TechSpot

[Holding] AVG keeps on finding Trojan Horse Crypt.AQLW and Win32/Sirefef.ER

By Danielf91
Mar 9, 2012
  1. Hi there,

    Since a few days my AVG keeps popping up with infections, which I can send to quarantine. The infections keep coming back however in different .dll names/files in system32, but they are always named Trojans Horse Crypt.AQLW and Win32/Sirefef.ER.

    When I do a scan with AVG it doesn't come up with anything. Help would be very much appreciated.

    The logs are posted below. Some of the text is in Dutch, I am not sure if this is ok with you?

    =================================================================

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.03.07.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Daniel :: DANIEL-PC [administrator]

    9-3-2012 13:20:32
    mbam-log-2012-03-09 (13-20-32).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 213139
    Verstreken tijd: 7 minuut/minuten, 22 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    =================================================================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-09 13:36:23
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FCDO
    Running: l58d6vrr.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a41mzik2 \Device\Scsi\a41mzik21 875721F8
    Device \Driver\a41mzik2 \Device\Scsi\a41mzik21Port1Path0Target0Lun0 875721F8
    Device \FileSystem\Ntfs \Ntfs 862341F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\fastfat \Fat 87281500

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework-runtime/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 4932

    ---- EOF - GMER 1.0.15 ----

    =================================================================


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by Daniel at 13:43:58 on 2012-03-09
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3036.1430 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\System32\svchost.exe -k Cognizance
    C:\Windows\System32\svchost.exe -k Bioscrypt
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\FileZilla Server\FileZilla Server.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\rpcnet.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\IAM\bin\AsGHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    mSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\reimagecompanion\updatebhoWin32.dll
    BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - c:\program files\reimagecompanion\jsloader.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [Chit Chat for Facebook] c:\program files\chit chat for facebook\CCFFacebook.exe
    uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
    uRun: [ares] "c:\program files\ares\Ares.exe" -h
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
    mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: DhcpNameServer = 82.139.64.64 82.139.66.66
    TCP: Interfaces\{D118C8FB-642F-4477-952D-A4BAEF5FF7E6} : DhcpNameServer = 82.139.64.64 82.139.66.66
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\05F6C616279637 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\6456272772D60284579637 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\A414E43524255574 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\A414E43524255574D20535B4 : DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1 8.8.8.8
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\C696E6B637973713 : DhcpNameServer = 172.25.38.6 172.25.4.6
    TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\E696D626573723030313 : DhcpNameServer = 130.161.180.1 130.161.180.65
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
    Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
    AppInit_DLLs: c:\progra~1\hewlet~1\iam\bin\APSHook.dll acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli ASWLNPkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-3-5 51480]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-3-5 13032]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-3-5 12600]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-7-14 20992]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2009-7-14 20992]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-3-5 256616]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-1-14 26168]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-7-29 482176]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-1-16 223960]
    R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-16 7122944]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-2-14 49152]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 mks_scan;Aalogger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-30 30312]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-6-13 20328]
    S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2010-4-13 45056]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-1-14 3668480]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-4 27192]
    S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2011-2-14 49152]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-30 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-30 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-30 136808]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
    S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2011-6-11 6784]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
    S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
    .
    =============== Created Last 30 ================
    .
    2012-03-08 16:12:53 -------- d-----w- c:\program files\Mass Effect 3
    2012-03-08 13:11:35 -------- d-----w- c:\programdata\ParetoLogic
    2012-03-08 13:11:34 -------- d-----w- c:\program files\common files\ParetoLogic
    2012-03-08 13:11:33 -------- d-----w- c:\programdata\XoftSpySE
    2012-03-08 13:11:33 -------- d-----w- c:\program files\common files\XoftSpySE
    2012-03-08 13:11:32 -------- d-----w- c:\program files\XoftSpySE6
    2012-03-08 13:03:51 -------- d-----w- C:\rei
    2012-03-08 13:03:47 -------- d-----w- c:\program files\Reimage
    2012-03-08 13:03:42 -------- d-----w- c:\program files\ReImageCompanion
    2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
    2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
    2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
    2012-03-08 12:59:45 -------- d-----w- C:\sh4ldr
    2012-03-08 12:59:45 -------- d-----w- c:\program files\Enigma Software Group
    2012-03-08 12:59:07 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-03-07 17:46:47 -------- d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
    2012-03-07 17:46:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-07 17:46:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-07 17:46:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-07 14:35:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-04 12:46:01 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
    2012-03-04 12:35:14 -------- d-----w- c:\program files\2K Games
    2012-03-04 12:34:54 -------- d-----w- C:\BDS
    2012-03-03 19:23:00 -------- d-----w- c:\users\daniel\appdata\local\Darksiders
    2012-03-01 12:20:38 -------- d-----w- c:\program files\YouTube Downloader Toolbar
    2012-03-01 12:20:38 -------- d-----w- c:\program files\common files\Spigot
    2012-03-01 12:20:38 -------- d-----w- c:\program files\Application Updater
    2012-02-27 12:58:15 -------- d-----w- c:\program files\iPod
    2012-02-27 12:58:14 -------- d-----w- c:\program files\iTunes
    2012-02-23 20:36:18 -------- d-----w- c:\program files\Mass Effect 2
    2012-02-23 14:56:21 -------- d-----w- c:\programdata\Media Center Programs
    2012-02-22 19:53:03 -------- d-----w- c:\program files\Sid Meier's Civilization V
    2012-02-22 14:35:51 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-22 14:35:51 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-22 14:35:51 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-22 14:35:51 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-22 14:35:51 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-22 14:35:51 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-22 14:35:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-22 14:35:51 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-22 14:35:51 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-19 15:23:54 -------- d-----w- c:\users\daniel\appdata\roaming\DarknessII
    2012-02-19 14:25:34 -------- d-----w- C:\game
    2012-02-19 10:43:41 -------- d-----w- c:\program files\Remedy Entertainment
    2012-02-13 17:13:17 -------- d-----w- c:\program files\Eidos
    2012-02-09 19:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-02-09 16:25:11 -------- d-----w- c:\users\daniel\appdata\local\BigHugeEngine
    2012-02-08 16:18:05 3540 ----a-w- C:\STFD490.tmp
    .
    ==================== Find3M ====================
    .
    2012-03-09 11:24:04 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-03-09 11:24:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2012-03-07 17:22:38 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2012-02-22 14:47:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-10 03:00:25 710976 ----a-w- c:\windows\system32\nv3dappshext.dll
    2012-02-10 03:00:25 55104 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2012-02-10 03:00:25 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-02-01 15:57:14 3540 ----a-w- C:\STFF476.tmp
    2012-02-01 12:41:00 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
    2012-02-01 12:41:00 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
    2012-01-31 18:17:00 3540 ----a-w- C:\STF9B8B.tmp
    2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: Hitachi_ rev.FCDO -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x82C3E000]<< >>UNKNOWN [0x8BA68000]<< >>UNKNOWN [0x8BA57000]<< >>UNKNOWN [0x87247FD0]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x82C7552A] -> \Device\Harddisk0\DR0[0x86DC3AC8]
    \Driver\Disk[0x86DC2030] -> IRP_MJ_CREATE -> 0x8BA6C39F
    3 [0x8BA6C59E] -> ntkrnlpa!IofCallDriver[0x82C7552A] -> [0x870D1AE8]
    \Driver\00001084[0x870D1C20] -> IRP_MJ_CREATE -> 0x87247FD0
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 13:44:42,67 ===============

    =================================================================


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15-1-2011 20:29:15
    System Uptime: 9-3-2012 12:23:18 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30E7
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | Intel(R) Genuine processor | 2801/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 28,417 GiB free.
    D: is FIXED (FAT32) - 1 GiB total, 0,964 GiB free.
    E: is FIXED (NTFS) - 9 GiB total, 2,23 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP419: 8-3-2012 17:30:22 - DirectX is geïnstalleerd.
    .
    ==== Installed Programs ======================
    .
    ActivClient x86
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.4.6 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.1) - Nederlands
    Advanced Wheel Mouse 6.0.0.002
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    AuthenTec Fingerprint System
    AuthenTec TrueSuite
    AVG 2012
    AVG PC Tuneup 2011
    Bonjour
    Borderlands
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Chit Chat For Facebook 1.435
    Credential Manager for HP ProtectTools
    Darkness II
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Devices and Printers icon for Trust 15867
    Drive Encryption for HP ProtectTools
    Dropbox
    Easy Driver Pro
    Etude Afname Systeem 3.6.02
    FileZilla Client 3.5.1
    FileZilla Server (remove only)
    Google Chrome
    Google SketchUp 8
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HP ESU for Microsoft Windows 7
    HP JavaCard for HP ProtectTools
    HP Product Detection
    HP ProtectTools Security Manager
    HP ProtectTools Security Manager Suite
    HP Webcam Application
    HP Wireless Assistant
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    LSI HDA Modem
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes Anti-Malware versie 1.60.1.1000
    Mass Effect 2
    Mass Effect™ 3
    Medieval CUE Splitter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (Dutch) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MS Access 97 SP2
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    NVIDIA-configuratiescherm 295.73
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision controllerstuurprogramma 295.73
    NVIDIA 3D Vision stuurprogramma 295.73
    NVIDIA Display Control Panel
    NVIDIA Grafisch stuurprogramma 295.73
    NVIDIA Install Application
    NVIDIA nView 136.18
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX systeemsoftware 9.12.0209
    NVIDIA Stereoscopic 3D Driver
    PC Wizard 2010.1.96
    PDF Settings CS5
    PowerISO
    PunkBuster Services
    PVSonyDll
    QuickTime
    Reimage Repair
    ReImageCompanion
    Revo Uninstaller Pro 2.5.3
    RICOH Media Driver
    Rockstar Games Social Club
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    SecureW2 EAP Suite 2.0.4 for Windows
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    SopCast 3.4.0
    SpeedFan (remove only)
    SpyHunter
    Steam
    Synaptics Pointing Device Driver
    System Requirements Lab
    The Witcher 2
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    V-Ray for SketchUp 6
    VLC media player 1.1.10
    Windows Live ID Sign-in Assistant
    WinRAR
    XoftSpySE
    YouTube Downloader 3.5
    YouTube Downloader Toolbar v5.0
    .
    ==== End Of File ===========================

    =================================================================



    Thanks alot for your time!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! It appears that you have the ZeroAccess Rootkit.

    And there is additional malware also. AVG can't remove it, so instead of getting it back, it hasn't been removed!
    ==============================================
    I note these entries: Are they yours?
    uSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    mSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

    ==============================================
    Download aswMBR to your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan:
      [​IMG]
    • On completion of the scan click "Save log", save it to your desktop
    • Post in your next reply:
    [​IMG]
    =============================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    =======================================
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
    ========================================
    Please leave all logs in your next reply.
     
  3. Danielf91

    Danielf91 TS Rookie Topic Starter

    Hello Bobbye,

    Thank you for your fast reply.

    Everytime I scan using aswMBR the program crashes after scanning the same file:

    C:\Windows\assembly\GAC_MSIL\Microsoft.Visualstudio.Tools.Applications.(something*)

    I cant read the rest of the path, because the screen is too small..
    After scanning that file, a box pops up saying the program stopped working, after which Windows starts searching for online sollutions.
    I tried scanning 10 times now.

    As for the phpnuke entries, I have no idea what they are, or what phpnuke is. It's not a program I use or anything.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Skip it for now and go on with the other scans. I can remove the phpnuke with script after you've run Combofix.
     
  5. Danielf91

    Danielf91 TS Rookie Topic Starter

    I have run TDSSKiller, it found 3 infections and I quaratined them. It didn't produce any log, is that ok?

