14:35:06 | 001,235,032 | ---- | M] (Famatech International Corp.) [Auto | Running] -- C:\WINDOWS\System32\rserver30\RServer3.exe -- (RServer3)
    SRV - [2004-09-22 22:17:18 | 000,815,104 | ---- | M] (Grant Averett) [Auto | Running] -- C:\Program Files\Cerberus\Cerberus.exe -- (Cerberus FTP Server)
     
  16. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    OTL.txt - part 2

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZDPNDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZDCndis5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCLEPCI)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCANDIS5)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FXDrv32)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011-10-04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011-07-11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011-07-11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011-07-11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2009-10-05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2008-04-13 23:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
    DRV - [2008-04-13 23:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
    DRV - [2007-05-31 08:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007-03-02 21:53:19 | 001,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007-03-01 10:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-02-02 14:54:26 | 000,041,176 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\rserver30\raddrvv3.sys -- (raddrvv3)
    DRV - [2006-11-01 04:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
    DRV - [2006-10-13 09:16:36 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006-01-18 13:09:40 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2005-12-22 13:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
    DRV - [2004-10-08 15:58:00 | 000,751,104 | ---- | M] (Asus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
    DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
    DRV - [2004-03-10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
    DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\SearchScopes,DefaultScope = {15457935-CDA2-498D-ABA2-BB3E0C6C9604}
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\SearchScopes\{15457935-CDA2-498D-ABA2-BB3E0C6C9604}: "URL" = http://www.google.nl/search?hl=nl&rlz=1G1GGLQ_NLNL286&q={searchTerms}&meta=
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={99458DB6-A93D-4CD5-9080-E4B745F94197}&mid=2d27e4ca70d547d188f7d129f5d83e53-f1b8bc111bf0aabc6f2beb9a758fe9843f208faa&lang=nl&ds=AVG&pr=fr&d=2012-03-07 20:36:41&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.nl"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1912
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 4
    FF - prefs.js..extensions.enabledItems: 9
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012-03-07 20:35:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-03-07 20:36:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012-03-07 20:36:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-02 21:53:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-03 19:46:48 | 000,000,000 | ---D | M]

    [2008-08-16 13:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2012-02-05 13:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions
    [2009-09-12 11:20:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-02-07 11:42:51 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions\firefox@tvunetworks.com
    [2012-02-05 13:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010-07-31 22:05:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011-04-03 09:41:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011-07-01 18:31:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012-02-04 14:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2012-03-07 20:35:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
    [2008-12-02 19:06:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-03-11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
    [2010-03-11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    [2010-03-11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
    [2010-03-11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    [2011-11-10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010-03-11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
    [2010-03-11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    [2012-03-07 20:36:37 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011-02-05 10:17:10 | 000,001,890 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2011-02-05 10:17:10 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2011-02-05 10:17:10 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
    [2011-02-05 10:17:10 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
    [2011-02-05 10:17:10 | 000,000,802 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