    I'm having some problems with Combofix. How long does a scan normally take?
    I have been scanning from saturdaymorning 11.00h till sundayevening 21.00h and it is still not finnished.
    Combofix says it normally takes 10 minutes to double that on heavilly infected pc's...
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Not okay. There is a log> please find it:>>
    Tdsskiller log, located at C:\TDSSKiller.~~~`~~log.txt
    ===================================
    Stop the Combofix scan you are running now. I need to see what was found in the TDSS scan.
    =================================
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode. If it won't run, go one to #2.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    3.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
    ===================================
    It is xurious why Malwarebytes didn't identify some of the malware you have, so we're going to run it again, but as a Full Scan:
    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ===============================================
    You have a large assortment of various malwares that need to be removed. The potential for more vulnerability is great as long as they are on the system. Please try the suggestions for running Combofix.

    You've had several dates where you have downloaded groups of programs. Some of them came with foistware and some are PUPs> 'potentially unwanted programs.' I can remove some entries and have you uninstall the programs and folders if you can get Combofix to run.

    Please do not download, install anything now or update anything you have now except the AV program. Did you uninstall AVG before Combofix as directed? Did you install one of the temporary AV programs?
     
  7. Danielf91

    Danielf91 TS Rookie Topic Starter

    Thank you, I will get to that this weekend. You might also want to know that my computer can not connect to the internet anymore (I am posting this from my phone), so it is a bit harder to post/download things for me at this moment.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Take your time. If is not uncommon to lose the internet connection while we're cleaning. You might find it easier to use a flash drive instead of your phone.
     
  9. Danielf91

    Danielf91 TS Rookie Topic Starter

    Ok, here are the logs of TDSS, Combofix and the full Malwarebytes scan. Combofix worked when I scanned in safe mode.

    I turned off my AV when running combofix, but when my computer restarted after/during the scan my AV restarted also and started giving loads of warnings, not sure if it's a problem.

    Also my computer is no longer giving warnings of infections, so I guess that's a good sign. After the combofix scan, my internet is also up again.


    21:23:58.0304 1180 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
    21:23:58.0416 1180 ============================================================
    21:23:58.0416 1180 Current date / time: 2012/03/09 21:23:58.0416
    21:23:58.0416 1180 SystemInfo:
    21:23:58.0416 1180
    21:23:58.0416 1180 OS Version: 6.1.7601 ServicePack: 1.0
    21:23:58.0416 1180 Product type: Workstation
    21:23:58.0416 1180 ComputerName: DANIEL-PC
    21:23:58.0416 1180 UserName: Daniel
    21:23:58.0416 1180 Windows directory: C:\Windows
    21:23:58.0416 1180 System windows directory: C:\Windows
    21:23:58.0416 1180 Processor architecture: Intel x86
    21:23:58.0416 1180 Number of processors: 2
    21:23:58.0416 1180 Page size: 0x1000
    21:23:58.0416 1180 Boot type: Normal boot
    21:23:58.0416 1180 ============================================================
    21:23:58.0910 1180 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:23:58.0912 1180 \Device\Harddisk0\DR0:
    21:23:58.0916 1180 MBR used
    21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
    21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x1FD800
    21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BFC1F09, BlocksNum 0x1201000
    21:23:58.0980 1180 Initialize success
    21:23:58.0980 1180 ============================================================
    21:25:50.0481 2400 ============================================================
    21:25:50.0481 2400 Scan started
    21:25:50.0481 2400 Mode: Manual;
    21:25:50.0481 2400 ============================================================
    21:25:50.0823 2400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    21:25:50.0826 2400 1394ohci - ok
    21:25:50.0902 2400 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
    21:25:50.0903 2400 Accelerometer - ok
    21:25:50.0954 2400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    21:25:50.0958 2400 ACPI - ok
    21:25:50.0979 2400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    21:25:50.0980 2400 AcpiPmi - ok
    21:25:50.0999 2400 ADIHdAudAddService - ok
    21:25:51.0092 2400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:25:51.0092 2400 adp94xx - ok
    21:25:51.0171 2400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    21:25:51.0176 2400 adpahci - ok
    21:25:51.0259 2400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    21:25:51.0262 2400 adpu320 - ok
    21:25:51.0301 2400 AFD (9f845170417afca60bc94183fa36e01a) C:\Windows\system32\drivers\afd.sys
    21:25:51.0303 2400 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 9f845170417afca60bc94183fa36e01a, Fake md5: a15d2fa344c64412633356865c469cd3
    21:25:51.0304 2400 AFD ( ForgedFile.Multi.Generic ) - warning
    21:25:51.0304 2400 AFD - detected ForgedFile.Multi.Generic (1)
    21:25:51.0377 2400 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:25:51.0394 2400 AgereSoftModem - ok
    21:25:51.0426 2400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    21:25:51.0427 2400 agp440 - ok
    21:25:51.0526 2400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    21:25:51.0528 2400 aic78xx - ok
    21:25:51.0608 2400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    21:25:51.0609 2400 aliide - ok
    21:25:51.0629 2400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    21:25:51.0631 2400 amdagp - ok
    21:25:51.0655 2400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    21:25:51.0656 2400 amdide - ok
    21:25:51.0677 2400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    21:25:51.0678 2400 AmdK8 - ok
    21:25:51.0695 2400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    21:25:51.0696 2400 AmdPPM - ok
    21:25:51.0722 2400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    21:25:51.0724 2400 amdsata - ok
    21:25:51.0740 2400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:25:51.0742 2400 amdsbs - ok
    21:25:51.0761 2400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    21:25:51.0762 2400 amdxata - ok
    21:25:51.0806 2400 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
    21:25:51.0807 2400 androidusb - ok
    21:25:51.0908 2400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    21:25:51.0909 2400 AppID - ok
    21:25:52.0039 2400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    21:25:52.0041 2400 arc - ok
    21:25:52.0064 2400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    21:25:52.0065 2400 arcsas - ok
    21:25:52.0128 2400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:25:52.0129 2400 AsyncMac - ok
    21:25:52.0170 2400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    21:25:52.0171 2400 atapi - ok
    21:25:52.0242 2400 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\Windows\system32\DRIVERS\atksgt.sys
    21:25:52.0244 2400 atksgt - ok
    21:25:52.0296 2400 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys
    21:25:52.0303 2400 ATSwpWDF - ok
    21:25:52.0396 2400 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    21:25:52.0397 2400 AVGIDSDriver - ok
    21:25:52.0418 2400 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    21:25:52.0418 2400 AVGIDSEH - ok
    21:25:52.0430 2400 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    21:25:52.0431 2400 AVGIDSFilter - ok
    21:25:52.0471 2400 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    21:25:52.0471 2400 AVGIDSShim - ok
    21:25:52.0493 2400 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    21:25:52.0496 2400 Avgldx86 - ok
    21:25:52.0506 2400 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    21:25:52.0507 2400 Avgmfx86 - ok
    21:25:52.0537 2400 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    21:25:52.0538 2400 Avgrkx86 - ok
    21:25:52.0561 2400 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    21:25:52.0565 2400 Avgtdix - ok
    21:25:52.0681 2400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    21:25:52.0688 2400 b06bdrv - ok
    21:25:52.0766 2400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:25:52.0769 2400 b57nd60x - ok
    21:25:52.0799 2400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    21:25:52.0800 2400 Beep - ok
    21:25:52.0821 2400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:25:52.0822 2400 blbdrive - ok
    21:25:52.0885 2400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    21:25:52.0886 2400 bowser - ok
    21:25:52.0904 2400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:25:52.0905 2400 BrFiltLo - ok
    21:25:52.0923 2400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:25:52.0923 2400 BrFiltUp - ok
    21:25:52.0967 2400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    21:25:52.0972 2400 Brserid - ok
    21:25:53.0052 2400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:25:53.0053 2400 BrSerWdm - ok
    21:25:53.0068 2400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:25:53.0069 2400 BrUsbMdm - ok
    21:25:53.0125 2400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:25:53.0126 2400 BrUsbSer - ok
    21:25:53.0154 2400 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    21:25:53.0156 2400 BthEnum - ok
    21:25:53.0169 2400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:25:53.0170 2400 BTHMODEM - ok
    21:25:53.0213 2400 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    21:25:53.0215 2400 BthPan - ok
    21:25:53.0248 2400 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    21:25:53.0254 2400 BTHPORT - ok
    21:25:53.0297 2400 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    21:25:53.0298 2400 BTHUSB - ok
    21:25:53.0334 2400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    21:25:53.0335 2400 cdfs - ok
    21:25:53.0405 2400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    21:25:53.0406 2400 cdrom - ok
    21:25:53.0497 2400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    21:25:53.0498 2400 circlass - ok
    21:25:53.0569 2400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    21:25:53.0572 2400 CLFS - ok
    21:25:53.0627 2400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:25:53.0629 2400 CmBatt - ok
    21:25:53.0647 2400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    21:25:53.0648 2400 cmdide - ok
    21:25:53.0695 2400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    21:25:53.0700 2400 CNG - ok
    21:25:53.0717 2400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    21:25:53.0718 2400 Compbatt - ok
    21:25:53.0754 2400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    21:25:53.0755 2400 CompositeBus - ok
    21:25:53.0822 2400 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
    21:25:53.0824 2400 cpuz134 - ok
    21:25:53.0880 2400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:25:53.0880 2400 crcdisk - ok
    21:25:53.0984 2400 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    21:25:53.0989 2400 CSC - ok
    21:25:54.0056 2400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    21:25:54.0058 2400 DfsC - ok
    21:25:54.0116 2400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    21:25:54.0117 2400 discache - ok
    21:25:54.0150 2400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    21:25:54.0151 2400 Disk - ok
    21:25:54.0229 2400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    21:25:54.0229 2400 drmkaud - ok
    21:25:54.0282 2400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    21:25:54.0292 2400 DXGKrnl - ok
    21:25:54.0435 2400 e1yexpress (f8261752ab473e3b24376aab280ad15a) C:\Windows\system32\DRIVERS\e1y6232.sys
    21:25:54.0439 2400 e1yexpress - ok
    21:25:54.0511 2400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    21:25:54.0558 2400 ebdrv - ok
    21:25:54.0656 2400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    21:25:54.0662 2400 elxstor - ok
    21:25:54.0755 2400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    21:25:54.0756 2400 ErrDev - ok
    21:25:54.0836 2400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    21:25:54.0839 2400 exfat - ok
    21:25:54.0863 2400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    21:25:54.0865 2400 fastfat - ok
    21:25:54.0902 2400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    21:25:54.0904 2400 fdc - ok
    21:25:54.0930 2400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    21:25:54.0931 2400 FileInfo - ok
    21:25:54.0945 2400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    21:25:54.0946 2400 Filetrace - ok
    21:25:55.0026 2400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:25:55.0027 2400 flpydisk - ok
    21:25:55.0050 2400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    21:25:55.0054 2400 FltMgr - ok
    21:25:55.0148 2400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    21:25:55.0150 2400 FsDepends - ok
    21:25:55.0170 2400 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    21:25:55.0172 2400 Fs_Rec - ok
    21:25:55.0211 2400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    21:25:55.0215 2400 fvevol - ok
    21:25:55.0233 2400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:25:55.0235 2400 gagp30kx - ok
    21:25:55.0288 2400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:25:55.0289 2400 GEARAspiWDM - ok
    21:25:55.0336 2400 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    21:25:55.0338 2400 giveio - ok
    21:25:55.0371 2400 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\Windows\system32\DRIVERS\cpqbttn.sys
    21:25:55.0372 2400 HBtnKey - ok
    21:25:55.0394 2400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    21:25:55.0395 2400 hcw85cir - ok
    21:25:55.0439 2400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    21:25:55.0444 2400 HdAudAddService - ok
    21:25:55.0471 2400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    21:25:55.0474 2400 HDAudBus - ok
    21:25:55.0582 2400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:25:55.0583 2400 HidBatt - ok
    21:25:55.0615 2400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    21:25:55.0618 2400 HidBth - ok
    21:25:55.0642 2400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    21:25:55.0643 2400 HidIr - ok
    21:25:55.0692 2400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    21:25:55.0694 2400 HidUsb - ok
    21:25:55.0772 2400 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
    21:25:55.0773 2400 hpdskflt - ok
    21:25:55.0820 2400 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    21:25:55.0821 2400 HpqKbFiltr - ok
    21:25:55.0863 2400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    21:25:55.0864 2400 HpSAMD - ok
    21:25:55.0926 2400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    21:25:55.0934 2400 HTTP - ok
    21:25:56.0048 2400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    21:25:56.0049 2400 hwpolicy - ok
    21:25:56.0087 2400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    21:25:56.0089 2400 i8042prt - ok
    21:25:56.0117 2400 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\Windows\system32\DRIVERS\iaStor.sys
    21:25:56.0119 2400 iaStor - ok
    21:25:56.0140 2400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    21:25:56.0144 2400 iaStorV - ok
    21:25:56.0205 2400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    21:25:56.0207 2400 iirsp - ok
    21:25:56.0263 2400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    21:25:56.0264 2400 intelide - ok
    21:25:56.0304 2400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    21:25:56.0305 2400 intelppm - ok
    21:25:56.0408 2400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:25:56.0410 2400 IpFilterDriver - ok
    21:25:56.0441 2400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    21:25:56.0442 2400 IPMIDRV - ok
    21:25:56.0458 2400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    21:25:56.0460 2400 IPNAT - ok
    21:25:56.0491 2400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    21:25:56.0492 2400 IRENUM - ok
    21:25:56.0511 2400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    21:25:56.0512 2400 isapnp - ok
    21:25:56.0536 2400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    21:25:56.0540 2400 iScsiPrt - ok
    21:25:56.0569 2400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:25:56.0570 2400 kbdclass - ok
    21:25:56.0590 2400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:25:56.0591 2400 kbdhid - ok
    21:25:56.0648 2400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    21:25:56.0650 2400 KSecDD - ok
    21:25:56.0672 2400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    21:25:56.0674 2400 KSecPkg - ok
    21:25:56.0807 2400 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
    21:25:56.0808 2400 lirsgt - ok
    21:25:56.0848 2400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:25:56.0863 2400 lltdio - ok
    21:25:56.0894 2400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:25:56.0894 2400 LSI_FC - ok
    21:25:56.0910 2400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:25:56.0910 2400 LSI_SAS - ok
    21:25:56.0926 2400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:25:56.0926 2400 LSI_SAS2 - ok
    21:25:56.0957 2400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:25:56.0957 2400 LSI_SCSI - ok
    21:25:56.0972 2400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    21:25:56.0972 2400 luafv - ok
    21:25:57.0031 2400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    21:25:57.0033 2400 megasas - ok
    21:25:57.0052 2400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:25:57.0056 2400 MegaSR - ok
    21:25:57.0096 2400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    21:25:57.0098 2400 Modem - ok
    21:25:57.0125 2400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    21:25:57.0126 2400 monitor - ok
    21:25:57.0221 2400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    21:25:57.0223 2400 mouclass - ok
    21:25:57.0280 2400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    21:25:57.0281 2400 mouhid - ok
    21:25:57.0339 2400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    21:25:57.0341 2400 mountmgr - ok
    21:25:57.0368 2400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    21:25:57.0370 2400 mpio - ok
    21:25:57.0395 2400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    21:25:57.0397 2400 mpsdrv - ok
    21:25:57.0459 2400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    21:25:57.0461 2400 MRxDAV - ok
    21:25:57.0519 2400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:25:57.0521 2400 mrxsmb - ok
    21:25:57.0544 2400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:25:57.0547 2400 mrxsmb10 - ok
    21:25:57.0569 2400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:25:57.0571 2400 mrxsmb20 - ok
    21:25:57.0671 2400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    21:25:57.0673 2400 msahci - ok
    21:25:57.0694 2400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    21:25:57.0696 2400 msdsm - ok
    21:25:57.0755 2400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    21:25:57.0756 2400 Msfs - ok
    21:25:57.0774 2400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    21:25:57.0774 2400 mshidkmdf - ok
    21:25:57.0794 2400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    21:25:57.0795 2400 msisadrv - ok
    21:25:57.0827 2400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    21:25:57.0828 2400 MSKSSRV - ok
    21:25:57.0843 2400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:25:57.0844 2400 MSPCLOCK - ok
    21:25:57.0877 2400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    21:25:57.0878 2400 MSPQM - ok
    21:25:57.0898 2400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    21:25:57.0901 2400 MsRPC - ok
    21:25:57.0929 2400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    21:25:57.0930 2400 mssmbios - ok
    21:25:57.0941 2400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    21:25:57.0942 2400 MSTEE - ok
    21:25:57.0958 2400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:25:57.0959 2400 MTConfig - ok
    21:25:57.0977 2400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    21:25:57.0979 2400 Mup - ok
    21:25:58.0004 2400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    21:25:58.0008 2400 NativeWifiP - ok
    21:25:58.0149 2400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    21:25:58.0158 2400 NDIS - ok
    21:25:58.0202 2400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:25:58.0204 2400 NdisCap - ok