    O1 HOSTS File: ([2012-03-07 08:57:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
    O4 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([ienoportal] https in Trusted sites)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([portal] https in Trusted sites)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([webmail] https in Trusted sites)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: localhost ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Ranges: Range2 ([http] in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/43.10/uploader2.cab (UploadListView Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112288959018 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab (Image Uploader Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52503A0F-5C0B-42B1-B77D-EFE140159F74}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A80290E0-1513-4894-83AE-BAB9896987DB}: NameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\rserver30\r3god.dll) - C:\WINDOWS\system32\rserver30\R3GOD.DLL ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005-03-31 17:08:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007-01-06 16:59:44 | 000,000,095 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: HPFXBULK - File not found
    NetSvcs: vaiomediaplatform-photoserver-appserver - File not found
    NetSvcs: regsrvc - File not found
    NetSvcs: backupexecalertserver - File not found
    NetSvcs: jtagserver - File not found
    NetSvcs: SE2Bmdm - File not found
    NetSvcs: tapeware - File not found
    NetSvcs: symwsc - File not found
    NetSvcs: s125obex - File not found
    NetSvcs: NvNdis - File not found
    NetSvcs: FVNETusb - File not found
    NetSvcs: AtcL002 - File not found
    NetSvcs: mksupdateint - File not found
    NetSvcs: mfebopk - File not found
    NetSvcs: w200obex - File not found
    NetSvcs: mmc_2K - File not found
    NetSvcs: viagfx - File not found
    NetSvcs: ELhid - File not found
    NetSvcs: se59unic - File not found
    NetSvcs: avidsdmservice - File not found
    NetSvcs: SaiClass - File not found
    NetSvcs: GoBack2K - File not found
    NetSvcs: BrPar - File not found
    NetSvcs: ql2100 - File not found
    NetSvcs: rimmptsk - File not found
    NetSvcs: winpower - File not found
    NetSvcs: ose - File not found
    NetSvcs: WaveEnrollmentService - File not found
    NetSvcs: SE2Cobex - File not found
    NetSvcs: wmccds - File not found
    NetSvcs: pmshellsrv - File not found
    NetSvcs: symids - File not found
    NetSvcs: mvserver - File not found
    NetSvcs: rtl8029 - File not found
    NetSvcs: vncmirror - File not found
    NetSvcs: MRENDIS5 - File not found
    NetSvcs: tphkdrv - File not found
    NetSvcs: inspect - File not found
    NetSvcs: ccpwdsvc - File not found
    NetSvcs: nocashio - File not found
    NetSvcs: SE27mdfl - File not found
    NetSvcs: viaagp1 - File not found
    NetSvcs: sbhooksvc - File not found
    NetSvcs: NWSAP - File not found
    NetSvcs: clsched - File not found
    NetSvcs: gusvc - File not found
    NetSvcs: btfirst - File not found
    NetSvcs: se45obex - File not found
    NetSvcs: bcftdi - File not found
    NetSvcs: blueletscoaudio - File not found
    NetSvcs: MSW_USB - File not found
    NetSvcs: SaiH040B - File not found
    NetSvcs: Defrag32b - File not found
    NetSvcs: ilicensesvc - File not found
    NetSvcs: ssdiagn - File not found
    NetSvcs: nvax - File not found
    NetSvcs: isdrv120 - File not found
    NetSvcs: cidaemon - File not found
    NetSvcs: F700iob - File not found
    NetSvcs: tsircsrv - File not found
    NetSvcs: wacomvhid - File not found
    NetSvcs: AVerBDA - File not found
    NetSvcs: SbcpHid - File not found
    NetSvcs: k750mdfl - File not found
    NetSvcs: yats32 - File not found
    NetSvcs: logonsvcid - File not found
    NetSvcs: EACSys - File not found
    NetSvcs: w550bus - File not found
    NetSvcs: starwindserviceae - File not found
    NetSvcs: awhost32 - File not found
    NetSvcs: adpu320 - File not found
    NetSvcs: ZSMC211 - File not found
    NetSvcs: clnt_clientman - File not found
    NetSvcs: taphss - File not found
    NetSvcs: aamqdispatcher - File not found
    NetSvcs: SE2Dmgmt - File not found
    NetSvcs: int15 - File not found
    NetSvcs: radclock - File not found
    NetSvcs: FETNDIS - File not found
    NetSvcs: adaptecstoragemanageragent - File not found
    NetSvcs: iaimfp4 - File not found
    NetSvcs: digictrl - File not found
    NetSvcs: amdk77 - File not found
    NetSvcs: sermouse - File not found
    NetSvcs: dot4print - File not found
    NetSvcs: w300bus - File not found
    NetSvcs: lxdj_device - File not found
    NetSvcs: iviregmgr - File not found
    NetSvcs: netwg311 - File not found
    NetSvcs: w810obex - File not found
    NetSvcs: pdlncbas - File not found
    NetSvcs: k750mdm - File not found
    NetSvcs: rimusb - File not found
    NetSvcs: traprcvr - File not found
    NetSvcs: ZTEusbmdm6k - File not found
    NetSvcs: IntuitUpdateService - File not found
    NetSvcs: nmservice - File not found
    NetSvcs: HBtnKey - File not found
    NetSvcs: eamon - File not found
    NetSvcs: WmUsbHid - File not found
    NetSvcs: EPSON_EB_RPCV4_01 - File not found
    NetSvcs: QWAVE - File not found
    NetSvcs: mlkkbdntdriver - File not found
    NetSvcs: aolavupd - File not found
    NetSvcs: aswlsvc - File not found
    NetSvcs: cercsr6 - File not found
    NetSvcs: lvprcsrv - File not found
    NetSvcs: PGPwded - File not found
    NetSvcs: RVIEG01 - File not found
    NetSvcs: bc_pat_f - File not found
    NetSvcs: idebusdr - File not found
    NetSvcs: dvpapi - File not found
    NetSvcs: carboniteservice - File not found
    NetSvcs: ntgrip - File not found
    NetSvcs: wg6n - File not found
    NetSvcs: {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - File not found
    NetSvcs: avg7updsvc - File not found
    NetSvcs: CnxTrUsb - File not found
    NetSvcs: marvinbus - File not found
    NetSvcs: psadd - File not found
    NetSvcs: NETw5x32 - File not found
    NetSvcs: stunnel - File not found
    NetSvcs: Slpsvdr - File not found
    NetSvcs: p1110vid - File not found
    NetSvcs: fallback - File not found
    NetSvcs: admjoy - File not found
    NetSvcs: dlcf_device - File not found
    NetSvcs: TryAndDecideService - File not found
    NetSvcs: fa_scheduler - File not found
    NetSvcs: uhcd - File not found
    NetSvcs: MobilePreInstallerService - File not found
    NetSvcs: mrvw245 - File not found
    NetSvcs: ec2007service - File not found
    NetSvcs: WNCPKT - File not found
    NetSvcs: mcafeeantispyware - File not found
    NetSvcs: belgium_id_card_service - File not found
    NetSvcs: btwaudio - File not found
    NetSvcs: MA_CMIDI - File not found
    NetSvcs: avcgbdr - File not found
    NetSvcs: PCISys - File not found
    NetSvcs: usnsvc - File not found
    NetSvcs: trackcam4 - File not found
    NetSvcs: CVirtA - File not found
    NetSvcs: ofcpfwsvc - File not found
    NetSvcs: botcbs - File not found
    NetSvcs: irmon - File not found
    NetSvcs: viamraid - File not found
    NetSvcs: WLAN_USB - File not found
    NetSvcs: PTDCMdm - File not found
    NetSvcs: tphdexlgsvc - File not found
    NetSvcs: p17xfilt - File not found
    NetSvcs: MRESP50 - File not found
    NetSvcs: omsad - File not found
    NetSvcs: atitunep - File not found
    NetSvcs: Hotkey - File not found
    NetSvcs: anio - File not found
    NetSvcs: dlacdbhm - File not found
    NetSvcs: USBVCD - File not found
    NetSvcs: SetupNT - File not found
    NetSvcs: CTDevice_Srv - File not found
    NetSvcs: RTHDMIAzAudService - File not found
    NetSvcs: hsvcmod - File not found
    NetSvcs: mi-raysat_3dsMax2008_32 - File not found
    NetSvcs: s116unic - File not found
    NetSvcs: pinnaclemarvinusb - File not found
    NetSvcs: ixiaendpoint - File not found
    NetSvcs: USBCamera - File not found
    NetSvcs: oracleorahomemanagementserver - File not found
    NetSvcs: ctprxy2k - File not found
    NetSvcs: bc_ip_f - File not found
    NetSvcs: konfig - File not found
    NetSvcs: S7oppilx - File not found
    NetSvcs: WavxDMgr - File not found
    NetSvcs: pelmouse - File not found
    NetSvcs: rpskt - File not found
    NetSvcs: BcmSqlStartupSvc - File not found
    NetSvcs: pwd_2K - File not found
    NetSvcs: avupdsvc - File not found
    NetSvcs: igateway - File not found
    NetSvcs: cdrbsdrv - File not found
    NetSvcs: papycpu2 - File not found
    NetSvcs: oraclexeclragent - File not found
    NetSvcs: GTWModem - File not found
    NetSvcs: CXTUNE - File not found
    NetSvcs: sthda - File not found
    NetSvcs: A88xTuner - File not found
    NetSvcs: pinetmgr - File not found
    NetSvcs: bdpredir - File not found
    NetSvcs: ltxred - File not found
    NetSvcs: MegaSR - File not found
    NetSvcs: iaantmon - File not found
    NetSvcs: aswtdi - File not found
    NetSvcs: pgsql-8.0 - File not found
    NetSvcs: UCTblHid - File not found
    NetSvcs: alertservice - File not found
    NetSvcs: ShockMgr - File not found
    NetSvcs: vmx86 - File not found
    NetSvcs: lwwlicenseservice - File not found
    NetSvcs: se58mdm - File not found
    NetSvcs: b57w2k - File not found
    NetSvcs: SymIM - File not found
    NetSvcs: pdengine - File not found
    NetSvcs: merakpop3 - File not found
    NetSvcs: sndsrvc - File not found
    NetSvcs: bwcsrv - File not found
    NetSvcs: defragfs - File not found
    NetSvcs: cvsnt - File not found
    NetSvcs: WD_FireWire_HID - File not found
    NetSvcs: SE27mgmt - File not found
    NetSvcs: sonicstagemonitoring - File not found
    NetSvcs: SSFS0BB9 - File not found
    NetSvcs: cpqdfw - File not found
    NetSvcs: streamloadservice - File not found
    NetSvcs: Wdf01000 - File not found
    NetSvcs: mcnasvc - File not found
    NetSvcs: superproserver - File not found
    NetSvcs: webfilter - File not found
    NetSvcs: IWCA - File not found
    NetSvcs: HWSCtrl - File not found
    NetSvcs: alcaudsl - File not found
    NetSvcs: us30sys - File not found
    NetSvcs: npkcsvc - File not found
    NetSvcs: hidbatt - File not found
    NetSvcs: ftpqueue - File not found
    NetSvcs: nimxdfk - File not found
    NetSvcs: olregcap - File not found
    NetSvcs: ATMsg - File not found
    NetSvcs: mgisvr - File not found
    NetSvcs: REVOSENS - File not found
    NetSvcs: enethusb - File not found
    NetSvcs: SilverLink - File not found
    NetSvcs: ISODrive - File not found
    NetSvcs: ONSIO - File not found
    NetSvcs: webrootspysweeperservice - File not found
    NetSvcs: s217unic - File not found
    NetSvcs: p3 - File not found
    NetSvcs: DCamUSBSQTECH - File not found
    NetSvcs: CYGF32X - File not found
    NetSvcs: websenseclientdeployservice - File not found
    NetSvcs: PID_08A0 - File not found
    NetSvcs: SunkFilt39 - File not found
    NetSvcs: qmofiltr - File not found
    NetSvcs: CTHWIUT.DLL - File not found
    NetSvcs: raysatxsi5_0server - File not found
    NetSvcs: aeaudio - File not found
    NetSvcs: rkhdrv31 - File not found
    NetSvcs: DSI_SiUSBXp_3_1 - File not found
    NetSvcs: fingrd32 - File not found
    NetSvcs: s125bus - File not found
    NetSvcs: cfosspeed - File not found
    NetSvcs: cpqnicmgmt - File not found
    NetSvcs: amoagent - File not found
    NetSvcs: vmkbd2 - File not found
    NetSvcs: ypcservice - File not found
    NetSvcs: zpsc - File not found
    NetSvcs: cmudau - File not found
    NetSvcs: basic2 - File not found
    NetSvcs: ssm_bus - File not found
    NetSvcs: nlsvc - File not found
    NetSvcs: backupexecdevicemediaservice - File not found
    NetSvcs: nsausvc - File not found
    NetSvcs: tvichw32 - File not found
    NetSvcs: v2imount - File not found
    NetSvcs: backupexecnamingservice - File not found
    NetSvcs: MTDVC2_ENUM - File not found
    NetSvcs: imagesrv - File not found
    NetSvcs: RivaTuner32 - File not found
    NetSvcs: ssscsisv - File not found
    NetSvcs: rismxdp - File not found
    NetSvcs: trufos - File not found
    NetSvcs: lktimesync - File not found
    NetSvcs: snoopfree - File not found
    NetSvcs: scanexplicit - File not found
    NetSvcs: ireike - File not found
    NetSvcs: qcmerced - File not found
    NetSvcs: oracle_load_balancer_60_client-forms6i - File not found
    NetSvcs: s616nd5 - File not found
    NetSvcs: mwsejcap - File not found
    NetSvcs: procexp90 - File not found
    NetSvcs: U2SP - File not found
    NetSvcs: sonywbms - File not found
    NetSvcs: WmiAcpi - File not found
    NetSvcs: NCPro - File not found
    NetSvcs: mcupdmgr.exe - File not found
    NetSvcs: DfwWebAgent - File not found
    NetSvcs: SQLAgent$MICROSOFTSMLBIZ - File not found
    NetSvcs: mcsysmon - File not found
    NetSvcs: dladresn - File not found
    NetSvcs: se58nd5 - File not found
    NetSvcs: hsxhwazl - File not found
    NetSvcs: USBMN1X1 - File not found
    NetSvcs: vpcnets2 - File not found
    NetSvcs: btwdndis - File not found
    NetSvcs: MRV6X32P - File not found
    NetSvcs: tosrfnds - File not found
    NetSvcs: transbaseservice - File not found
    NetSvcs: s116obex - File not found
    NetSvcs: AsusACPI - File not found
    NetSvcs: naveng - File not found
    NetSvcs: forcewarewebinterface - File not found
    NetSvcs: fuj02b1 - File not found
    NetSvcs: upperdev - File not found
    NetSvcs: pptchpad - File not found
    NetSvcs: zntport - File not found
    NetSvcs: hsf_msft - File not found
    NetSvcs: mssql$microsoftbcm - File not found
    NetSvcs: Maplom - File not found
    NetSvcs: s117unic - File not found
    NetSvcs: WINFLASH - File not found
    NetSvcs: KMWDFilter - File not found
    NetSvcs: tdimsys - File not found
    NetSvcs: ctxcpuusync - File not found
    NetSvcs: revudfservice - File not found
    NetSvcs: EpmPsd - File not found
    NetSvcs: cpntsrv - File not found
    NetSvcs: CSRBC - File not found
    NetSvcs: PAC7302 - File not found
    NetSvcs: DCamUSBGrandTek - File not found
    NetSvcs: WmVirHid - File not found
    NetSvcs: qconsvc - File not found
    NetSvcs: ati2mtaa - File not found
    NetSvcs: mcdbus - File not found
    NetSvcs: vwlogger - File not found
    NetSvcs: bdselfpr - File not found
    NetSvcs: nvnetbus - File not found
    NetSvcs: servicelayer - File not found
    NetSvcs: tpsrv - File not found
    NetSvcs: minilog - File not found
    NetSvcs: ndasbus - File not found
    NetSvcs: McciCMService - File not found
    NetSvcs: sqlagent$sony_mediamgr - File not found
    NetSvcs: EL2000 - File not found
    NetSvcs: asmagent - File not found
    NetSvcs: cwcspud - File not found
    NetSvcs: BrUsbSer - File not found
    NetSvcs: sfhlp01 - File not found
    NetSvcs: naimagent32 - File not found
    NetSvcs: vcsw - File not found
    NetSvcs: noipducservice - File not found
    NetSvcs: psasrv - File not found
    NetSvcs: iaimtv3 - File not found
    NetSvcs: avg7core - File not found
    NetSvcs: ClntMgmt.sys - File not found
    NetSvcs: mrpostman - File not found
    NetSvcs: emu10k1 - File not found
    NetSvcs: w550mdfl - File not found
    NetSvcs: cwafadmincontroller - File not found
    NetSvcs: ha20x2k - File not found
    NetSvcs: FontCache3.0.0.0. - File not found
    NetSvcs: tosrfbd - File not found
    NetSvcs: autocomplete - File not found
    NetSvcs: msmframework - File not found
    NetSvcs: websenseusagemonitor - File not found
    NetSvcs: AdfuUd - File not found
    NetSvcs: usb20l - File not found
    NetSvcs: symantecantibotwatcher - File not found
    NetSvcs: pnmsrv - File not found
    NetSvcs: emupia - File not found
    NetSvcs: Sk99202k - File not found
    NetSvcs: mpfirewl - File not found
    NetSvcs: gmer - File not found
    NetSvcs: zebrsce - File not found
    NetSvcs: bwmservice - File not found
    NetSvcs: hcf_msft - File not found
    NetSvcs: avg7rsw - File not found
    NetSvcs: AFGSp50 - File not found
    NetSvcs: omnidrv - File not found
    NetSvcs: pdlndsdl - File not found
    NetSvcs: dcsloader - File not found
    NetSvcs: govsrv - File not found
    NetSvcs: LMIRfsDriver - File not found
    NetSvcs: omniserv - File not found
    NetSvcs: PGPdisk - File not found
    NetSvcs: SE2Dbus - File not found
    NetSvcs: SfCtlCom - File not found
    NetSvcs: ca-messagequeuing - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: helpsvc - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codec - C:\WINDOWS\System32\L3CODECP.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Program Files\FFDshow\ffdshow.ax ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
    Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
     