    21:25:58.0233 2400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:25:58.0234 2400 NdisTapi - ok
    21:25:58.0276 2400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:25:58.0276 2400 Ndisuio - ok
    21:25:58.0321 2400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:25:58.0322 2400 NdisWan - ok
    21:25:58.0368 2400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    21:25:58.0370 2400 NDProxy - ok
    21:25:58.0406 2400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    21:25:58.0407 2400 NetBIOS - ok
    21:25:58.0453 2400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    21:25:58.0457 2400 NetBT - ok
    21:25:58.0738 2400 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
    21:25:58.0811 2400 NETw5s32 - ok
    21:25:58.0917 2400 netw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\netw5v32.sys
    21:25:58.0964 2400 netw5v32 - ok
    21:25:59.0202 2400 NETwNs32 (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys
    21:25:59.0280 2400 NETwNs32 - ok
    21:25:59.0424 2400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:25:59.0424 2400 nfrd960 - ok
    21:25:59.0461 2400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    21:25:59.0463 2400 Npfs - ok
    21:25:59.0475 2400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    21:25:59.0476 2400 nsiproxy - ok
    21:25:59.0543 2400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    21:25:59.0560 2400 Ntfs - ok
    21:25:59.0580 2400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    21:25:59.0580 2400 Null - ok
    21:25:59.0821 2400 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:25:59.0934 2400 nvlddmkm - ok
    21:26:00.0049 2400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    21:26:00.0052 2400 nvraid - ok
    21:26:00.0072 2400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    21:26:00.0074 2400 nvstor - ok
    21:26:00.0098 2400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    21:26:00.0101 2400 nv_agp - ok
    21:26:00.0130 2400 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:26:00.0132 2400 ohci1394 - ok
    21:26:00.0228 2400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    21:26:00.0230 2400 Parport - ok
    21:26:00.0271 2400 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    21:26:00.0272 2400 partmgr - ok
    21:26:00.0294 2400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    21:26:00.0295 2400 Parvdm - ok
    21:26:00.0318 2400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    21:26:00.0321 2400 pci - ok
    21:26:00.0340 2400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    21:26:00.0341 2400 pciide - ok
    21:26:00.0360 2400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:26:00.0363 2400 pcmcia - ok
    21:26:00.0465 2400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    21:26:00.0465 2400 pcw - ok
    21:26:00.0497 2400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    21:26:00.0497 2400 PEAUTH - ok
    21:26:00.0635 2400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    21:26:00.0637 2400 PptpMiniport - ok
    21:26:00.0666 2400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    21:26:00.0668 2400 Processor - ok
    21:26:00.0710 2400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    21:26:00.0712 2400 Psched - ok
    21:26:00.0779 2400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    21:26:00.0797 2400 ql2300 - ok
    21:26:00.0892 2400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:26:00.0894 2400 ql40xx - ok
    21:26:00.0941 2400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    21:26:00.0943 2400 QWAVEdrv - ok
    21:26:00.0967 2400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    21:26:00.0968 2400 RasAcd - ok
    21:26:01.0021 2400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:26:01.0023 2400 RasAgileVpn - ok
    21:26:01.0099 2400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:26:01.0101 2400 Rasl2tp - ok
    21:26:01.0121 2400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:26:01.0123 2400 RasPppoe - ok
    21:26:01.0139 2400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    21:26:01.0141 2400 RasSstp - ok
    21:26:01.0192 2400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    21:26:01.0195 2400 rdbss - ok
    21:26:01.0210 2400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:26:01.0211 2400 rdpbus - ok
    21:26:01.0262 2400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:26:01.0263 2400 RDPCDD - ok
    21:26:01.0314 2400 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    21:26:01.0316 2400 RDPDR - ok
    21:26:01.0414 2400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    21:26:01.0415 2400 RDPENCDD - ok
    21:26:01.0437 2400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    21:26:01.0439 2400 RDPREFMP - ok
    21:26:01.0481 2400 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    21:26:01.0484 2400 RDPWD - ok
    21:26:01.0527 2400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    21:26:01.0530 2400 rdyboost - ok
    21:26:01.0595 2400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
    21:26:01.0595 2400 Revoflt - ok
    21:26:01.0626 2400 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:26:01.0626 2400 RFCOMM - ok
    21:26:01.0658 2400 RICOH SmartCard Reader (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
    21:26:01.0658 2400 RICOH SmartCard Reader - ok
    21:26:01.0689 2400 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
    21:26:01.0689 2400 rimmptsk - ok
    21:26:01.0704 2400 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
    21:26:01.0704 2400 rimsptsk - ok
    21:26:01.0802 2400 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
    21:26:01.0803 2400 rismc32 - ok
    21:26:01.0829 2400 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
    21:26:01.0830 2400 rismxdp - ok
    21:26:01.0887 2400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    21:26:01.0888 2400 rspndr - ok
    21:26:01.0918 2400 RsvLock (9bb0009c4822bf6af4c903eea1332e2e) C:\Windows\system32\drivers\RsvLock.sys
    21:26:01.0919 2400 RsvLock - ok
    21:26:01.0949 2400 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    21:26:01.0950 2400 s3cap - ok
    21:26:01.0983 2400 SafeBoot (c9e02c8cdea1230729ee0e0f683428c3) C:\Windows\system32\drivers\SafeBoot.sys
    21:26:01.0983 2400 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: c9e02c8cdea1230729ee0e0f683428c3
    21:26:01.0984 2400 SafeBoot ( LockedFile.Multi.Generic ) - warning
    21:26:01.0984 2400 SafeBoot - detected LockedFile.Multi.Generic (1)
    21:26:02.0008 2400 SbAlg (227d5ea7301b6286b18660d83ae066a9) C:\Windows\system32\drivers\SbAlg.sys
    21:26:02.0009 2400 SbAlg - ok
    21:26:02.0020 2400 SbFsLock (3be51c4a8f7489b6758033debd2bce6e) C:\Windows\system32\drivers\SbFsLock.sys
    21:26:02.0021 2400 SbFsLock - ok
    21:26:02.0057 2400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    21:26:02.0059 2400 sbp2port - ok
    21:26:02.0173 2400 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
    21:26:02.0174 2400 SCDEmu - ok
    21:26:02.0213 2400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    21:26:02.0214 2400 scfilter - ok
    21:26:02.0249 2400 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
    21:26:02.0252 2400 sdbus - ok
    21:26:02.0295 2400 SecDrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\SECDRV.SYS
    21:26:02.0298 2400 SecDrv - ok
    21:26:02.0348 2400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    21:26:02.0350 2400 Serenum - ok
    21:26:02.0380 2400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    21:26:02.0382 2400 Serial - ok
    21:26:02.0407 2400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    21:26:02.0409 2400 sermouse - ok
    21:26:02.0434 2400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    21:26:02.0435 2400 sffdisk - ok
    21:26:02.0453 2400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    21:26:02.0454 2400 sffp_mmc - ok
    21:26:02.0466 2400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    21:26:02.0467 2400 sffp_sd - ok
    21:26:02.0491 2400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:26:02.0492 2400 sfloppy - ok
    21:26:02.0514 2400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    21:26:02.0516 2400 sisagp - ok
    21:26:02.0594 2400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:26:02.0595 2400 SiSRaid2 - ok
    21:26:02.0616 2400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:26:02.0618 2400 SiSRaid4 - ok
    21:26:02.0636 2400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    21:26:02.0637 2400 Smb - ok
    21:26:02.0716 2400 SNP2UVC (50660e6b082a7bf86751a003c3bb5210) C:\Windows\system32\DRIVERS\snp2uvc.sys
    21:26:02.0740 2400 SNP2UVC - ok
    21:26:02.0793 2400 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
    21:26:02.0795 2400 speedfan - ok
    21:26:02.0917 2400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    21:26:02.0918 2400 spldr - ok
    21:26:02.0990 2400 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    21:26:02.0991 2400 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    21:26:02.0992 2400 sptd ( LockedFile.Multi.Generic ) - warning
    21:26:02.0992 2400 sptd - detected LockedFile.Multi.Generic (1)
    21:26:03.0034 2400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    21:26:03.0038 2400 srv - ok
    21:26:03.0056 2400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    21:26:03.0061 2400 srv2 - ok
    21:26:03.0082 2400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    21:26:03.0084 2400 srvnet - ok
    21:26:03.0126 2400 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
    21:26:03.0128 2400 ssadbus - ok
    21:26:03.0245 2400 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    21:26:03.0247 2400 ssadmdfl - ok
    21:26:03.0288 2400 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
    21:26:03.0290 2400 ssadmdm - ok
    21:26:03.0317 2400 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
    21:26:03.0319 2400 sscdbus - ok
    21:26:03.0351 2400 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    21:26:03.0352 2400 sscdmdfl - ok
    21:26:03.0375 2400 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
    21:26:03.0379 2400 sscdmdm - ok
    21:26:03.0500 2400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    21:26:03.0501 2400 stexstor - ok
    21:26:03.0608 2400 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    21:26:03.0610 2400 storflt - ok
    21:26:03.0646 2400 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    21:26:03.0647 2400 storvsc - ok
    21:26:03.0671 2400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    21:26:03.0672 2400 swenum - ok
    21:26:03.0742 2400 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
    21:26:03.0759 2400 SynTP - ok
    21:26:03.0845 2400 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    21:26:03.0862 2400 Tcpip - ok
    21:26:03.0962 2400 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    21:26:03.0962 2400 TCPIP6 - ok
    21:26:04.0009 2400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    21:26:04.0009 2400 tcpipreg - ok
    21:26:04.0055 2400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    21:26:04.0055 2400 TDPIPE - ok
    21:26:04.0080 2400 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    21:26:04.0081 2400 TDTCP - ok
    21:26:04.0145 2400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    21:26:04.0146 2400 tdx - ok
    21:26:04.0175 2400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    21:26:04.0176 2400 TermDD - ok
    21:26:04.0231 2400 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    21:26:04.0233 2400 TPM - ok
    21:26:04.0253 2400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:26:04.0254 2400 tssecsrv - ok
    21:26:04.0324 2400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    21:26:04.0326 2400 TsUsbFlt - ok
    21:26:04.0381 2400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    21:26:04.0382 2400 tunnel - ok
    21:26:04.0519 2400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    21:26:04.0520 2400 uagp35 - ok
    21:26:04.0573 2400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    21:26:04.0576 2400 udfs - ok
    21:26:04.0602 2400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    21:26:04.0603 2400 uliagpkx - ok
    21:26:04.0638 2400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    21:26:04.0639 2400 umbus - ok
    21:26:04.0658 2400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    21:26:04.0658 2400 UmPass - ok
    21:26:04.0704 2400 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    21:26:04.0705 2400 USBAAPL - ok
    21:26:04.0728 2400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:26:04.0730 2400 usbccgp - ok
    21:26:04.0755 2400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    21:26:04.0756 2400 usbcir - ok
    21:26:04.0774 2400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
    21:26:04.0776 2400 usbehci - ok
    21:26:04.0801 2400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    21:26:04.0805 2400 usbhub - ok
    21:26:04.0825 2400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    21:26:04.0826 2400 usbohci - ok
    21:26:04.0844 2400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    21:26:04.0845 2400 usbprint - ok
    21:26:04.0868 2400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:26:04.0869 2400 USBSTOR - ok
    21:26:04.0969 2400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    21:26:04.0969 2400 usbuhci - ok
    21:26:05.0002 2400 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
    21:26:05.0004 2400 usbvideo - ok
    21:26:05.0025 2400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    21:26:05.0027 2400 vdrvroot - ok
    21:26:05.0071 2400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:26:05.0072 2400 vga - ok
    21:26:05.0089 2400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    21:26:05.0091 2400 VgaSave - ok
    21:26:05.0125 2400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    21:26:05.0128 2400 vhdmp - ok
    21:26:05.0150 2400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    21:26:05.0152 2400 viaagp - ok
    21:26:05.0171 2400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    21:26:05.0173 2400 ViaC7 - ok
    21:26:05.0198 2400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    21:26:05.0199 2400 viaide - ok
    21:26:05.0235 2400 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    21:26:05.0238 2400 vmbus - ok
    21:26:05.0259 2400 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    21:26:05.0260 2400 VMBusHID - ok
    21:26:05.0285 2400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    21:26:05.0287 2400 volmgr - ok
    21:26:05.0306 2400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    21:26:05.0311 2400 volmgrx - ok
    21:26:05.0409 2400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    21:26:05.0413 2400 volsnap - ok
    21:26:05.0449 2400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:26:05.0451 2400 vsmraid - ok
    21:26:05.0470 2400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:26:05.0471 2400 vwifibus - ok
    21:26:05.0522 2400 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:26:05.0524 2400 vwififlt - ok
    21:26:05.0555 2400 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    21:26:05.0556 2400 vwifimp - ok
    21:26:05.0583 2400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    21:26:05.0584 2400 WacomPen - ok
    21:26:05.0632 2400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:26:05.0633 2400 WANARP - ok
    21:26:05.0637 2400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    21:26:05.0638 2400 Wanarpv6 - ok
    21:26:05.0671 2400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    21:26:05.0673 2400 Wd - ok
    21:26:05.0703 2400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    21:26:05.0708 2400 Wdf01000 - ok
    21:26:05.0754 2400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:26:05.0755 2400 WfpLwf - ok
    21:26:05.0852 2400 whfltr2k (97d0d27a87622154bc90b92d84fd91b5) C:\Windows\system32\DRIVERS\whfltr2k.sys
    21:26:05.0853 2400 whfltr2k - ok
    21:26:05.0874 2400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    21:26:05.0876 2400 WIMMount - ok
    21:26:05.0952 2400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:26:05.0953 2400 WinUsb - ok
    21:26:06.0009 2400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    21:26:06.0010 2400 WmiAcpi - ok
    21:26:06.0076 2400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:26:06.0077 2400 ws2ifsl - ok
    21:26:06.0105 2400 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
    21:26:06.0106 2400 WSDPrintDevice - ok
    21:26:06.0161 2400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    21:26:06.0163 2400 WudfPf - ok
    21:26:06.0192 2400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:26:06.0195 2400 WUDFRd - ok
    21:26:06.0239 2400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:26:06.0262 2400 \Device\Harddisk0\DR0 - ok
    21:26:06.0264 2400 Boot (0x1200) (f3c07f66d21afa514ae955056369dd38) \Device\Harddisk0\DR0\Partition0
    21:26:06.0265 2400 \Device\Harddisk0\DR0\Partition0 - ok
    21:26:06.0275 2400 Boot (0x1200) (936582fd651dd3fbd1b5554a225eaaa0) \Device\Harddisk0\DR0\Partition1
    21:26:06.0275 2400 \Device\Harddisk0\DR0\Partition1 - ok
    21:26:06.0291 2400 Boot (0x1200) (4139fb40c32137aca3dffa104ee1e22d) \Device\Harddisk0\DR0\Partition2
    21:26:06.0291 2400 \Device\Harddisk0\DR0\Partition2 - ok
    21:26:06.0291 2400 ============================================================
    21:26:06.0291 2400 Scan finished
    21:26:06.0291 2400 ============================================================
    21:26:06.0291 5820 Detected object count: 3
    21:26:06.0291 5820 Actual detected object count: 3
    21:26:56.0871 5820 C:\Windows\system32\drivers\afd.sys - copied to quarantine
    21:26:56.0871 5820 AFD ( ForgedFile.Multi.Generic ) - User select action: Quarantine
    21:26:56.0886 5820 C:\Windows\system32\drivers\SafeBoot.sys - copied to quarantine
    21:26:56.0886 5820 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine
    21:26:56.0933 5820 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
    21:26:56.0933 5820 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    21:28:20.0213 2164 Deinitialize success