  17. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    OTL.txt - part 3

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-03-07 21:07:29 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    [2012-03-07 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2012
    [2012-03-07 20:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2012
    [2012-03-07 20:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG Secure Search
    [2012-03-07 20:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012-03-07 20:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2012-03-07 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
    [2012-03-07 20:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012-03-07 20:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012-03-07 08:26:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-03-07 08:24:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012-03-07 08:24:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012-03-07 08:24:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012-03-07 08:24:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012-03-07 08:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012-03-07 08:24:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-03-07 08:01:40 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Bureaublad\AppRemover.exe
    [2012-03-07 07:49:52 | 004,428,059 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Bureaublad\ComboFix.exe
    [2012-03-05 19:54:13 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\user\Bureaublad\boot_cleaner.exe
    [2012-03-05 19:08:01 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Bureaublad\aswMBR.exe
    [2012-03-05 11:24:50 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Bureaublad\TDSSKiller.exe
    [2012-03-04 14:58:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Bureaublad\dds.scr
    [2012-03-04 14:35:53 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Bureaublad\Malwarebytes' Anti-Malware mbam--setup-1.60.1.1000.exe
    [2012-03-01 22:26:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012-03-01 22:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012-02-29 22:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Anti virus, malware
    [2012-02-29 22:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Start\Programma's\Anti virus, malware
    [2012-02-29 22:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012-02-20 23:19:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-03-08 19:49:40 | 091,119,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012-03-08 19:46:06 | 000,000,023 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
    [2012-03-08 19:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012-03-07 23:18:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006UA.job
    [2012-03-07 21:07:25 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    [2012-03-07 08:57:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012-03-07 08:26:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012-03-07 08:21:05 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012-03-07 08:02:05 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Bureaublad\AppRemover.exe
    [2012-03-07 07:59:50 | 000,000,448 | ---- | M] () -- C:\WINDOWS\lexstat.ini
    [2012-03-07 07:58:36 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012-03-07 07:49:59 | 004,428,059 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Bureaublad\ComboFix.exe
    [2012-03-06 19:52:29 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012-03-05 19:53:15 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\bootkit_remover.zip
    [2012-03-05 19:49:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\MBR.dat
    [2012-03-05 19:08:04 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Bureaublad\aswMBR.exe
    [2012-03-05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Bureaublad\TDSSKiller.exe
    [2012-03-04 15:18:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006Core.job
    [2012-03-04 14:58:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Bureaublad\dds.scr
    [2012-03-04 13:34:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\GMER-gntotgos.exe
    [2012-03-04 10:13:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012-03-01 22:23:43 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Bureaublad\Malwarebytes' Anti-Malware mbam--setup-1.60.1.1000.exe
    [2012-02-29 19:19:58 | 000,145,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012-02-25 17:14:23 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
    [2012-02-21 19:51:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
    [2012-02-16 19:58:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Gemeente Enschede Citrix Portal - CSG4.url
    [2012-02-15 21:15:30 | 000,001,888 | ---- | M] () -- C:\WINDOWS\goldwave.ini
    [2012-02-15 21:14:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012-02-15 11:12:39 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-02-15 08:57:31 | 000,650,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-02-14 23:22:44 | 000,509,338 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2012-02-14 23:22:44 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012-02-14 23:22:44 | 000,091,014 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2012-02-14 23:22:44 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012-02-12 20:51:53 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\user\Mijn documenten\PDVD_MediaDisc.PlayList
    [2012-02-11 12:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012-02-09 19:53:56 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-03-07 08:26:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012-03-07 08:26:40 | 000,261,936 | RHS- | C] () -- C:\cmldr
    [2012-03-07 08:24:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012-03-07 08:24:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012-03-07 08:24:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012-03-07 08:24:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012-03-07 08:24:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012-03-05 19:53:17 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\bootkit_remover.zip
    [2012-03-05 19:49:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\MBR.dat
    [2012-03-04 13:33:59 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\GMER-gntotgos.exe
    [2012-02-14 19:50:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012-02-14 19:50:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2012-01-09 20:43:37 | 000,013,234 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\3283598863
    [2012-01-09 20:43:37 | 000,013,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3283598863
    [2012-01-09 20:41:47 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\2520970206
    [2012-01-09 20:41:45 | 000,013,352 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\job0c0r2vnmw
    [2012-01-09 20:41:45 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2520970206
    [2012-01-09 20:26:42 | 000,013,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
    [2011-04-27 21:41:36 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\user\Application Data\fontdb.mdb
    [2011-02-23 02:53:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011-02-12 10:21:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2011-02-12 10:21:43 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2011-02-12 10:20:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2011-02-12 10:20:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2011-02-12 10:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2011-02-12 10:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
    [2011-01-12 20:30:13 | 000,160,361 | ---- | C] () -- C:\WINDOWS\Sqirlz Morph Uninstaller.exe
    [2010-11-19 20:47:23 | 000,124,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010-04-12 10:50:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
    [2010-03-16 21:34:03 | 000,003,633 | ---- | C] () -- C:\WINDOWS\iexplore.ini

    ========== LOP Check ==========

    [2012-03-07 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012-03-07 20:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010-11-16 10:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2012-02-03 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2012-01-14 17:44:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010-07-31 13:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Net
    [2010-08-12 19:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
    [2012-03-08 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008-08-20 22:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2008-09-14 10:15:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
    [2010-04-17 12:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-05-15 21:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010-01-24 21:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2008-09-02 20:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.ABC
    [2012-03-07 20:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG Secure Search
    [2012-03-07 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
    [2011-03-13 13:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Belastingdienst
    [2011-04-27 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BorWare
    [2010-07-31 13:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Net
    [2012-01-14 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ehg
    [2012-01-23 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Heri
    [2008-08-26 19:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
    [2008-09-14 13:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IrfanView
    [2010-12-13 20:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire
    [2011-05-16 19:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Octoshape
    [2012-01-14 12:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Teqi
    [2012-01-04 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uskyq
    [2012-01-14 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uzmigy
    [2012-01-24 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Yrys

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005-03-31 17:08:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008-09-14 13:20:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012-03-07 08:26:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
    [2012-03-07 09:02:36 | 000,023,201 | ---- | M] () -- C:\ComboFix.txt
    [2005-03-31 17:08:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008-08-20 21:23:11 | 000,020,329 | ---- | M] () -- C:\debug.log
    [2005-03-31 17:08:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005-03-31 17:08:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008-05-28 09:04:08 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2012-03-08 19:45:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2009-12-16 18:43:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009-11-10 21:12:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009-11-15 12:01:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009-11-15 16:47:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009-11-18 21:11:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009-11-18 22:57:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009-11-21 16:45:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009-11-24 22:17:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009-11-24 23:00:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009-11-28 12:09:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009-11-28 12:11:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009-11-28 13:22:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009-12-01 21:42:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009-12-02 22:04:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009-12-02 22:43:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009-12-02 22:46:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009-12-07 19:02:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009-12-08 17:58:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009-12-09 20:58:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009-12-10 19:08:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009-12-16 18:43:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009-11-10 21:12:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009-11-15 12:01:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009-11-15 16:47:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009-11-18 21:11:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009-11-18 22:57:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009-11-21 16:45:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009-11-24 22:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009-11-24 23:00:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009-11-28 12:09:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009-11-28 12:11:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009-11-28 13:22:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009-12-01 21:42:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009-12-02 22:04:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009-12-02 22:43:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009-12-02 22:46:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009-12-07 19:02:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009-12-08 17:58:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009-12-09 20:58:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009-12-10 19:08:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2012-03-05 23:44:01 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_05.03.2012_23.43.54_log.txt
    [2012-03-05 23:44:17 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_05.03.2012_23.44.15_log.txt
    [2012-03-05 23:42:21 | 000,054,046 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_05.03.2012_23.41.31_log.txt
    [2012-03-05 23:45:00 | 000,054,046 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_05.03.2012_23.44.43_log.txt

    < %systemroot%\Fonts\*.com >
    [2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005-03-31 17:08:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2003-07-29 10:45:10 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL
    [2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005-03-31 19:00:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005-03-31 19:00:27 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005-03-31 19:00:27 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005-03-31 17:12:48 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
    [2008-08-13 10:12:57 | 000,000,131 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2012-02-16 19:58:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Gemeente Enschede Citrix Portal - CSG4.url

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012-02-11 12:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004-08-04 13:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012-03-04 15:18:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006Core.job
    [2012-03-07 23:18:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006UA.job
    [2012-03-08 19:46:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Sqirlz Morph Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012-03-08 20:04:11 | 001,163,264 | ---- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-27 15:57:10 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 21:32:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-08-04 00:15:40 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004-08-04 00:15:40 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 15:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 21:33:08 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004-08-04 00:15:40 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004-08-04 00:15:40 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004-08-04 00:15:40 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004-08-04 00:15:40 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-08-04 00:15:40 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: SERIAL.SYS >
    [2004-08-04 13:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
    [2008-04-14 21:46:08 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
    [2004-08-04 13:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:serial.sys
    [2008-04-14 21:46:08 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] () MD5=2B554A5C190850E56F7AED5A7A007EF9 -- C:\WINDOWS\system32\drivers\serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=92C21762653BB2CE51147EB8A9AA654F -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=92C21762653BB2CE51147EB8A9AA654F -- C:\WINDOWS\system32\dllcache\serial.sys

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB22540$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  18. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Extras.txt

    OTL Extras logfile created on: 8-3-2012 20:07:01 - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\user\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,87 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 70,86% Memory free
    3,72 Gb Paging File | 3,18 Gb Available in Paging File | 85,48% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 142,06 Gb Free Space | 30,50% Space Free | Partition Type: NTFS
    Drive D: | 225,07 Gb Total Space | 31,05 Gb Free Space | 13,80% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Media Markt] -- "C:\Program Files\Media Markt\Media Markt.exe" "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "4899:TCP" = 4899:TCP:*:Enabled:Remote Administrator
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk
    "21:TCP" = 21:TCP:*:Enabled:FTP
    "2121:TCP" = 2121:TCP:*:Enabled:FTP 2121
    "1179:UDP" = 1179:UDP:*:Enabled:Windows Media Format SDK (sidebar.exe)
    "1178:UDP" = 1178:UDP:*:Enabled:Windows Media Format SDK (sidebar.exe)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
    "D:\D-schijf\Games\World Series of Poker TOC\WSOPTOC.exe" = D:\D-schijf\Games\World Series of Poker TOC\WSOPTOC.exe:*:Enabled:WSOPTOC -- ()
    "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
    "C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- ()
    "C:\WINDOWS\system32\rserver30\rserver3.exe" = C:\WINDOWS\system32\rserver30\rserver3.exe:*:Enabled:rserver3.exe -- (Famatech International Corp.)
    "C:\Program Files\Audiograbber\audiograbber.exe" = C:\Program Files\Audiograbber\audiograbber.exe:*:Enabled:Audiograbber -- ()
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\Maple 8\bin.win\mserver.exe" = C:\Program Files\Maple 8\bin.win\mserver.exe:*:Enabled:mserver -- ()
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Samsung PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung PC Share Manager\WiselinkPro.exe:*:Enabled:AllShare -- ()
    "C:\Program Files\Samsung PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung PC Share Manager\http_ss_win_pro.exe:*:Enabled:pCSM_http_ss_win_pro -- ()
    "D:\D-schijf\Games\Commandos, Behind Enemy Lines\mpserver.exe" = D:\D-schijf\Games\Commandos, Behind Enemy Lines\mpserver.exe:*:Enabled:mpserver -- ()
    "C:\Program Files\Cerberus\Cerberus.exe" = C:\Program Files\Cerberus\Cerberus.exe:*:Enabled:Cerberus FTP Server Application -- (Grant Averett)
    "C:\Program Files\FTP Explorer\ftpx.exe" = C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application -- (FTPx Corp.)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:FTP-bestandsoverdrachtprogramma -- (Microsoft Corporation)
    "%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    ".sol Editor" = .sol Editor 1.1.0.1
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{10162E91-BB26-AF99-909C-E840C15890E8}" = Catalyst Control Center Graphics Full Existing
    "{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
    "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 30
    "{29C0E9C5-7718-D07B-633F-FD5BE27BBCE5}" = ccc-core-preinstall
    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "{2A5782B3-9767-5DF6-8F5A-4900CD698845}" = Catalyst Control Center Graphics Light
    "{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
    "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Orange USB Wi-Fi drivers
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38EC695A-64CD-7C76-3C21-9ECB49880C70}" = Catalyst Control Center Core Implementation
    "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
    "{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
    "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
    "{47E0F183-E938-A97E-A3CF-9FD4D9893439}" = ccc-core-static
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{508D86EE-931E-4DEA-0BF8-25E30CE9EB42}" = ccc-utility
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E2F380E-A308-437A-BA02-D5F563C92A13}" = Cerberus FTP Server
    "{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7A81A7E3-7391-ADFF-9014-F8F45F0337F6}" = CCC Help English
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
    "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
    "{805C099D-2A20-DBF8-780C-52CA10916A14}" = Catalyst Control Center Graphics Full New
    "{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E79A5A3-AA5F-DA1F-4BF2-EEC290A08709}" = Skins
    "{90110413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90120000-008A-0413-0000-0000000FF1CE}" = Gadget voor recente documenten in Microsoft Office 2007
    "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AAD51583-6D43-4444-A1FF-0C8345345526}" = Radmin Server 3.0
    "{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Orange USB Wi-Fi manager
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
    "{C064F50C-4B08-3136-48F5-B92130A47267}" = Catalyst Control Center Graphics Previews Common
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0C3F1F4-6F91-4E1A-B93E-811F756EF1D6}" = SPSS DDL 5.5
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D02FCF71-B9A2-406F-ABE5-8E183526CDDF}" = Studio 9
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
    "{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
    "{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = Orange Livebox
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "7-Zip" = 7-Zip 9.20
    "Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
    "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
    "ABC" = ABC (remove only)
    "AC3ACM" = AC-3 ACM Codec
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2012
    "BSW" = BrettspielWelt
    "CCleaner" = CCleaner
    "CDCheck" = CDCheck
    "CD-Text Player" = CD-Text Player
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "CoCSoft Stream Down 5.1" = CoCSoft Stream Down 5.1
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DC++" = DC++ 0.674
    "doPDF 5 printer_is1" = doPDF 5.3 printer
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVD-lab PRO_is1" = DVD-lab PRO 1.53
    "eMule" = eMule
    "ESET Online Scanner" = ESET Online Scanner v3
    "ExtractNow_is1" = ExtractNow
    "ffdshow" = ffdshow (remove only)
    "FTP Explorer" = FTP Explorer
    "GoldWave v4.26" = GoldWave v4.26
    "Hema Album Software Advanced_is1" = Hema Album Software Advanced
    "HFX PRO for Studio" = HFX PRO for Studio
    "Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "IrfanView" = IrfanView (remove only)
    "Kinderopvangtoeslag 2010" = Kinderopvangtoeslag 2010
    "Kinderopvangtoeslag 2011" = Kinderopvangtoeslag 2011
    "Lexmark 3100 Series" = Lexmark 3100 Series
    "LimeWire" = LimeWire 4.12.11
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
    "Maple 8" = Maple 8
    "Media Markt" = Media Markt
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MultipleIEs_is1" = MultipleIEs
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Ogg Codecs" = Ogg Codecs 0.81.15562
    "OggDS" = Direct Show Ogg Vorbis Filter (remove only)
    "RadLight Ogg Media DirectShow filter" = RadLight Ogg Media DirectShow filter (remove only)
    "SopCast" = SopCast 3.0.0
    "SpeedFan" = SpeedFan (remove only)
    "Sqirlz Morph" = Sqirlz Morph
    "TMPGEnc-2.59.47.155-Plus-EN" = TMPGEnc-2.59.47.155-Plus-EN
    "VeryPDF PDF To Image Converter v2.1_is1" = VeryPDF PDF To Image Converter v2.1
    "Verzoek of wijziging voorlopige aanslag 2010" = Verzoek of wijziging voorlopige aanslag 2010
    "Verzoek of wijziging voorlopige aanslag 2011" = Verzoek of wijziging voorlopige aanslag 2011
    "Verzoek voorlopige teruggaaf 2008" = Verzoek voorlopige teruggaaf 2008
    "VLC media player" = VLC media player 0.9.8a
    "Winamp" = Winamp (remove only)
    "WinAVI Video Converter_is1" = WinAVI Video Converter
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows Sidebar" = Windows Sidebar
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Tantrix Match" = Tantrix Match

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 25-2-2012 18:28:44 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 25-2-2012 18:28:44 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3907

    Error - 25-2-2012 18:28:44 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3907

    Error - 25-2-2012 18:28:46 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 25-2-2012 18:28:46 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5860

    Error - 25-2-2012 18:28:46 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5860

    Error - 25-2-2012 18:28:50 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 25-2-2012 18:28:50 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9579

    Error - 25-2-2012 18:28:50 | Computer Name = PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9579

    Error - 4-3-2012 9:38:43 | Computer Name = PC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: sopcast.exe, versie: 3.0.3.501, vastgelopen
    module: ntdll.dll, versie: 5.1.2600.6055, vastgelopen op: 0x00010cd0.

    [ System Events ]
    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De Sfusvc-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De SWMX00-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De {a7447300-8075-4b0d-83f1-3d75c8ebc623}-service is gestopt met de
    volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De Pnarp-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De Wpsdrvnt-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De W700mgmt-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:24 | Computer Name = PC | Source = Service Control Manager | ID = 7023
    Description = De Ispwdsvc-service is gestopt met de volgende foutcode: %%126.

    Error - 8-3-2012 14:46:31 | Computer Name = PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: PCLEPCI

    Error - 8-3-2012 14:46:35 | Computer Name = PC | Source = DCOM | ID = 10005
    Description = DCOM kreeg foutmelding '%1055' bij het starten van de iPod Service-service
    met de argumenten '' om de server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} te starten

    Error - 8-3-2012 15:01:55 | Computer Name = PC | Source = MRxSmb | ID = 8003
    Description = De masterbrowser heeft een servermelding ontvangen van computer LAPTOP
    die
    meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{52503A0F-5C0B-42B1-B7.
    De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.


    < End of report >
     
  19. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Okay, that was all from OTL.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x86 bit systems please download GrantPerms.zip and save it to your desktop.
    For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    Code:
    C:\WINDOWS\$NtUninstallKB22540$
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.

    Then....

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([ienoportal] https in Trusted sites)
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([portal] https in Trusted sites)
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: enschede.nl ([webmail] https in Trusted sites)
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Domains: localhost ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3106237358-2718937594-2690874173-1006\..Trusted Ranges: Range2 ([http] in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012-03-07 08:21:05 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
      [2012-01-09 20:43:37 | 000,013,234 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\3283598863
      [2012-01-09 20:43:37 | 000,013,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3283598863
      [2012-01-09 20:41:47 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\2520970206
      [2012-01-09 20:41:45 | 000,013,352 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\job0c0r2vnmw
      [2012-01-09 20:41:45 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2520970206
      [2012-01-09 20:26:42 | 000,013,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw
      [2012-01-14 12:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Teqi
      [2012-01-04 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uskyq
      [2012-01-14 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uzmigy
      [2012-01-24 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Yrys
      
      :Files
      C:\WINDOWS\system32\drivers\serial.sys|C:\WINDOWS\system32\dllcache\serial.sys /replace
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    After restart....

    Re-run OTL.

    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    serial.sys
    /md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
     
  21. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    New logs

    Hi Broni,

    I ran all. Posted below the results of GrantPerms, OTL en OTL again.

    ============================================================

    GrantPerms by Farbar
    Ran by user (administrator) at 2012-03-09 20:20:47

    ===============================================
    \\?\C:\WINDOWS\$NtUninstallKB22540$

    Owner: INGEBOUWD\Administrators

    DACL(P)(AI):
    INGEBOUWD\Administrators FULL ALLOW (CI)(OI)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    INGEBOUWD\Gebruikers READ/EXECUTE ALLOW (CI)(OI)

    ============================================================


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enschede.nl\ienoportal\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enschede.nl\portal\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enschede.nl\webmail\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3106237358-2718937594-2690874173-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range2\\http deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\3283598863 moved successfully.
    C:\Documents and Settings\All Users\Application Data\3283598863 moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\2520970206 moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\job0c0r2vnmw moved successfully.
    C:\Documents and Settings\All Users\Application Data\2520970206 moved successfully.
    C:\Documents and Settings\All Users\Application Data\job0c0r2vnmw moved successfully.
    C:\Documents and Settings\user\Application Data\Teqi folder moved successfully.
    C:\Documents and Settings\user\Application Data\Uskyq folder moved successfully.
    C:\Documents and Settings\user\Application Data\Uzmigy folder moved successfully.
    C:\Documents and Settings\user\Application Data\Yrys folder moved successfully.
    ========== FILES ==========
    File C:\WINDOWS\system32\drivers\serial.sys successfully replaced with C:\WINDOWS\system32\dllcache\serial.sys
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 3244032 bytes
    ->Temporary Internet Files folder emptied: 65670 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8530665 bytes
    ->Java cache emptied: 109856 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 4637 bytes
    ->Flash cache emptied: 2281 bytes

    User: user
    ->Temp folder emptied: 11165502 bytes
    ->Temporary Internet Files folder emptied: 31250756 bytes
    ->Java cache emptied: 29823827 bytes
    ->FireFox cache emptied: 84047369 bytes
    ->Google Chrome cache emptied: 205617767 bytes
    ->Flash cache emptied: 2409689 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2845 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 102245 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 359,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.PC

    User: All Users

    User: Default User

    User: LocalService
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: user
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.PC

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.35.1 log created on 03092012_202344

    Files\Folders moved on Reboot...
    C:\Documents and Settings\user\Local Settings\Temp\MPC23.tmp moved successfully.
    C:\Documents and Settings\user\Local Settings\Temp\MPC26.tmp moved successfully.
    C:\Documents and Settings\user\Local Settings\Temp\MPC27.tmp moved successfully.
    C:\Documents and Settings\user\Local Settings\Temp\MPC2B.tmp moved successfully.
    C:\Documents and Settings\user\Local Settings\Temp\MPC35.tmp moved successfully.

    Registry entries deleted on Reboot...