    =================================================================
     
  10. Danielf91

    Danielf91 TS Rookie Topic Starter

    ComboFix 12-03-10.01 - Daniel 16-03-2012 21:37:35.1.2 - x86 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3036.2518 [GMT 1:00]
    Gestart vanuit: c:\users\Daniel\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    - VERMINDERDE FUNCTIONALITEIT MODUS -
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\muzapp.exe
    c:\windows\system32\system32
    c:\windows\system32\system32\3DAudio.ax
    c:\windows\system32\system32\avrt.dll
    c:\windows\system32\system32\cis-2.4.dll
    c:\windows\system32\system32\issacapi_bs-2.3.dll
    c:\windows\system32\system32\issacapi_pe-2.3.dll
    c:\windows\system32\system32\issacapi_se-2.3.dll
    c:\windows\system32\system32\MACXMLProto.dll
    c:\windows\system32\system32\MaDRM.dll
    c:\windows\system32\system32\MaJGUILib.dll
    c:\windows\system32\system32\MAMACExtract.dll
    c:\windows\system32\system32\MASetupCleaner.exe
    c:\windows\system32\system32\MaXMLProto.dll
    c:\windows\system32\system32\mfplat.dll
    c:\windows\system32\system32\MK_Lyric.dll
    c:\windows\system32\system32\MSCLib.dll
    c:\windows\system32\system32\MSFLib.dll
    c:\windows\system32\system32\MSLUR71.dll
    c:\windows\system32\system32\msvcp60.dll
    c:\windows\system32\system32\MTTELECHIP.dll
    c:\windows\system32\system32\MTXSYNCICON.dll
    c:\windows\system32\system32\muzaf1.dll
    c:\windows\system32\system32\muzapp.dll
    c:\windows\system32\system32\muzapp.exe
    c:\windows\system32\system32\muzdecode.ax
    c:\windows\system32\system32\muzeffect.ax
    c:\windows\system32\system32\muzmp4sp.ax
    c:\windows\system32\system32\muzmpgsp.ax
    c:\windows\system32\system32\muzoggsp.ax
    c:\windows\system32\system32\muzwmts.dll
    c:\windows\system32\system32\psapi.dll
    .
    Besmet exemplaar van c:\windows\System32\autochk.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
    .
    c:\windows\system32\drivers\afd.sys was verdwenen
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    .
    c:\windows\system32\drivers\netbt.sys was verdwenen
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
    .
    c:\windows\system32\drivers\cdrom.sys was verdwenen
    Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
    .
    c:\windows\system32\drivers\tdx.sys was verdwenen
    Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-16 to 2012-03-16 ))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-16 20:43 . 2011-01-15 20:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2012-03-16 20:43 . 2011-01-15 19:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2012-03-16 20:42 . 2011-01-15 19:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-02-22 14:47 . 2011-10-11 14:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-10 04:13 . 2010-12-04 04:45 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13 . 2010-12-04 04:45 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13 . 2010-12-04 04:45 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 03:02 . 2010-12-04 03:45 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00 . 2010-12-04 03:45 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00 . 2010-12-04 03:45 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00 . 2010-12-04 03:45 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-10 03:00 . 2010-12-04 03:45 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-10 03:00 . 2011-10-11 14:30 55104 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2012-02-10 03:00 . 2011-10-11 14:30 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-02-10 03:00 . 2010-12-04 03:45 710976 ----a-w- c:\windows\system32\nv3dappshext.dll
    2012-02-09 19:05 . 2012-02-09 19:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-02-08 16:18 . 2012-02-08 16:18 3540 ----a-w- C:\STFD490.tmp
    2012-02-01 15:57 . 2012-02-01 15:57 3540 ----a-w- C:\STFF476.tmp
    2012-02-01 12:41 . 2011-11-11 22:53 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
    2012-02-01 12:41 . 2011-10-11 14:29 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
    2012-01-31 18:17 . 2012-01-31 18:17 3540 ----a-w- C:\STF9B8B.tmp
    2012-01-14 03:35 . 2012-02-15 07:04 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-04 08:58 . 2012-02-15 07:04 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-12-30 05:27 . 2012-02-15 07:04 478720 ----a-w- c:\windows\system32\timedate.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
    2012-02-09 09:45 141176 ----a-w- c:\program files\ReImageCompanion\updatebhoWin32.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}]
    2012-02-09 09:44 225656 ----a-w- c:\program files\ReImageCompanion\jsloader.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
    "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
    "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
    "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-10 98304]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll c:\windows\System32\acaptuser32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
    R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
    R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2010-04-13 45056]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-11-17 3668480]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
    R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
    S0 SafeBoot;SafeBoot; [x]
    S0 SbAlg;SbAlg; [x]
    S0 SbFsLock;SbFsLock; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-08 691696]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 RsvLock;RsvLock; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]
    S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
    S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-03-05 256616]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
    S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker
    Bioscrypt REG_MULTI_SZ ASChannel
    GPSvcGroup REG_MULTI_SZ GPSvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    NETSVCS VEREIST REPARATIES - huidige waarden worden getoond
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    oraclesnmppeermasteragent
    Cinemsup
    dmusic
    AN983
    mks_scan
    Xponaut_WBD
    mrvw245
    magictuneengine
    MMRTKRNL
    QPSched
    viagfx
    sonypvs1
    mod7700
    UNDPX2A
    e1express
    fsaua
    btwusb
    mnsframework
    FiltUSBEMPIA
    viairda
    netsvc
    ASLDRService
    sp_rssrv
    s217unic
    NWSAP
    AX88772
    clsched
    avg7updsvc
    DumaNT
    incdsrv
    ino_flpy
    windrvNT
    NsTrcNT
    pcscnsrv
    elnkfwppservice
    w550bus
    SaiNtSub
    NITaggerService
    DMICall
    phnxvcdservice
    pdfcreatormessages
    odclientservice
    BrSerIf
    vnxservice
    dnetc
    iksyssec
    U81xmgmt
    zebrceb
    atimtag
    oracle_load_balancer_60_client-forms6ip9
    F700iat
    ELkbd
    p1110vid
    vpctcom
    TVALG
    swwd
    s616obex
    EIO_XP
    EntDrv51
    atitunep
    mwlsvc
    pinnaclesys.mediaserver
    flashcomadmin
    T6963C
    bmuservice
    BrScnUsb
    JGOGO
    L6POD
    messenger
    hpci
    apache2
    gusvc
    Cap7134
    lxdm_device
    HabuFltr
    nvidesm
    DFUBTUSB
    eskerlicensecontrol
    FontCache3.0.0.0.
    uisp
    nsm1mdfl
    deltafw
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\OriginInstaller.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \shell\AutoRun\command - K:\CDCheck.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}]
    \shell\AutoRun\command - I:\Autorun.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000Core.job
    - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 19:48]
    .
    2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000UA.job
    - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 19:48]
    .
    2012-03-11 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43]
    .
    2012-03-09 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
    .
    2012-03-11 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 82.139.64.64 82.139.66.66
    Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
    Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
    Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{46735dee-f862-49d1-876d-6382794dc625} - (no file)
    HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
    HKCU-Run-ares - c:\program files\Ares\Ares.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
    AddRemove-PunkBusterSvc - c:\program files\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2059425759-54560146-3784166824-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ab,95,72,7e,6c,1d,b4,8f,30,31,2d,37,4f,4d,52,7e,6e,7d,df,42,e7,55,ef,
    fc,96,98,27,ba,e0,3f,5c,35,60,c6,a0,93,88,25,9b,7c,aa,50,62,ea,27,09,59,f0,\
    "??"=hex:5c,6c,41,e4,05,30,f4,0a,11,d2,00,54,2b,e0,09,e5
    .
    [HKEY_USERS\S-1-5-21-2059425759-54560146-3784166824-1000\Software\SecuROM\License information*]
    "datasecu"=hex:26,1e,c6,1a,8c,e1,3d,a0,81,7d,a8,10,f3,76,61,03,6e,1b,98,c7,6e,
    65,28,40,1a,3d,d1,61,cd,8f,34,f4,85,63,68,ac,f1,4e,dc,b9,21,06,7a,62,aa,a2,\
    "rkeysecu"=hex:06,d8,e4,eb,43,1f,52,14,b0,64,20,13,bc,68,db,cd
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'lsass.exe'(568)
    c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.DLL
    c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
    .
    - - - - - - - > 'explorer.exe'(5372)
    c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
    c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\NVIDIA Corporation\nview\nvshell.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\conhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\FileZilla Server\FileZilla Server.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\rpcnet.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\taskhost.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-03-16 21:47:55 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-03-16 20:47
    .
    Pre-Run: 39.796.080.640 bytes beschikbaar
    Post-Run: 43.147.554.816 bytes beschikbaar
    .
    - - End Of File - - 2412528B31B003A4B701214C6D37A3B4
     
  11. Danielf91

    Danielf91 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.03.16.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Daniel :: DANIEL-PC [administrator]

    17-3-2012 0:01:34
    mbam-log-2012-03-17 (00-01-34).txt

    Scantype: Volledige scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 384356
    Verstreken tijd: 1 uur/uren, 14 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 1
    C:\Windows\System32\BRGSp50.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\Windows\System32\BRGSp50.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.

    (einde)
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is your output from a part of Combofix:
    ------------------------------------
    This is a translation: Please format so I can read it:
    =====================================
    Steps to Disable Avast Antivirus
    • Right-click "Avast Antivirus" icon on the task bar. The task bar is located on the bottom of your screen.
    • Click on “Program Settings” and then
    • Click on “Troubleshooting”
    • Place a tick next to Disable avast! self-defense module
    • Right Click on the Avast icon in the system tray and click “Stop On-Access protection”
    • Click "OK" to confirm and save changes
    From Avast Support

    When the AV is running, it forces the program (Combofix) to run in VERMINDERDE FUNCTIONALITEIT MODUS -
    =================================
    Daniel, I need these logs in English. If you can run the following in English, please do it:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  13. Danielf91

    Danielf91 TS Rookie Topic Starter

    Your Dutch isn't that good is it? ;)
    Here is the formatted translation:

    Copy of c:\windows\System32\autochk.exe contaminates was found and was desinfected
    Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860 \ autochk.exe.

    c:\windows\system32\drivers\afd.sys had disappeared
    Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e \ afd.sys.

    c:\windows\system32\drivers\netbt.sys had disappeared
    Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6 \ netbt.sys.

    c:\windows\system32\drivers\cdrom.sys had disappeared
    Repaired copy of - c:\windows\System32\DriverStore\FileRepository\cdrom.inf _x86_neutral_6381e0 9675524225 \ cdrom.sys .

    c:\windows\system32\drivers\tdx.sys had disappeared
    Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28 \ tdx.sys.


    Do you want me to run Combofix without AV on, so it doesn't run in VERMINDERDE FUNCTIONALITEIT MODUS?
     
  14. Danielf91

    Danielf91 TS Rookie Topic Starter

    Here are the OTL logs:



    OTL logfile created on: 26-3-2012 14:10:43 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Daniel\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,80% Memory free
    5,93 Gb Paging File | 4,57 Gb Available in Paging File | 77,16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222,88 Gb Total Space | 21,46 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
    Drive D: | 1015,00 Mb Total Space | 987,12 Mb Free Space | 97,25% Space Free | Partition Type: FAT32
    Drive E: | 9,00 Gb Total Space | 2,23 Gb Free Space | 24,78% Space Free | Partition Type: NTFS

    Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe (Athena IT Limited)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
    PRC - C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
    PRC - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
    PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
    PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
    PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Daniel\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\858316efc815bdff25c4fc66a0d80448\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\554211ea9870563ab6a2544faa234d48\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\84b2d318cdd18d46edd3afb78e7e6ddd\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()
    MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()
    MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll ()
    MOD - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservicePS.dll ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_nl_b77a5c561934e089\System.Xml.resources.dll ()
    MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
    MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()