    ============================================================


    OTL logfile created on: 9-3-2012 20:36:21 - Run 2
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\user\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,25% Memory free
    3,72 Gb Paging File | 3,08 Gb Available in Paging File | 82,63% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 142,26 Gb Free Space | 30,54% Space Free | Partition Type: NTFS
    Drive D: | 225,07 Gb Total Space | 31,05 Gb Free Space | 13,80% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========



    < MD5 for: SERIAL.SYS >
    [2004-08-04 13:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
    [2008-04-14 21:46:08 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
    [2004-08-04 13:00:00 | 018,788,859 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:serial.sys
    [2008-04-14 21:46:08 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=92C21762653BB2CE51147EB8A9AA654F -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=92C21762653BB2CE51147EB8A9AA654F -- C:\WINDOWS\system32\dllcache\serial.sys
    [2008-04-14 21:06:26 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=92C21762653BB2CE51147EB8A9AA654F -- C:\WINDOWS\system32\drivers\serial.sys

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good.
    How is computer doing?
    Did AVG stop complaining?

    Re-run OTL and just click on "Quick scan" button. No custom script needed.
    Only one log will be produced.
     
  23. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    Everything looks good. AVG indeed does not complain at the moment. Also the serial.sys seems okay now (I scanned it again with AVG and nothing came up anymore). Below the log of the OTL rescan.

    ================================================

    OTL logfile created on: 9-3-2012 22:09:30 - Run 3
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\user\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,68% Memory free
    3,72 Gb Paging File | 3,16 Gb Available in Paging File | 84,98% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 142,25 Gb Free Space | 30,54% Space Free | Partition Type: NTFS
    Drive D: | 225,07 Gb Total Space | 31,05 Gb Free Space | 13,80% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-03-07 21:07:25 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    PRC - [2012-03-07 20:36:39 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011-10-10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011-09-08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011-08-15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011-02-05 21:19:13 | 000,494,592 | --S- | M] (BitMicro Software Corporation) -- C:\Program Files\RapidBIT\cidaemon.exe
    PRC - [2010-03-11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010-03-11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2008-04-14 21:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-02-02 14:40:20 | 000,100,504 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    PRC - [2007-02-02 14:35:06 | 001,235,032 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\rserver3.exe
    PRC - [2006-01-19 15:54:34 | 000,925,696 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
    PRC - [2004-09-22 22:17:18 | 000,815,104 | ---- | M] (Grant Averett) -- C:\Program Files\Cerberus\Cerberus.exe
    PRC - [2003-09-04 03:30:52 | 000,106,496 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    PRC - [2003-09-04 03:11:50 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    PRC - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-03-07 20:36:39 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    MOD - [2012-02-15 09:05:18 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
    MOD - [2012-02-15 09:05:03 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
    MOD - [2012-02-15 09:04:12 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
    MOD - [2012-02-15 09:03:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    MOD - [2012-02-15 09:01:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    MOD - [2012-02-15 09:01:49 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    MOD - [2012-02-15 09:01:37 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    MOD - [2012-02-15 09:01:22 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
    MOD - [2012-02-15 08:59:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    MOD - [2012-02-14 23:22:18 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012-02-14 23:22:14 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2012-02-14 23:22:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2011-10-14 02:08:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2010-03-15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010-02-17 19:57:19 | 000,022,016 | ---- | M] () -- C:\WINDOWS\system32\rserver30\R3GOD.DLL
    MOD - [2008-04-14 21:32:32 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008-03-23 00:01:42 | 000,026,576 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vshell32.dll
    MOD - [2008-03-23 00:01:40 | 000,040,400 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuser32.dll
    MOD - [2008-03-23 00:01:40 | 000,011,216 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuxtheme.dll
    MOD - [2008-03-23 00:01:36 | 000,082,384 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vntdll.dll
    MOD - [2008-03-23 00:01:36 | 000,058,320 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vkernel32.dll
    MOD - [2008-03-23 00:01:34 | 000,019,920 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vmsvcrt.dll
    MOD - [2008-03-23 00:01:32 | 000,046,032 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vadvapi32.dll
    MOD - [2008-03-23 00:01:30 | 000,047,056 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vgdiplus.dll
    MOD - [2008-03-23 00:01:30 | 000,008,144 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vdwmapi.dll
    MOD - [2008-03-23 00:00:36 | 000,096,208 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vcomctl32.dll
    MOD - [2008-01-30 11:19:30 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2635.38726__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2635.38926__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2635.38683__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2635.38740__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2635.38956__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2635.38945__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2635.38717__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2635.38739__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2635.38702__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:30 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2635.38839__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2635.38985__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:29 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2635.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2635.38991__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2635.38733__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2635.38918__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:29 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2635.38697__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2635.38911__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2635.38902__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:29 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2635.38732__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,913,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2635.38951__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2635.38850__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2635.38906__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,577,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2635.38754__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2635.38842__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2635.38704__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2635.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008-01-30 11:19:28 | 000,319,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2635.38834__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2635.38747__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2635.38870__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008-01-30 11:19:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2635.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2635.38846__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2635.38846__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2635.38759__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2635.38869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2635.38888__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008-01-30 11:19:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2613.19911__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2613.19938__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2613.19938__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2613.19946__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008-01-30 11:19:28 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008-01-30 11:19:27 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2613.19937__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2613.19903__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2613.19914__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2613.19936__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2613.19946__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2613.19936__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2635.39013__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008-01-30 11:19:27 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2613.19902__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2613.19973__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2613.19924__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2613.19906__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2613.19935__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2613.19923__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2613.19922__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2613.19937__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2613.19902__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2613.19937__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2613.19921__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2613.19911__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2613.19910__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2613.19931__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2613.19921__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2613.19938__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2613.19934__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2613.19932__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2613.19924__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008-01-30 11:19:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2613.19916__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008-01-30 11:19:26 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2635.38712__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008-01-30 11:19:26 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2635.38969__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008-01-30 11:19:26 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2635.38682__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008-01-30 11:19:26 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2635.38968__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008-01-30 11:19:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2613.19921__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2613.19906__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2613.19944__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2613.19922__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2613.19908__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008-01-30 11:19:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2613.19916__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2635.38692__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008-01-30 11:19:25 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2635.38682__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008-01-30 11:19:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2635.38680__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008-01-30 11:19:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2613.19912__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008-01-30 11:19:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2613.19938__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008-01-30 11:19:25 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2635.38969__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2006-01-18 13:09:40 | 000,045,056 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\ZDWlan.dll
    MOD - [2006-01-18 13:09:36 | 000,212,992 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\dot1x_dll.dll
    MOD - [2004-10-12 07:46:30 | 001,761,280 | ---- | M] () -- C:\Program Files\FFDshow\ffdshow.ax
    MOD - [2004-05-25 15:06:58 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.ax
    MOD - [2003-09-04 03:11:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\mcrdchkr.dll
    MOD - [2003-09-04 03:11:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\regutil.dll
    MOD - [2003-07-29 10:45:10 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBRPP5C.DLL
    MOD - [2003-06-23 10:01:48 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\ConvDIB.dll
    MOD - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
     
  24. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    OTL rescan - part 2

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ZTEusbmdm6k)
    SRV - File not found [Auto | Stopped] -- -- (ZSMC211)
    SRV - File not found [Auto | Stopped] -- -- (zpsc)
    SRV - File not found [Auto | Stopped] -- -- (zntport)
    SRV - File not found [Auto | Stopped] -- -- (zebrsce)
    SRV - File not found [Auto | Stopped] -- -- (ypcservice)
    SRV - File not found [Auto | Stopped] -- -- (yats32)
    SRV - File not found [Auto | Stopped] -- -- (WNCPKT)
    SRV - File not found [Auto | Stopped] -- -- (WmVirHid)
    SRV - File not found [Auto | Stopped] -- -- (WmUsbHid)
    SRV - File not found [Auto | Stopped] -- -- (WmiAcpi)
    SRV - File not found [Auto | Stopped] -- -- (wmccds)
    SRV - File not found [Auto | Stopped] -- -- (WLAN_USB)
    SRV - File not found [Auto | Stopped] -- -- (winpower)
    SRV - File not found [Auto | Stopped] -- -- (WINFLASH)
    SRV - File not found [Auto | Stopped] -- -- (wg6n)
    SRV - File not found [Auto | Stopped] -- -- (websenseusagemonitor)
    SRV - File not found [Auto | Stopped] -- -- (websenseclientdeployservice)
    SRV - File not found [Auto | Stopped] -- -- (webrootspysweeperservice)
    SRV - File not found [Auto | Stopped] -- -- (webfilter)
    SRV - File not found [Auto | Stopped] -- -- (Wdf01000)
    SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
    SRV - File not found [Auto | Stopped] -- -- (WavxDMgr)
    SRV - File not found [Auto | Stopped] -- -- (WaveEnrollmentService)
    SRV - File not found [Auto | Stopped] -- -- (wacomvhid)
    SRV - File not found [Auto | Stopped] -- -- (w810obex)
    SRV - File not found [Auto | Stopped] -- -- (w550mdfl)
    SRV - File not found [Auto | Stopped] -- -- (w550bus)
    SRV - File not found [Auto | Stopped] -- -- (w300bus)
    SRV - File not found [Auto | Stopped] -- -- (w200obex)
    SRV - File not found [Auto | Stopped] -- -- (vwlogger)
    SRV - File not found [Auto | Stopped] -- -- (vpcnets2)
    SRV - File not found [Auto | Stopped] -- -- (vncmirror)
    SRV - File not found [Auto | Stopped] -- -- (vmx86)
    SRV - File not found [Auto | Stopped] -- -- (vmkbd2)
    SRV - File not found [Auto | Stopped] -- -- (viamraid)
    SRV - File not found [Auto | Stopped] -- -- (viagfx)
    SRV - File not found [Auto | Stopped] -- -- (viaagp1)
    SRV - File not found [Auto | Stopped] -- -- (vcsw)
    SRV - File not found [Auto | Stopped] -- -- (vaiomediaplatform-photoserver-appserver)
    SRV - File not found [Auto | Stopped] -- -- (v2imount)
    SRV - File not found [Auto | Stopped] -- -- (usnsvc)
    SRV - File not found [Auto | Stopped] -- -- (USBVCD)
    SRV - File not found [Auto | Stopped] -- -- (USBMN1X1)
    SRV - File not found [Auto | Stopped] -- -- (USBCamera)
    SRV - File not found [Auto | Stopped] -- -- (usb20l)
    SRV - File not found [Auto | Stopped] -- -- (us30sys)
    SRV - File not found [Auto | Stopped] -- -- (upperdev)
    SRV - File not found [Auto | Stopped] -- -- (uhcd)
    SRV - File not found [Auto | Stopped] -- -- (UCTblHid)
    SRV - File not found [Auto | Stopped] -- -- (U2SP)
    SRV - File not found [Auto | Stopped] -- -- (tvichw32)
    SRV - File not found [Auto | Stopped] -- -- (tsircsrv)
    SRV - File not found [Auto | Stopped] -- -- (TryAndDecideService)
    SRV - File not found [Auto | Stopped] -- -- (trufos)
    SRV - File not found [Auto | Stopped] -- -- (traprcvr)
    SRV - File not found [Auto | Stopped] -- -- (transbaseservice)
    SRV - File not found [Auto | Stopped] -- -- (trackcam4)
    SRV - File not found [Auto | Stopped] -- -- (tpsrv)
    SRV - File not found [Auto | Stopped] -- -- (tphkdrv)
    SRV - File not found [Auto | Stopped] -- -- (tphdexlgsvc)
    SRV - File not found [Auto | Stopped] -- -- (tosrfnds)
    SRV - File not found [Auto | Stopped] -- -- (tosrfbd)
    SRV - File not found [Auto | Stopped] -- -- (tdimsys)
    SRV - File not found [Auto | Stopped] -- -- (taphss)
    SRV - File not found [Auto | Stopped] -- -- (tapeware)
    SRV - File not found [Auto | Stopped] -- -- (symwsc)
    SRV - File not found [Auto | Stopped] -- -- (SymIM)
    SRV - File not found [Auto | Stopped] -- -- (symids)
    SRV - File not found [Auto | Stopped] -- -- (symantecantibotwatcher)
    SRV - File not found [Auto | Stopped] -- -- (superproserver)
    SRV - File not found [Auto | Stopped] -- -- (SunkFilt39)
    SRV - File not found [Auto | Stopped] -- -- (stunnel)
    SRV - File not found [Auto | Stopped] -- -- (streamloadservice)
    SRV - File not found [Auto | Stopped] -- -- (sthda)
    SRV - File not found [Auto | Stopped] -- -- (starwindserviceae)
    SRV - File not found [Auto | Stopped] -- -- (ssscsisv)
    SRV - File not found [Auto | Stopped] -- -- (ssm_bus)
    SRV - File not found [Auto | Stopped] -- -- (SSFS0BB9)
    SRV - File not found [Auto | Stopped] -- -- (ssdiagn)
    SRV - File not found [Auto | Stopped] -- -- (sqlagent$sony_mediamgr)
    SRV - File not found [Auto | Stopped] -- -- (SQLAgent$MICROSOFTSMLBIZ)
    SRV - File not found [Auto | Stopped] -- -- (sonywbms)
    SRV - File not found [Auto | Stopped] -- -- (sonicstagemonitoring)
    SRV - File not found [Auto | Stopped] -- -- (snoopfree)
    SRV - File not found [Auto | Stopped] -- -- (sndsrvc)
    SRV - File not found [Auto | Stopped] -- -- (Slpsvdr)
    SRV - File not found [Auto | Stopped] -- -- (Sk99202k)
    SRV - File not found [Auto | Stopped] -- -- (SilverLink)
    SRV - File not found [Auto | Stopped] -- -- (ShockMgr)
    SRV - File not found [Auto | Stopped] -- -- (sfhlp01)
    SRV - File not found [Auto | Stopped] -- -- (SfCtlCom)
    SRV - File not found [Auto | Stopped] -- -- (SetupNT)
    SRV - File not found [Auto | Stopped] -- -- (servicelayer)
    SRV - File not found [Auto | Stopped] -- -- (sermouse)
    SRV - File not found [Auto | Stopped] -- -- (se59unic)
    SRV - File not found [Auto | Stopped] -- -- (se58nd5)
    SRV - File not found [Auto | Stopped] -- -- (se58mdm)
    SRV - File not found [Auto | Stopped] -- -- (se45obex)
    SRV - File not found [Auto | Stopped] -- -- (SE2Dmgmt)
    SRV - File not found [Auto | Stopped] -- -- (SE2Dbus)
    SRV - File not found [Auto | Stopped] -- -- (SE2Cobex)
    SRV - File not found [Auto | Stopped] -- -- (SE2Bmdm)
    SRV - File not found [Auto | Stopped] -- -- (SE27mgmt)
    SRV - File not found [Auto | Stopped] -- -- (SE27mdfl)
    SRV - File not found [Auto | Stopped] -- -- (scanexplicit)
    SRV - File not found [Auto | Stopped] -- -- (sbhooksvc)
    SRV - File not found [Auto | Stopped] -- -- (SbcpHid)
    SRV - File not found [Auto | Stopped] -- -- (SaiH040B)
    SRV - File not found [Auto | Stopped] -- -- (SaiClass)
    SRV - File not found [Auto | Stopped] -- -- (S7oppilx)
    SRV - File not found [Auto | Stopped] -- -- (s616nd5)
    SRV - File not found [Auto | Stopped] -- -- (s217unic)
    SRV - File not found [Auto | Stopped] -- -- (s125obex)
    SRV - File not found [Auto | Stopped] -- -- (s125bus)
    SRV - File not found [Auto | Stopped] -- -- (s117unic)
    SRV - File not found [Auto | Stopped] -- -- (s116unic)
    SRV - File not found [Auto | Stopped] -- -- (s116obex)
    SRV - File not found [Auto | Stopped] -- -- (RVIEG01)
    SRV - File not found [Auto | Stopped] -- -- (rtl8029)
    SRV - File not found [Auto | Stopped] -- -- (RTHDMIAzAudService)
    SRV - File not found [Auto | Stopped] -- -- (rpskt)
    SRV - File not found [Auto | Stopped] -- -- (rkhdrv31)
    SRV - File not found [Auto | Stopped] -- -- (RivaTuner32)
    SRV - File not found [Auto | Stopped] -- -- (rismxdp)
    SRV - File not found [Auto | Stopped] -- -- (rimusb)
    SRV - File not found [Auto | Stopped] -- -- (rimmptsk)
    SRV - File not found [Auto | Stopped] -- -- (revudfservice)
    SRV - File not found [Auto | Stopped] -- -- (REVOSENS)
    SRV - File not found [Auto | Stopped] -- -- (regsrvc)
    SRV - File not found [Auto | Stopped] -- -- (raysatxsi5_0server)
    SRV - File not found [Auto | Stopped] -- -- (radclock)
    SRV - File not found [Auto | Stopped] -- -- (QWAVE)
    SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
    SRV - File not found [Auto | Stopped] -- -- (ql2100)
    SRV - File not found [Auto | Stopped] -- -- (qconsvc)
    SRV - File not found [Auto | Stopped] -- -- (qcmerced)
    SRV - File not found [Auto | Stopped] -- -- (pwd_2K)
    SRV - File not found [Auto | Stopped] -- -- (PTDCMdm)
    SRV - File not found [Auto | Stopped] -- -- (psasrv)
    SRV - File not found [Auto | Stopped] -- -- (psadd)
    SRV - File not found [Auto | Stopped] -- -- (procexp90)
    SRV - File not found [Auto | Stopped] -- -- (pptchpad)
    SRV - File not found [Auto | Stopped] -- -- (pnmsrv)
    SRV - File not found [Auto | Stopped] -- -- (pmshellsrv)
    SRV - File not found [Auto | Stopped] -- -- (pinnaclemarvinusb)
    SRV - File not found [Auto | Stopped] -- -- (pinetmgr)
    SRV - File not found [Auto | Stopped] -- -- (PID_08A0)
    SRV - File not found [Auto | Stopped] -- -- (pgsql-8.0)
    SRV - File not found [Auto | Stopped] -- -- (PGPwded)
    SRV - File not found [Auto | Stopped] -- -- (PGPdisk)
    SRV - File not found [Auto | Stopped] -- -- (pelmouse)
    SRV - File not found [Auto | Stopped] -- -- (pdlndsdl)
    SRV - File not found [Auto | Stopped] -- -- (pdlncbas)
    SRV - File not found [Auto | Stopped] -- -- (pdengine)
    SRV - File not found [Auto | Stopped] -- -- (PCISys)
    SRV - File not found [Auto | Stopped] -- -- (papycpu2)
    SRV - File not found [Auto | Stopped] -- -- (PAC7302)
    SRV - File not found [Auto | Stopped] -- -- (p3)
    SRV - File not found [Auto | Stopped] -- -- (p17xfilt)
    SRV - File not found [Auto | Stopped] -- -- (p1110vid)
    SRV - File not found [Auto | Stopped] -- -- (ose)
    SRV - File not found [Auto | Stopped] -- -- (oraclexeclragent)
    SRV - File not found [Auto | Stopped] -- -- (oracleorahomemanagementserver)
    SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_client-forms6i)
    SRV - File not found [Auto | Stopped] -- -- (ONSIO)
    SRV - File not found [Auto | Stopped] -- -- (omsad)
    SRV - File not found [Auto | Stopped] -- -- (omniserv)
    SRV - File not found [Auto | Stopped] -- -- (omnidrv)
    SRV - File not found [Auto | Stopped] -- -- (olregcap)
    SRV - File not found [Auto | Stopped] -- -- (ofcpfwsvc)
    SRV - File not found [Auto | Stopped] -- -- (NWSAP)
    SRV - File not found [Auto | Stopped] -- -- (nvnetbus)
    SRV - File not found [Auto | Stopped] -- -- (NvNdis)
    SRV - File not found [Auto | Stopped] -- -- (nvax)
    SRV - File not found [Auto | Stopped] -- -- (ntgrip)
    SRV - File not found [Auto | Stopped] -- -- (nsausvc)
    SRV - File not found [Auto | Stopped] -- -- (npkcsvc)
    SRV - File not found [Auto | Stopped] -- -- (noipducservice)
    SRV - File not found [Auto | Stopped] -- -- (nocashio)
    SRV - File not found [Auto | Stopped] -- -- (nmservice)
    SRV - File not found [Auto | Stopped] -- -- (nlsvc)
    SRV - File not found [Auto | Stopped] -- -- (nimxdfk)
    SRV - File not found [Auto | Stopped] -- -- (netwg311)
    SRV - File not found [Auto | Stopped] -- -- (NETw5x32)
    SRV - File not found [Auto | Stopped] -- -- (ndasbus)
    SRV - File not found [Auto | Stopped] -- -- (NCPro)
    SRV - File not found [Auto | Stopped] -- -- (naveng)
    SRV - File not found [Auto | Stopped] -- -- (naimagent32)
    SRV - File not found [Auto | Stopped] -- -- (mwsejcap)
    SRV - File not found [Auto | Stopped] -- -- (mvserver)
    SRV - File not found [Auto | Stopped] -- -- (MTDVC2_ENUM)
    SRV - File not found [Auto | Stopped] -- -- (MSW_USB)
    SRV - File not found [Auto | Stopped] -- -- (mssql$microsoftbcm)
    SRV - File not found [Auto | Stopped] -- -- (msmframework)
    SRV - File not found [Auto | Stopped] -- -- (mrvw245)
    SRV - File not found [Auto | Stopped] -- -- (MRV6X32P)
    SRV - File not found [Auto | Stopped] -- -- (mrpostman)
    SRV - File not found [Auto | Stopped] -- -- (MRESP50)
    SRV - File not found [Auto | Stopped] -- -- (MRENDIS5)
    SRV - File not found [Auto | Stopped] -- -- (mpfirewl)
    SRV - File not found [Auto | Stopped] -- -- (MobilePreInstallerService)
    SRV - File not found [Auto | Stopped] -- -- (mmc_2K)
    SRV - File not found [Auto | Stopped] -- -- (mlkkbdntdriver)
    SRV - File not found [Auto | Stopped] -- -- (mksupdateint)
    SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsMax2008_32)
    SRV - File not found [Auto | Stopped] -- -- (minilog)
    SRV - File not found [Auto | Stopped] -- -- (mgisvr)
    SRV - File not found [Auto | Stopped] -- -- (mfebopk)
    SRV - File not found [Auto | Stopped] -- -- (merakpop3)
    SRV - File not found [Auto | Stopped] -- -- (MegaSR)
    SRV - File not found [Auto | Stopped] -- -- (mcupdmgr.exe)
    SRV - File not found [Auto | Stopped] -- -- (mcsysmon)
    SRV - File not found [Auto | Stopped] -- -- (mcnasvc)
    SRV - File not found [Auto | Stopped] -- -- (mcdbus)
    SRV - File not found [Auto | Stopped] -- -- (McciCMService)