    ========== Win32 Services (SafeList) ==========

    SRV - (zebrceb) -- %systemroot%\system32\SiSRaid.dll File not found
    SRV - (Xponaut_WBD) -- %systemroot%\system32\ROB_A.dll File not found
    SRV - (windrvNT) -- %systemroot%\system32\wwnetdde.dll File not found
    SRV - (w550bus) -- %systemroot%\system32\genmcmn.dll File not found
    SRV - (vpctcom) -- %systemroot%\system32\NxSysMon.dll File not found
    SRV - (vnxservice) -- %systemroot%\system32\protectedstorage.dll File not found
    SRV - (viairda) -- %systemroot%\system32\avfilter.dll File not found
    SRV - (viagfx) -- %systemroot%\system32\PTproct.dll File not found
    SRV - (UNDPX2A) -- %systemroot%\system32\ZSMC303.dll File not found
    SRV - (uisp) -- %systemroot%\system32\epstnt01.dll File not found
    SRV - (U81xmgmt) -- %systemroot%\system32\sr_service.dll File not found
    SRV - (TVALG) -- %systemroot%\system32\NetMsmqActivator.dll File not found
    SRV - (T6963C) -- %systemroot%\system32\db2licd.dll File not found
    SRV - (swwd) -- %systemroot%\system32\ntcharge.dll File not found
    SRV - (sp_rssrv) -- %systemroot%\system32\elotouchscreen.dll File not found
    SRV - (sonypvs1) -- %systemroot%\system32\cvintdrv.dll File not found
    SRV - (SaiNtSub) -- %systemroot%\system32\DMICall.dll File not found
    SRV - (s616obex) -- %systemroot%\system32\cacheserver.dll File not found
    SRV - (s217unic) -- %systemroot%\system32\MRESP50a64.dll File not found
    SRV - (radiosvr) -- %systemroot%\system32\FlexBios.dll File not found
    SRV - (QPSched) -- %systemroot%\system32\sfusvc.dll File not found
    SRV - (pinnaclesys.mediaserver) -- %systemroot%\system32\epsonbidirectionalagent.dll File not found
    SRV - (phnxvcdservice) -- %systemroot%\system32\trufos.dll File not found
    SRV - (pdfcreatormessages) -- %systemroot%\system32\w810mdfl.dll File not found
    SRV - (pcscnsrv) -- %systemroot%\system32\radiosvr.dll File not found
    SRV - (p1110vid) -- %systemroot%\system32\wps.dll File not found
    SRV - (oraclesnmppeermasteragent) -- %systemroot%\system32\purgeieservice.dll File not found
    SRV - (oracle_load_balancer_60_client-forms6ip9) -- %systemroot%\system32\SbieDrv.dll File not found
    SRV - (odclientservice) -- %systemroot%\system32\BRGSp50.dll File not found
    SRV - (NWSAP) -- %systemroot%\system32\prepdrvr.dll File not found
    SRV - (nvidesm) -- %systemroot%\system32\vzcdbsvc.dll File not found
    SRV - (NsTrcNT) -- %systemroot%\system32\cmpci.dll File not found
    SRV - (nsm1mdfl) -- %systemroot%\system32\pchost.dll File not found
    SRV - (NITaggerService) -- %systemroot%\system32\ca-messagequeuing.dll File not found
    SRV - (netsvc) -- %systemroot%\system32\prodrv06.dll File not found
    SRV - (mwlsvc) -- %systemroot%\system32\se27nd5.dll File not found
    SRV - (mrvw245) -- %systemroot%\system32\rdpcdd.dll File not found
    SRV - (mod7700) -- %systemroot%\system32\sfman.dll File not found
    SRV - (mnsframework) -- %systemroot%\system32\LUsbKbd.dll File not found
    SRV - (MMRTKRNL) -- %systemroot%\system32\carboncopy32.dll File not found
    SRV - (mks_scan) -- %systemroot%\system32\zpmysql.dll File not found
    SRV - (magictuneengine) -- %systemroot%\system32\scdemu.dll File not found
    SRV - (lxdm_device) -- %systemroot%\system32\pfc.dll File not found
    SRV - (L6POD) -- %systemroot%\system32\anio.dll File not found
    SRV - (JGOGO) -- %systemroot%\system32\vcommmgr.dll File not found
    SRV - (ino_flpy) -- %systemroot%\system32\usbsermptxp.dll File not found
    SRV - (incdsrv) -- %systemroot%\system32\w39n51.dll File not found
    SRV - (iksyssec) -- %systemroot%\system32\SWNC5E00.dll File not found
    SRV - (httpfilter) -- %systemroot%\system32\TMBUS.dll File not found
    SRV - (hpci) -- %systemroot%\system32\se45bus.dll File not found
    SRV - (HabuFltr) -- %systemroot%\system32\mr2kserv.dll File not found
    SRV - (gusvc) -- %systemroot%\system32\fsaua.dll File not found
    SRV - (fsaua) -- %systemroot%\system32\MSCamSvc.dll File not found
    SRV - (FontCache3.0.0.0.) -- %systemroot%\system32\ncupdatesvc.dll File not found
    SRV - (flashcomadmin) -- %systemroot%\system32\clcapsvc.dll File not found
    SRV - (FiltUSBEMPIA) -- %systemroot%\system32\wandrv.dll File not found
    SRV - (F700iat) -- %systemroot%\system32\netdevio.dll File not found
    SRV - (eskerlicensecontrol) -- %systemroot%\system32\WDM_YAMAHAAC97.dll File not found
    SRV - (EntDrv51) -- %systemroot%\system32\amdk77.dll File not found
    SRV - (elnkfwppservice) -- %systemroot%\system32\wacommousefilter.dll File not found
    SRV - (ELkbd) -- %systemroot%\system32\symantecantibotfilter.dll File not found
    SRV - (EIO_XP) -- %systemroot%\system32\ATIVXSTW.dll File not found
    SRV - (eelsservice) -- %systemroot%\system32\orbmediaservice.dll File not found
    SRV - (e1express) -- %systemroot%\system32\edspport.dll File not found
    SRV - (DumaNT) -- %systemroot%\system32\clisvc.dll File not found
    SRV - (dnetc) -- %systemroot%\system32\ccispwdsvc.dll File not found
    SRV - (DMICall) -- %systemroot%\system32\ntcharge.dll File not found
    SRV - (DFUBTUSB) -- %systemroot%\system32\sigfilt.dll File not found
    SRV - (deltafw) -- %systemroot%\system32\MREMP50.dll File not found
    SRV - (clsched) -- %systemroot%\system32\regservice.dll File not found
    SRV - (Cinemsup) -- %systemroot%\system32\iastor.dll File not found
    SRV - (Cap7134) -- %systemroot%\system32\rt73.dll File not found
    SRV - (btwusb) -- %systemroot%\system32\Anydlc.dll File not found
    SRV - (BrSerIf) -- %systemroot%\system32\SE2Bmgmt.dll File not found
    SRV - (BrScnUsb) -- %systemroot%\system32\dmisrv.dll File not found
    SRV - (bmuservice) -- %systemroot%\system32\icdsptsv.dll File not found
    SRV - (AX88772) -- %systemroot%\system32\sit_bus.dll File not found
    SRV - (avg7updsvc) -- %systemroot%\system32\U2SP.dll File not found
    SRV - (atitunep) -- %systemroot%\system32\nnsvc.dll File not found
    SRV - (atimtag) -- %systemroot%\system32\epstnt01.dll File not found
    SRV - (ASLDRService) -- %systemroot%\system32\bc_ngn.dll File not found
    SRV - (apache2) -- %systemroot%\system32\cportclm.dll File not found
    SRV - (AN983) -- %systemroot%\system32\lightscribeservice.dll File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
    SRV - (FileZilla Server) -- C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
    SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
    SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
    SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (ASBroker) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
    SRV - (ASChannel) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
    SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- C:\Users\Daniel\AppData\Local\Temp\catchme.sys File not found
    DRV - (ADIHdAudAddService) -- system32\drivers\ADIHdAud.sys File not found
    DRV - (a56dqoi5) -- File not found
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
    DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
    DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
    DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
    DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
    DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
    DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
    DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
    DRV - (cpuz134) -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
    DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
    DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
    DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
    DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
    DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
    DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
    DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
    DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
    DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
    DRV - (RICOH SmartCard Reader) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
    DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
    DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKLM\..\SearchScopes,DefaultScope = {463950B9-F6CC-4D35-AA66-750719C153DF}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{13ED4B41-E671-4570-904A-C91B8F770C57}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKLM\..\SearchScopes\{463950B9-F6CC-4D35-AA66-750719C153DF}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKLM\..\SearchScopes\{5FAC5ECD-E5CF-4D36-887C-68066B3B6F86}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 10 85 1B ED B4 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{13ED4B41-E671-4570-904A-C91B8F770C57}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKCU\..\SearchScopes\{463950B9-F6CC-4D35-AA66-750719C153DF}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKCU\..\SearchScopes\{55C1D1F0-1680-44F8-AEF5-3600D2E47BF1}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{5FAC5ECD-E5CF-4D36-887C-68066B3B6F86}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