    SRV - File not found [Auto | Stopped] -- -- (mcafeeantispyware)
    SRV - File not found [Auto | Stopped] -- -- (marvinbus)
    SRV - File not found [Auto | Stopped] -- -- (Maplom)
    SRV - File not found [Auto | Stopped] -- -- (MA_CMIDI)
    SRV - File not found [Auto | Stopped] -- -- (lxdj_device)
    SRV - File not found [Auto | Stopped] -- -- (lwwlicenseservice)
    SRV - File not found [Auto | Stopped] -- -- (lvprcsrv)
    SRV - File not found [Auto | Stopped] -- -- (logonsvcid)
    SRV - File not found [Auto | Stopped] -- -- (LMIRfsDriver)
    SRV - File not found [Auto | Stopped] -- -- (lktimesync)
    SRV - File not found [Auto | Stopped] -- -- (konfig)
    SRV - File not found [Auto | Stopped] -- -- (KMWDFilter)
    SRV - File not found [Auto | Stopped] -- -- (k750mdm)
    SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
    SRV - File not found [Auto | Stopped] -- -- (jtagserver)
    SRV - File not found [Auto | Stopped] -- -- (ixiaendpoint)
    SRV - File not found [Auto | Stopped] -- -- (IWCA)
    SRV - File not found [Auto | Stopped] -- -- (iviregmgr)
    SRV - File not found [Auto | Stopped] -- -- (ISODrive)
    SRV - File not found [Auto | Stopped] -- -- (isdrv120)
    SRV - File not found [Auto | Stopped] -- -- (irmon)
    SRV - File not found [Auto | Stopped] -- -- (ireike)
    SRV - File not found [Auto | Stopped] -- -- (IntuitUpdateService)
    SRV - File not found [Auto | Stopped] -- -- (int15)
    SRV - File not found [Auto | Stopped] -- -- (inspect)
    SRV - File not found [Auto | Stopped] -- -- (imagesrv)
    SRV - File not found [Auto | Stopped] -- -- (ilicensesvc)
    SRV - File not found [Auto | Stopped] -- -- (igateway)
    SRV - File not found [Auto | Stopped] -- -- (idebusdr)
    SRV - File not found [Auto | Stopped] -- -- (iaimtv3)
    SRV - File not found [Auto | Stopped] -- -- (iaimfp4)
    SRV - File not found [Auto | Stopped] -- -- (iaantmon)
    SRV - File not found [Auto | Stopped] -- -- (HWSCtrl)
    SRV - File not found [Auto | Stopped] -- -- (hsxhwazl)
    SRV - File not found [Auto | Stopped] -- -- (hsvcmod)
    SRV - File not found [Auto | Stopped] -- -- (hsf_msft)
    SRV - File not found [Auto | Stopped] -- -- (HPFXBULK)
    SRV - File not found [Auto | Stopped] -- -- (Hotkey)
    SRV - File not found [Auto | Stopped] -- -- (hidbatt)
    SRV - File not found [Auto | Stopped] -- -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- -- (HBtnKey)
    SRV - File not found [Auto | Stopped] -- -- (ha20x2k)
    SRV - File not found [Auto | Stopped] -- -- (gusvc)
    SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-service (gupdatem)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Updateservice (gupdate)
    SRV - File not found [Auto | Stopped] -- -- (GTWModem)
    SRV - File not found [Auto | Stopped] -- -- (govsrv)
    SRV - File not found [Auto | Stopped] -- -- (GoBack2K)
    SRV - File not found [Auto | Stopped] -- -- (FVNETusb)
    SRV - File not found [Auto | Stopped] -- -- (fuj02b1)
    SRV - File not found [Auto | Stopped] -- -- (ftpqueue)
    SRV - File not found [Auto | Stopped] -- -- (forcewarewebinterface)
    SRV - File not found [Auto | Stopped] -- -- (FontCache3.0.0.0.)
    SRV - File not found [Auto | Stopped] -- -- (fingrd32)
    SRV - File not found [Auto | Stopped] -- -- (FETNDIS)
    SRV - File not found [Auto | Stopped] -- -- (fallback)
    SRV - File not found [Auto | Stopped] -- -- (fa_scheduler)
    SRV - File not found [Auto | Stopped] -- -- (F700iob)
    SRV - File not found [Auto | Stopped] -- -- (EPSON_EB_RPCV4_01)
    SRV - File not found [Auto | Stopped] -- -- (EpmPsd)
    SRV - File not found [Auto | Stopped] -- -- (enethusb)
    SRV - File not found [Auto | Stopped] -- -- (emupia)
    SRV - File not found [Auto | Stopped] -- -- (emu10k1)
    SRV - File not found [Auto | Stopped] -- -- (ELhid)
    SRV - File not found [Auto | Stopped] -- -- (EL2000)
    SRV - File not found [Auto | Stopped] -- -- (ec2007service)
    SRV - File not found [Auto | Stopped] -- -- (eamon)
    SRV - File not found [Auto | Stopped] -- -- (EACSys)
    SRV - File not found [Auto | Stopped] -- -- (dvpapi)
    SRV - File not found [Auto | Stopped] -- -- (DSI_SiUSBXp_3_1)
    SRV - File not found [Auto | Stopped] -- -- (dot4print)
    SRV - File not found [Auto | Stopped] -- -- (dlcf_device)
    SRV - File not found [Auto | Stopped] -- -- (dladresn)
    SRV - File not found [Auto | Stopped] -- -- (dlacdbhm)
    SRV - File not found [Auto | Stopped] -- -- (digictrl)
    SRV - File not found [Auto | Stopped] -- -- (DfwWebAgent)
    SRV - File not found [Auto | Stopped] -- -- (defragfs)
    SRV - File not found [Auto | Stopped] -- -- (Defrag32b)
    SRV - File not found [Auto | Stopped] -- -- (dcsloader)
    SRV - File not found [Auto | Stopped] -- -- (DCamUSBSQTECH)
    SRV - File not found [Auto | Stopped] -- -- (DCamUSBGrandTek)
    SRV - File not found [Auto | Stopped] -- -- (CYGF32X)
    SRV - File not found [Auto | Stopped] -- -- (CXTUNE)
    SRV - File not found [Auto | Stopped] -- -- (cwcspud)
    SRV - File not found [Auto | Stopped] -- -- (cwafadmincontroller)
    SRV - File not found [Auto | Stopped] -- -- (cvsnt)
    SRV - File not found [Auto | Stopped] -- -- (CVirtA)
    SRV - File not found [Auto | Stopped] -- -- (ctxcpuusync)
    SRV - File not found [Auto | Stopped] -- -- (ctprxy2k)
    SRV - File not found [Auto | Stopped] -- -- (CTHWIUT.DLL)
    SRV - File not found [Auto | Stopped] -- -- (CTDevice_Srv)
    SRV - File not found [Auto | Stopped] -- -- (CSRBC)
    SRV - File not found [Auto | Stopped] -- -- (cpqnicmgmt)
    SRV - File not found [Auto | Stopped] -- -- (cpqdfw)
    SRV - File not found [Auto | Stopped] -- -- (cpntsrv)
    SRV - File not found [Auto | Stopped] -- -- (CnxTrUsb)
    SRV - File not found [Auto | Stopped] -- -- (cmudau)
    SRV - File not found [Auto | Stopped] -- -- (clsched)
    SRV - File not found [Auto | Stopped] -- -- (ClntMgmt.sys)
    SRV - File not found [Auto | Stopped] -- -- (clnt_clientman)
    SRV - File not found [Auto | Stopped] -- -- (cidaemon)
    SRV - File not found [Auto | Stopped] -- -- (cfosspeed)
    SRV - File not found [Auto | Stopped] -- -- (cercsr6)
    SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
    SRV - File not found [Auto | Stopped] -- -- (ccpwdsvc)
    SRV - File not found [Auto | Stopped] -- -- (carboniteservice)
    SRV - File not found [Auto | Stopped] -- -- (ca-messagequeuing)
    SRV - File not found [Auto | Stopped] -- -- (bwmservice)
    SRV - File not found [Auto | Stopped] -- -- (bwcsrv)
    SRV - File not found [Auto | Stopped] -- -- (btwdndis)
    SRV - File not found [Auto | Stopped] -- -- (btwaudio)
    SRV - File not found [Auto | Stopped] -- -- (btfirst)
    SRV - File not found [Auto | Stopped] -- -- (BrUsbSer)
    SRV - File not found [Auto | Stopped] -- -- (BrPar)
    SRV - File not found [Auto | Stopped] -- -- (botcbs)
    SRV - File not found [Auto | Stopped] -- -- (blueletscoaudio)
    SRV - File not found [Auto | Stopped] -- -- (belgium_id_card_service)
    SRV - File not found [Auto | Stopped] -- -- (bdselfpr)
    SRV - File not found [Auto | Stopped] -- -- (bdpredir)
    SRV - File not found [Auto | Stopped] -- -- (BcmSqlStartupSvc)
    SRV - File not found [Auto | Stopped] -- -- (bcftdi)
    SRV - File not found [Auto | Stopped] -- -- (bc_pat_f)
    SRV - File not found [Auto | Stopped] -- -- (bc_ip_f)
    SRV - File not found [Auto | Stopped] -- -- (basic2)
    SRV - File not found [Auto | Stopped] -- -- (backupexecnamingservice)
    SRV - File not found [Auto | Stopped] -- -- (backupexecdevicemediaservice)
    SRV - File not found [Auto | Stopped] -- -- (backupexecalertserver)
    SRV - File not found [Auto | Stopped] -- -- (b57w2k)
    SRV - File not found [Auto | Stopped] -- -- (awhost32)
    SRV - File not found [Auto | Stopped] -- -- (avupdsvc)
    SRV - File not found [Auto | Stopped] -- -- (avidsdmservice)
    SRV - File not found [Auto | Stopped] -- -- (avg7updsvc)
    SRV - File not found [Auto | Stopped] -- -- (avg7rsw)
    SRV - File not found [Auto | Stopped] -- -- (avg7core)
    SRV - File not found [Auto | Stopped] -- -- (AVerBDA)
    SRV - File not found [Auto | Stopped] -- -- (avcgbdr)
    SRV - File not found [Auto | Stopped] -- -- (autocomplete)
    SRV - File not found [Auto | Stopped] -- -- (ATMsg)
    SRV - File not found [Auto | Stopped] -- -- (atitunep)
    SRV - File not found [Auto | Stopped] -- -- (ati2mtaa)
    SRV - File not found [Auto | Stopped] -- -- (AtcL002)
    SRV - File not found [Auto | Stopped] -- -- (aswtdi)
    SRV - File not found [Auto | Stopped] -- -- (aswlsvc)
    SRV - File not found [Auto | Stopped] -- -- (AsusACPI)
    SRV - File not found [Auto | Stopped] -- -- (asmagent)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (aolavupd)
    SRV - File not found [Auto | Stopped] -- -- (anio)
    SRV - File not found [Auto | Stopped] -- -- (amoagent)
    SRV - File not found [Auto | Stopped] -- -- (amdk77)
    SRV - File not found [Auto | Stopped] -- -- (alertservice)
    SRV - File not found [Auto | Stopped] -- -- (alcaudsl)
    SRV - File not found [Auto | Stopped] -- -- (AFGSp50)
    SRV - File not found [Auto | Stopped] -- -- (aeaudio)
    SRV - File not found [Auto | Stopped] -- -- (adpu320)
    SRV - File not found [Auto | Stopped] -- -- (admjoy)
    SRV - File not found [Auto | Stopped] -- -- (AdfuUd)
    SRV - File not found [Auto | Stopped] -- -- (adaptecstoragemanageragent)
    SRV - File not found [Auto | Stopped] -- -- (aamqdispatcher)
    SRV - File not found [Auto | Stopped] -- -- (A88xTuner)
    SRV - File not found [Auto | Stopped] -- -- ({85ccb53b-23d8-4e73-b1b7-9ddb71827d9b})
    SRV - [2012-03-07 20:36:39 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010-07-16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung PC Share Manager\WiselinkPro.exe -- (AllShare)
    SRV - [2009-05-17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
    SRV - [2007-02-02 14:35:06 | 001,235,032 | ---- | M] (Famatech International Corp.) [Auto | Running] -- C:\WINDOWS\System32\rserver30\RServer3.exe -- (RServer3)
    SRV - [2004-09-22 22:17:18 | 000,815,104 | ---- | M] (Grant Averett) [Auto | Running] -- C:\Program Files\Cerberus\Cerberus.exe -- (Cerberus FTP Server)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZDPNDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZDCndis5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCLEPCI)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCANDIS5)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FXDrv32)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011-10-04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011-07-11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011-07-11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011-07-11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2009-10-05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2008-04-13 23:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
    DRV - [2008-04-13 23:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
    DRV - [2007-05-31 08:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007-03-02 21:53:19 | 001,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007-03-01 10:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-02-02 14:54:26 | 000,041,176 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\rserver30\raddrvv3.sys -- (raddrvv3)
    DRV - [2006-11-01 04:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
    DRV - [2006-10-13 09:16:36 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006-01-18 13:09:40 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2005-12-22 13:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
    DRV - [2004-10-08 15:58:00 | 000,751,104 | ---- | M] (Asus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
    DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
    DRV - [2004-03-10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
    DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {15457935-CDA2-498D-ABA2-BB3E0C6C9604}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{15457935-CDA2-498D-ABA2-BB3E0C6C9604}: "URL" = http://www.google.nl/search?hl=nl&rlz=1G1GGLQ_NLNL286&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={99458DB6-A93D-4CD5-9080-E4B745F94197}&mid=2d27e4ca70d547d188f7d129f5d83e53-f1b8bc111bf0aabc6f2beb9a758fe9843f208faa&lang=nl&ds=AVG&pr=fr&d=2012-03-07 20:36:41&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.nl"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1912
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 4
    FF - prefs.js..extensions.enabledItems: 9
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012-03-07 20:35:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-03-07 20:36:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012-03-07 20:36:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-02 21:53:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-03 19:46:48 | 000,000,000 | ---D | M]

    [2008-08-16 13:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2012-02-05 13:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions
    [2009-09-12 11:20:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-02-07 11:42:51 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\3jf689pd.default\extensions\firefox@tvunetworks.com
    [2012-02-05 13:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010-07-31 22:05:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011-04-03 09:41:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011-07-01 18:31:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012-02-04 14:31:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2012-03-07 20:35:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
    [2008-12-02 19:06:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-03-11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
    [2010-03-11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    [2010-03-11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
    [2010-03-11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    [2011-11-10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010-03-11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
    [2010-03-11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    [2012-03-07 20:36:37 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011-02-05 10:17:10 | 000,001,890 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2011-02-05 10:17:10 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2011-02-05 10:17:10 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
    [2011-02-05 10:17:10 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
    [2011-02-05 10:17:10 | 000,000,802 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml
     
  25. arnoldkooiker

    arnoldkooiker TS Rookie Topic Starter Posts: 22

    OTL rescan - part 3

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

    O1 HOSTS File: ([2012-03-07 08:57:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
    O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_30.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/43.10/uploader2.cab (UploadListView Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112288959018 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab (Image Uploader Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52503A0F-5C0B-42B1-B77D-EFE140159F74}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A80290E0-1513-4894-83AE-BAB9896987DB}: NameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\rserver30\r3god.dll) - C:\WINDOWS\system32\rserver30\R3GOD.DLL ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\IrfanView\IrfanView_Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005-03-31 17:08:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007-01-06 16:59:44 | 000,000,095 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-03-09 20:25:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012-03-09 20:23:44 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012-03-07 21:07:29 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    [2012-03-07 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2012
    [2012-03-07 20:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2012
    [2012-03-07 20:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG Secure Search
    [2012-03-07 20:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012-03-07 20:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2012-03-07 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
    [2012-03-07 20:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012-03-07 20:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012-03-07 08:26:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-03-07 08:24:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012-03-07 08:24:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012-03-07 08:24:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012-03-07 08:24:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012-03-07 08:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012-03-07 08:24:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-03-07 08:01:40 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Bureaublad\AppRemover.exe
    [2012-03-07 07:49:52 | 004,428,059 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Bureaublad\ComboFix.exe
    [2012-03-05 19:54:13 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\user\Bureaublad\boot_cleaner.exe
    [2012-03-05 19:08:01 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Bureaublad\aswMBR.exe
    [2012-03-05 11:24:50 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Bureaublad\TDSSKiller.exe
    [2012-03-04 14:58:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Bureaublad\dds.scr
    [2012-03-04 14:35:53 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Bureaublad\Malwarebytes' Anti-Malware mbam--setup-1.60.1.1000.exe
    [2012-03-01 22:26:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012-03-01 22:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012-02-29 22:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Anti virus, malware
    [2012-02-29 22:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Start\Programma's\Anti virus, malware
    [2012-02-29 22:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012-02-20 23:19:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

    ========== Files - Modified Within 30 Days ==========

    [2012-03-09 21:18:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006UA.job
    [2012-03-09 20:30:02 | 000,000,023 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
    [2012-03-09 20:29:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012-03-09 20:07:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012-03-09 19:57:06 | 091,239,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012-03-09 19:53:18 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012-03-07 21:07:25 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureaublad\OTL.exe
    [2012-03-07 08:57:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012-03-07 08:26:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012-03-07 08:02:05 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\user\Bureaublad\AppRemover.exe
    [2012-03-07 07:59:50 | 000,000,448 | ---- | M] () -- C:\WINDOWS\lexstat.ini
    [2012-03-07 07:58:36 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012-03-07 07:49:59 | 004,428,059 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Bureaublad\ComboFix.exe
    [2012-03-05 19:53:15 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\bootkit_remover.zip
    [2012-03-05 19:49:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\MBR.dat
    [2012-03-05 19:08:04 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Bureaublad\aswMBR.exe
    [2012-03-05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Bureaublad\TDSSKiller.exe
    [2012-03-04 15:18:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3106237358-2718937594-2690874173-1006Core.job
    [2012-03-04 14:58:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Bureaublad\dds.scr
    [2012-03-04 13:34:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\user\Bureaublad\GMER-gntotgos.exe
    [2012-03-01 22:23:43 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Bureaublad\Malwarebytes' Anti-Malware mbam--setup-1.60.1.1000.exe
    [2012-02-29 19:19:58 | 000,145,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012-02-25 17:14:23 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
    [2012-02-21 19:51:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
    [2012-02-16 19:58:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Gemeente Enschede Citrix Portal - CSG4.url
    [2012-02-15 21:15:30 | 000,001,888 | ---- | M] () -- C:\WINDOWS\goldwave.ini
    [2012-02-15 21:14:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012-02-15 11:12:39 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-02-15 08:57:31 | 000,650,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-02-14 23:22:44 | 000,509,338 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2012-02-14 23:22:44 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012-02-14 23:22:44 | 000,091,014 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2012-02-14 23:22:44 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012-02-12 20:51:53 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\user\Mijn documenten\PDVD_MediaDisc.PlayList
    [2012-02-11 12:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012-02-09 19:53:56 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2012-03-09 20:19:22 | 000,456,948 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\GrantPerms.exe
    [2012-03-07 08:26:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012-03-07 08:26:40 | 000,261,936 | RHS- | C] () -- C:\cmldr
    [2012-03-07 08:24:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012-03-07 08:24:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012-03-07 08:24:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012-03-07 08:24:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012-03-07 08:24:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012-03-05 19:53:17 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\bootkit_remover.zip
    [2012-03-05 19:49:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\MBR.dat
    [2012-03-04 13:33:59 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\user\Bureaublad\GMER-gntotgos.exe
    [2012-02-14 19:50:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012-02-14 19:50:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2011-04-27 21:41:36 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\user\Application Data\fontdb.mdb
    [2011-02-23 02:53:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011-02-12 10:21:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2011-02-12 10:21:43 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2011-02-12 10:20:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2011-02-12 10:20:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2011-02-12 10:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2011-02-12 10:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
    [2011-01-12 20:30:13 | 000,160,361 | ---- | C] () -- C:\WINDOWS\Sqirlz Morph Uninstaller.exe
    [2010-11-19 20:47:23 | 000,124,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010-04-12 10:50:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
    [2010-03-16 21:34:03 | 000,003,633 | ---- | C] () -- C:\WINDOWS\iexplore.ini

    ========== LOP Check ==========

    [2012-03-07 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012-03-07 20:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010-11-16 10:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2012-02-03 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2012-01-14 17:44:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010-07-31 13:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Net
    [2010-08-12 19:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
    [2012-03-09 19:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008-08-20 22:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2008-09-14 10:15:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
    [2010-04-17 12:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-05-15 21:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010-01-24 21:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2008-09-02 20:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.ABC
    [2012-03-07 20:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG Secure Search
    [2012-03-07 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
    [2011-03-13 13:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Belastingdienst
    [2011-04-27 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BorWare
    [2010-07-31 13:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Net
    [2012-01-14 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ehg
    [2012-01-23 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Heri
    [2008-08-26 19:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
    [2008-09-14 13:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IrfanView
    [2010-12-13 20:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire
    [2011-05-16 19:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Octoshape

    ========== Purity Check ==========



    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...