    [2011-11-09 22:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
    [2011-11-09 22:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
    CHR - plugin: (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Vivienne Westwood = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0\
    CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Zoeken = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
    CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
    CHR - Extension: ReImage Browser Helper = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\
    CHR - Extension: avast! WebRep = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-03-17 00:44:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\ReImageCompanion\updatebhoWin32.dll ( )
    O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files\ReImageCompanion\jsloader.dll (ReImage)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.64.64 82.139.66.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D118C8FB-642F-4477-952D-A4BAEF5FF7E6}: DhcpNameServer = 82.139.64.64 82.139.66.66
    O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
    O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
    O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
    O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}\Shell - "" = AutoRun
    O33 - MountPoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}\Shell\AutoRun\command - "" = I:\Autorun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\OriginInstaller.exe
    O33 - MountPoints2\K\Shell - "" = AutoRun
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\CDCheck.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: oraclesnmppeermasteragent - %systemroot%\system32\purgeieservice.dll File not found
    NetSvcs: Cinemsup - %systemroot%\system32\iastor.dll File not found
    NetSvcs: dmusic - C:\Windows\System32\dmusic.dll (Microsoft Corporation)
    NetSvcs: AN983 - %systemroot%\system32\lightscribeservice.dll File not found
    NetSvcs: mks_scan - %systemroot%\system32\zpmysql.dll File not found
    NetSvcs: Xponaut_WBD - %systemroot%\system32\ROB_A.dll File not found
    NetSvcs: mrvw245 - %systemroot%\system32\rdpcdd.dll File not found
    NetSvcs: magictuneengine - %systemroot%\system32\scdemu.dll File not found
    NetSvcs: MMRTKRNL - %systemroot%\system32\carboncopy32.dll File not found
    NetSvcs: QPSched - %systemroot%\system32\sfusvc.dll File not found
    NetSvcs: viagfx - %systemroot%\system32\PTproct.dll File not found
    NetSvcs: sonypvs1 - %systemroot%\system32\cvintdrv.dll File not found
    NetSvcs: mod7700 - %systemroot%\system32\sfman.dll File not found
    NetSvcs: UNDPX2A - %systemroot%\system32\ZSMC303.dll File not found
    NetSvcs: e1express - %systemroot%\system32\edspport.dll File not found
    NetSvcs: fsaua - %systemroot%\system32\MSCamSvc.dll File not found
    NetSvcs: btwusb - %systemroot%\system32\Anydlc.dll File not found
    NetSvcs: mnsframework - %systemroot%\system32\LUsbKbd.dll File not found
    NetSvcs: FiltUSBEMPIA - %systemroot%\system32\wandrv.dll File not found
    NetSvcs: viairda - %systemroot%\system32\avfilter.dll File not found
    NetSvcs: netsvc - %systemroot%\system32\prodrv06.dll File not found
    NetSvcs: ASLDRService - %systemroot%\system32\bc_ngn.dll File not found
    NetSvcs: sp_rssrv - %systemroot%\system32\elotouchscreen.dll File not found
    NetSvcs: s217unic - %systemroot%\system32\MRESP50a64.dll File not found
    NetSvcs: NWSAP - %systemroot%\system32\prepdrvr.dll File not found
    NetSvcs: AX88772 - %systemroot%\system32\sit_bus.dll File not found
    NetSvcs: clsched - %systemroot%\system32\regservice.dll File not found
    NetSvcs: avg7updsvc - %systemroot%\system32\U2SP.dll File not found
    NetSvcs: DumaNT - %systemroot%\system32\clisvc.dll File not found
    NetSvcs: incdsrv - %systemroot%\system32\w39n51.dll File not found
    NetSvcs: ino_flpy - %systemroot%\system32\usbsermptxp.dll File not found
    NetSvcs: windrvNT - %systemroot%\system32\wwnetdde.dll File not found
    NetSvcs: NsTrcNT - %systemroot%\system32\cmpci.dll File not found
    NetSvcs: pcscnsrv - %systemroot%\system32\radiosvr.dll File not found
    NetSvcs: elnkfwppservice - %systemroot%\system32\wacommousefilter.dll File not found
    NetSvcs: w550bus - %systemroot%\system32\genmcmn.dll File not found
    NetSvcs: SaiNtSub - %systemroot%\system32\DMICall.dll File not found
    NetSvcs: NITaggerService - %systemroot%\system32\ca-messagequeuing.dll File not found
    NetSvcs: DMICall - %systemroot%\system32\ntcharge.dll File not found
    NetSvcs: phnxvcdservice - %systemroot%\system32\trufos.dll File not found
    NetSvcs: pdfcreatormessages - %systemroot%\system32\w810mdfl.dll File not found
    NetSvcs: odclientservice - %systemroot%\system32\BRGSp50.dll File not found
    NetSvcs: BrSerIf - %systemroot%\system32\SE2Bmgmt.dll File not found
    NetSvcs: vnxservice - %systemroot%\system32\protectedstorage.dll File not found
    NetSvcs: dnetc - %systemroot%\system32\ccispwdsvc.dll File not found
    NetSvcs: iksyssec - %systemroot%\system32\SWNC5E00.dll File not found
    NetSvcs: U81xmgmt - %systemroot%\system32\sr_service.dll File not found
    NetSvcs: zebrceb - %systemroot%\system32\SiSRaid.dll File not found
    NetSvcs: atimtag - %systemroot%\system32\epstnt01.dll File not found
    NetSvcs: oracle_load_balancer_60_client-forms6ip9 - %systemroot%\system32\SbieDrv.dll File not found
    NetSvcs: F700iat - %systemroot%\system32\netdevio.dll File not found
    NetSvcs: ELkbd - %systemroot%\system32\symantecantibotfilter.dll File not found
    NetSvcs: p1110vid - %systemroot%\system32\wps.dll File not found
    NetSvcs: vpctcom - %systemroot%\system32\NxSysMon.dll File not found
    NetSvcs: TVALG - %systemroot%\system32\NetMsmqActivator.dll File not found
    NetSvcs: swwd - %systemroot%\system32\ntcharge.dll File not found
    NetSvcs: s616obex - %systemroot%\system32\cacheserver.dll File not found
    NetSvcs: EIO_XP - %systemroot%\system32\ATIVXSTW.dll File not found
    NetSvcs: EntDrv51 - %systemroot%\system32\amdk77.dll File not found
    NetSvcs: atitunep - %systemroot%\system32\nnsvc.dll File not found
    NetSvcs: mwlsvc - %systemroot%\system32\se27nd5.dll File not found
    NetSvcs: pinnaclesys.mediaserver - %systemroot%\system32\epsonbidirectionalagent.dll File not found
    NetSvcs: flashcomadmin - %systemroot%\system32\clcapsvc.dll File not found
    NetSvcs: T6963C - %systemroot%\system32\db2licd.dll File not found
    NetSvcs: bmuservice - %systemroot%\system32\icdsptsv.dll File not found
    NetSvcs: BrScnUsb - %systemroot%\system32\dmisrv.dll File not found
    NetSvcs: JGOGO - %systemroot%\system32\vcommmgr.dll File not found
    NetSvcs: L6POD - %systemroot%\system32\anio.dll File not found
    NetSvcs: messenger - File not found
    NetSvcs: hpci - %systemroot%\system32\se45bus.dll File not found
    NetSvcs: apache2 - %systemroot%\system32\cportclm.dll File not found
    NetSvcs: gusvc - %systemroot%\system32\fsaua.dll File not found
    NetSvcs: Cap7134 - %systemroot%\system32\rt73.dll File not found
    NetSvcs: lxdm_device - %systemroot%\system32\pfc.dll File not found
    NetSvcs: HabuFltr - %systemroot%\system32\mr2kserv.dll File not found
    NetSvcs: nvidesm - %systemroot%\system32\vzcdbsvc.dll File not found
    NetSvcs: DFUBTUSB - %systemroot%\system32\sigfilt.dll File not found
    NetSvcs: eskerlicensecontrol - %systemroot%\system32\WDM_YAMAHAAC97.dll File not found
    NetSvcs: FontCache3.0.0.0. - %systemroot%\system32\ncupdatesvc.dll File not found
    NetSvcs: uisp - %systemroot%\system32\epstnt01.dll File not found
    NetSvcs: nsm1mdfl - %systemroot%\system32\pchost.dll File not found
    NetSvcs: deltafw - %systemroot%\system32\MREMP50.dll File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
     
  15. Danielf91

    Danielf91 TS Rookie Topic Starter

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-03-26 13:09:48 | 000,000,000 | ---D | C] -- C:\50fa0ef34f9ef12aaf
    [2012-03-25 11:48:45 | 000,000,000 | ---D | C] -- C:\9c145430caf831c9817f06c706
    [2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
    [2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2012-03-24 13:15:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012-03-24 11:56:17 | 000,000,000 | ---D | C] -- C:\e4da17c275171bb8acade5d1a5
    [2012-03-22 12:06:20 | 000,000,000 | ---D | C] -- C:\ea8b7a053f0a96b631e99f
    [2012-03-20 13:28:21 | 000,000,000 | ---D | C] -- C:\089ffb56246d48b065
    [2012-03-17 00:48:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-03-17 00:42:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-03-17 00:42:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\temp
    [2012-03-17 00:38:49 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012-03-10 12:40:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-03-10 12:40:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-03-10 12:40:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-03-10 12:40:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-03-10 12:39:41 | 004,432,970 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
    [2012-03-09 23:07:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012-03-09 22:47:20 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012-03-09 22:47:20 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012-03-09 22:47:20 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012-03-09 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012-03-09 22:47:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012-03-09 22:47:19 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012-03-09 22:47:19 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012-03-09 22:46:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012-03-09 22:46:22 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012-03-09 22:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012-03-09 22:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012-03-09 22:34:08 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Daniel\Desktop\AppRemover.exe
    [2012-03-09 22:28:51 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\TDSSKiller.exe
    [2012-03-09 22:26:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012-03-08 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 3
    [2012-03-08 15:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XoftSpySE
    [2012-03-08 15:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2012-03-08 15:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2012-03-08 15:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
    [2012-03-08 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
    [2012-03-08 15:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
    [2012-03-08 15:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    [2012-03-08 15:03:51 | 000,000,000 | ---D | C] -- C:\rei
    [2012-03-08 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
    [2012-03-08 15:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
    [2012-03-08 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    [2012-03-08 14:59:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012-03-08 14:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012-03-07 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
    [2012-03-07 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-03-07 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-03-07 19:46:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012-03-07 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012-03-04 14:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
    [2012-03-04 14:34:54 | 000,000,000 | ---D | C] -- C:\BDS
    [2012-03-03 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Darksiders
    [2012-02-27 14:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012-02-27 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012-02-27 14:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-03-26 13:22:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000UA.job
    [2012-03-26 13:21:31 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000Core.job
    [2012-03-26 13:09:23 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
    [2012-03-26 13:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-03-25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2012-03-25 11:49:37 | 000,780,998 | ---- | M] () -- C:\Windows\System32\perfh013.dat
    [2012-03-25 11:49:37 | 000,682,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012-03-25 11:49:37 | 000,164,654 | ---- | M] () -- C:\Windows\System32\perfc013.dat
    [2012-03-25 11:49:37 | 000,129,880 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012-03-25 11:47:06 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
    [2012-03-23 19:50:12 | 000,002,403 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
    [2012-03-20 20:51:47 | 000,001,493 | ---- | M] () -- C:\Users\Daniel\Desktop\Wow - Snelkoppeling.lnk
    [2012-03-20 13:28:05 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2012-03-19 13:35:05 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-03-19 13:35:05 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-03-19 13:27:43 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
    [2012-03-19 13:27:27 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012-03-17 00:44:52 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
    [2012-03-17 00:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012-03-17 00:44:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012-03-10 12:39:49 | 004,432,970 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
    [2012-03-09 22:47:20 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012-03-09 22:47:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012-03-09 22:34:47 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Daniel\Desktop\AppRemover.exe
    [2012-03-09 22:28:38 | 002,044,980 | ---- | M] () -- C:\Users\Daniel\Desktop\tdsskiller.zip
    [2012-03-09 18:24:28 | 000,186,170 | ---- | M] () -- C:\Users\Daniel\Desktop\Printscreen.png
    [2012-03-08 18:34:19 | 000,001,743 | ---- | M] () -- C:\Users\Daniel\Desktop\MassEffect3 - Snelkoppeling.lnk
    [2012-03-08 15:11:39 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
    [2012-03-08 15:04:40 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
    [2012-03-08 15:03:52 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    [2012-03-08 14:59:46 | 000,002,244 | ---- | M] () -- C:\Users\Daniel\Desktop\SpyHunter.lnk
    [2012-03-07 19:46:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-03-07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012-03-07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012-03-07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012-03-07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012-03-07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012-03-07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012-03-07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012-03-07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012-03-06 19:07:32 | 000,334,896 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012-03-05 12:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\TDSSKiller.exe
    [2012-03-04 14:51:20 | 000,002,013 | ---- | M] () -- C:\Users\Daniel\Desktop\Borderlands - Snelkoppeling.lnk
    [2012-02-27 14:58:52 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-03-20 20:51:47 | 000,001,493 | ---- | C] () -- C:\Users\Daniel\Desktop\Wow - Snelkoppeling.lnk
    [2012-03-17 00:44:20 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012-03-10 12:40:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-03-10 12:40:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-03-10 12:40:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-03-10 12:40:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-03-10 12:40:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-03-09 22:47:20 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012-03-09 22:28:47 | 002,044,980 | ---- | C] () -- C:\Users\Daniel\Desktop\tdsskiller.zip
    [2012-03-09 18:24:28 | 000,186,170 | ---- | C] () -- C:\Users\Daniel\Desktop\Printscreen.png
    [2012-03-08 18:34:19 | 000,001,743 | ---- | C] () -- C:\Users\Daniel\Desktop\MassEffect3 - Snelkoppeling.lnk
    [2012-03-08 15:12:21 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2012-03-08 15:11:39 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
    [2012-03-08 15:11:38 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2012-03-08 15:11:35 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
    [2012-03-08 15:04:24 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
    [2012-03-08 15:03:52 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    [2012-03-08 14:59:46 | 000,002,244 | ---- | C] () -- C:\Users\Daniel\Desktop\SpyHunter.lnk
    [2012-03-07 19:46:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-03-04 14:51:20 | 000,002,013 | ---- | C] () -- C:\Users\Daniel\Desktop\Borderlands - Snelkoppeling.lnk
    [2012-02-27 14:58:52 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012-02-09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011-12-22 16:44:24 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
    [2011-11-29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011-10-26 13:04:27 | 000,023,040 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-10-22 20:02:28 | 000,002,544 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
    [2011-10-22 20:02:28 | 000,001,248 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
    [2011-10-14 20:50:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ccff.isl
    [2011-09-16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011-09-16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011-09-16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011-09-16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011-09-13 13:27:41 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
    [2011-09-13 13:27:18 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
    [2011-09-08 23:07:11 | 000,000,810 | ---- | C] () -- C:\Windows\eReg.dat
    [2011-09-05 15:04:51 | 000,000,132 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011-06-11 23:25:03 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
    [2011-05-25 02:21:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011-04-06 22:52:35 | 000,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND
    [2011-02-09 21:32:30 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
    [2011-02-08 15:41:40 | 000,000,291 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011-01-23 14:36:03 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011-01-23 14:36:03 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
    [2011-01-23 14:35:35 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2011-01-23 14:35:33 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2011-01-23 14:35:27 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2011-01-15 21:18:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
    [2011-01-15 21:17:35 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
    [2011-01-14 20:56:51 | 001,810,992 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2011-01-14 20:56:51 | 000,195,120 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2011-01-14 20:56:51 | 000,034,096 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2011-01-14 20:56:51 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
    [2011-01-14 20:56:51 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== LOP Check ==========

    [2011-01-15 23:45:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AVG
    [2012-02-22 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DarknessII
    [2011-11-24 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
    [2012-02-06 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EurekaLog
    [2012-02-13 18:12:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
    [2011-09-18 15:54:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Glory of the Roman Empire
    [2011-02-17 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HLSW
    [2011-12-11 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient
    [2011-02-17 23:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\inkscape
    [2011-08-15 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
    [2011-11-09 22:53:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire
    [2011-12-29 01:06:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire Music
    [2011-12-29 01:10:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MusicNet
    [2011-10-26 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\My Games
    [2011-08-05 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PunkBuster
    [2011-12-30 17:53:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung
    [2011-05-24 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
    [2012-01-18 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sports Interactive
    [2011-10-06 19:56:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly
    [2011-09-18 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
    [2011-04-07 12:47:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
    [2012-03-26 13:10:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
    [2011-12-11 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XnView
    [2012-03-25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2012-03-20 13:28:05 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2012-03-17 14:18:14 | 000,032,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2012-01-13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
     
  16. Danielf91

    Danielf91 TS Rookie Topic Starter

    OTL Extras logfile created on: 26-3-2012 14:10:43 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Daniel\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,80% Memory free
    5,93 Gb Paging File | 4,57 Gb Available in Paging File | 77,16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222,88 Gb Total Space | 21,46 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
    Drive D: | 1015,00 Mb Total Space | 987,12 Mb Free Space | 97,25% Space Free | Partition Type: FAT32
    Drive E: | 9,00 Gb Total Space | 2,23 Gb Free Space | 24,78% Space Free | Partition Type: NTFS

    Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
    "{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
    "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
    "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
    "{5D0F1D39-F353-42DD-B6A3-B947500E246B}" = HP ProtectTools Security Manager
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{77819F21-42FA-4523-A40D-3EAC892B27F0}" = Google SketchUp 8
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{805FF8E4-2CC8-4981-8DD6-1EDF5A30F6CF}" = YouTube Downloader Toolbar v5.1
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D7BD6EE-C597-4375-B07F-A91FC78991C7}" = V-Ray for SketchUp 6
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPRO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PRJPRO_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PRJPRO_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PRJPRO_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00B4-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2010
    "{90140000-00B4-0413-0000-0000000FF1CE}_Office14.PRJPRO_{E5AF66CE-C66D-49AD-A064-842D407E2B18}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9EB1870B-333F-4310-A187-617C86E3473D}" = Drive Encryption for HP ProtectTools
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A88C35D3-A24A-4B10-9B78-E7409887A28D}" = HP ESU for Microsoft Windows 7
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Nederlands
    "{AE33C672-86DD-4AEE-B7E7-8FC4B40D9B64}" = Etude Afname Systeem 3.6.02
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision stuurprogramma 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision controllerstuurprogramma 295.73
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.12.0209
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
    "{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
    "{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "15867-DMP" = Devices and Printers icon for Trust 15867
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "avast" = avast! Free Antivirus
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Chit Chat For Facebook_is1" = Chit Chat For Facebook 1.435
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Darkness II_is1" = Darkness II
    "FileZilla Client" = FileZilla Client 3.5.1
    "FileZilla Server" = FileZilla Server (remove only)
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "LSI Soft Modem" = LSI HDA Modem
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MS Access 97 SP2" = MS Access 97 SP2
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PRJPRO" = Microsoft Project Professional 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PC Wizard 2010_is1" = PC Wizard 2010.1.96
    "PowerISO" = PowerISO
    "Reimage Repair" = Reimage Repair
    "ReImageCompanion" = ReImageCompanion
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
    "SopCast" = SopCast 3.4.0
    "SpeedFan" = SpeedFan (remove only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemRequirementsLab" = System Requirements Lab
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.10
    "WheelMouse" = Advanced Wheel Mouse 6.0.0.002
    "WinRAR archiver" = WinRAR

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8-10-2011 0:04:06 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
    AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 9-10-2011 7:33:58 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
    AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 10-10-2011 8:51:04 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: hl2.exe, versie: 0.0.0.0, tijdstempel:
    0x470c11ae Naam van module met fout: gameui.dll_unloaded, versie: 0.0.0.0, tijdstempel:
    0x470aa055 Uitzonderingscode: 0xc0000005 Foutoffset: 0x1c5fcf57 Id van proces met
    fout: 0xc28 Starttijd van toepassing met fout: 0x01cc8746e256f810 Pad naar toepassing
    met fout: C:\Users\Daniel\Downloads\Half-Life 2 The Orange Box [Krayzie-N-Bone]\Portal\Portal\hl2.exe
    Pad
    naar module met fout: gameui.dll Rapport-id: 83038b38-f33e-11e0-8dca-00247e8b8740

    Error - 10-10-2011 11:46:25 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
    AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 11-10-2011 9:30:04 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: steam.exe, versie: 1.0.1065.11, tijdstempel:
    0x4d9b89de Naam van module met fout: ntdll.dll, versie: 6.1.7601.17514, tijdstempel:
    0x4ce7b96e Uitzonderingscode: 0xc0000005 Foutoffset: 0x00032239 Id van proces met
    fout: 0x1004 Starttijd van toepassing met fout: 0x01cc880f6fcaa68d Pad naar toepassing
    met fout: C:\Program Files\Steam\steam.exe Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
    Rapport-id:
    202eb3e7-f40d-11e0-9380-00247e8b8740

    Error - 11-10-2011 10:30:45 | Computer Name = Daniel-PC | Source = VSS | ID = 8194
    Description =

    Error - 11-10-2011 17:08:33 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 11-10-2011 17:08:33 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 12-10-2011 8:12:49 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: Rage.exe, versie: 1.0.27.6901, tijdstempel:
    0x4e89e183 Naam van module met fout: Rage.exe, versie: 1.0.27.6901, tijdstempel:
    0x4e89e183 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00108468 Id van proces met
    fout: 0x1714 Starttijd van toepassing met fout: 0x01cc88cc89f87052 Pad naar toepassing
    met fout: C:\Program Files\Bethesda Softworks\Rage\Rage.exe Pad naar module met
    fout: C:\Program Files\Bethesda Softworks\Rage\Rage.exe Rapport-id: 80150512-f4cb-11e0-8c36-00247e8b8740

    Error - 13-10-2011 12:59:44 | Computer Name = Daniel-PC | Source = VSS | ID = 8194
    Description =

    [ Credential Manager Events ]
    Error - 8-9-2011 10:53:47 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
    Description = The system failed to authenticate the submitted user credentials. User:
    Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
    Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

    Error - 8-9-2011 10:53:47 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 8-9-2011 10:53:50 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
    Description = The system failed to authenticate the submitted user credentials. User:
    Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
    Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

    Error - 8-9-2011 10:53:50 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 29-10-2011 14:59:12 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
    Description = The system failed to authenticate the submitted user credentials. User:
    Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
    Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

    Error - 29-10-2011 14:59:12 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 22-1-2012 7:11:01 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
    Description = The system failed to authenticate the submitted user credentials. User:
    Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
    Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

    Error - 22-1-2012 7:11:01 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 23-3-2012 13:48:38 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 23-3-2012 13:48:38 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
    Description = The system failed to authenticate the submitted user credentials. User:
    Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
    Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

    [ System Events ]
    Error - 20-3-2012 7:29:01 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 21-3-2012 5:00:14 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 21-3-2012 18:16:27 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
    Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: XoftSpyService.

    Error - 22-3-2012 6:07:05 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 23-3-2012 7:16:32 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 23-3-2012 13:48:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
    Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: ShellHWDetection.

    Error - 23-3-2012 13:48:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
    Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: XoftSpyService.

    Error - 24-3-2012 5:57:31 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 25-3-2012 5:49:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

    Error - 26-3-2012 7:10:40 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
    XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.


    < End of report >

    I couldn't find a way to get this in English, so if you need a translation somewere, ask it.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Translations online leave a lot to be desired!

    Please read directions carefully: Combofix directions:
    You had to remove AVG because the program left no way to completely disable it for scans. The temporary AV is to protect you between scans. But you still have to follow directions to disable the security.

    I will not be responsible for entries in Dutch. I don't have time to translate and as you saw, translation leaves a lot to be desired.
     
  18. Danielf91

    Danielf91 TS Rookie Topic Starter

    Sorry, but what do you mean with translations online leave a lot to be desired? Do you want more translations from me? Are my translations incomplete? Because this is a correct translation of what you quoted.

    Also sorry, what I meant was: Do I have to run Combofix a second time?
    Since the AV was turned off when I started the scan. When my computer restarted, so did the AV.
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My comment about translations was not meant as a criticism- but a fact. The translations are literal, not allowing for any idioms in a language. Therefore the actual meaning of an entry can be skewed. Although this is a global board, my language is English. While there is no problem if a heading of a section is in another language, that does not matter because I know the template or section headings. But I have to be able to read the file or process name.

    But when the content of an entry is in Dutch, I either have to translate it online, which as mentioned has it's limitations, or go back to you to translate. There were several infected system files that were replaced by Combofix. But since the scan was run in the reduced functionality, I would like you to disable the temporary AV and repeat the Combofix scan.

    Since you have Combofix already on the desktop, you can rerun the scan while disconnected from the internet if you wish.

    I will be giving you some script to run through Combofix and/or OTL or possibly both to remove bad entries.
    =========================================
    Please locate and disable this process:
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    There are system errors occurring for User: Daniel@DANIEL-PC Credentials
    The system could not log you on
    The system failed to authenticate the submitted user credentials
    I think the HP program could be responsible.
    ==================
    Please uninstall all of the following:SearchScopes has everything set to use the phpnuke site I asked you about:
    1. XoftSpySE> from Parentlogic>very checkered history in rogue programs
    2. Spyhunter> from Enigma Software Group> Fails all Site Advisor categories.
    3. Parentologic> Fails Site Advisor categories #2 & 3 below, Cautions #1 & 4.
    4.SearchScopes
    -----------------------------------
    WOT Search Advisor rates the following categories:
    1. Trustworthiness
    2. Vendor Reliability
    3. Privacy
    4. Child Safety
    When finished uninstalling, use Windows Explorer to access Computer> Local Drive(C)> Programs> find the program folder for each and do a right click> Delete.

    I will recommend security for you later. I will include a Site Advisor also so when you see a site rated as 'red' you will know not to use it.
    ======================
    Reimage is an online computer repair tool that will automatically fix Windows by replacing corrupt files. You have been using this during the cleaning. This appears to be basically a registry cleaner. We do no recommend this to anyone. Any small benefits you may get from a registry cleaner-if any- are far outweighed by the risk to the system. You can get a free scan, then have to purchase.
    ====================
    All of the above have been running while I have been helping you.
    =======================
    P2P or 'file sharing' Warning:
    Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Ares and uTorrent for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
     
  20. Danielf91

    Danielf91 TS Rookie Topic Starter

    Just a quick notion, so the thread doesn't get closed. I'm quite busy this and next week, so I will get to these things in about 2 weeks.

    I get that you have a hard time with the Dutch entries. Thanks for atleast taking your time and trying it.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm going to go ahead and close this thread for now. If the problems persist when you return, please send a PM to me or Broni. Since it will be 2 weeks or so, you will need to repeat the original scans.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...