[Holding] AVG keeps on finding Trojan Horse Crypt.AQLW and Win32/Sirefef.ER

Danielf91

Posts: 13   +0
Hi there,

Since a few days my AVG keeps popping up with infections, which I can send to quarantine. The infections keep coming back however in different .dll names/files in system32, but they are always named Trojans Horse Crypt.AQLW and Win32/Sirefef.ER.

When I do a scan with AVG it doesn't come up with anything. Help would be very much appreciated.

The logs are posted below. Some of the text is in Dutch, I am not sure if this is ok with you?

=================================================================

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.07.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Daniel :: DANIEL-PC [administrator]

9-3-2012 13:20:32
mbam-log-2012-03-09 (13-20-32).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 213139
Verstreken tijd: 7 minuut/minuten, 22 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

=================================================================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-09 13:36:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FCDO
Running: l58d6vrr.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B313760] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a41mzik2 \Device\Scsi\a41mzik21 875721F8
Device \Driver\a41mzik2 \Device\Scsi\a41mzik21Port1Path0Target0Lun0 875721F8
Device \FileSystem\Ntfs \Ntfs 862341F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\fastfat \Fat 87281500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework-runtime/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 4932

---- EOF - GMER 1.0.15 ----

=================================================================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Daniel at 13:43:58 on 2012-03-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3036.1430 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\System32\svchost.exe -k Bioscrypt
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\AsGHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uStart Page = hxxp://www.google.com
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
mSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\reimagecompanion\updatebhoWin32.dll
BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - c:\program files\reimagecompanion\jsloader.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Chit Chat for Facebook] c:\program files\chit chat for facebook\CCFFacebook.exe
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 82.139.64.64 82.139.66.66
TCP: Interfaces\{D118C8FB-642F-4477-952D-A4BAEF5FF7E6} : DhcpNameServer = 82.139.64.64 82.139.66.66
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\05F6C616279637 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\6456272772D60284579637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\A414E43524255574 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\A414E43524255574D20535B4 : DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1 8.8.8.8
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\C696E6B637973713 : DhcpNameServer = 172.25.38.6 172.25.4.6
TCP: Interfaces\{D62A1764-3901-4CBB-B4CA-0C30DD9DA340}\E696D626573723030313 : DhcpNameServer = 130.161.180.1 130.161.180.65
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
AppInit_DLLs: c:\progra~1\hewlet~1\iam\bin\APSHook.dll acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ASWLNPkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-3-5 51480]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-3-5 13032]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-3-5 12600]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-7-14 20992]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2009-7-14 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-3-5 256616]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-1-14 26168]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-7-29 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-1-16 223960]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-16 7122944]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-2-14 49152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mks_scan;Aalogger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-30 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-6-13 20328]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2010-4-13 45056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-1-14 3668480]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-4 27192]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2011-2-14 49152]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-30 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-30 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-30 136808]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2011-6-11 6784]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]
.
=============== Created Last 30 ================
.
2012-03-08 16:12:53 -------- d-----w- c:\program files\Mass Effect 3
2012-03-08 13:11:35 -------- d-----w- c:\programdata\ParetoLogic
2012-03-08 13:11:34 -------- d-----w- c:\program files\common files\ParetoLogic
2012-03-08 13:11:33 -------- d-----w- c:\programdata\XoftSpySE
2012-03-08 13:11:33 -------- d-----w- c:\program files\common files\XoftSpySE
2012-03-08 13:11:32 -------- d-----w- c:\program files\XoftSpySE6
2012-03-08 13:03:51 -------- d-----w- C:\rei
2012-03-08 13:03:47 -------- d-----w- c:\program files\Reimage
2012-03-08 13:03:42 -------- d-----w- c:\program files\ReImageCompanion
2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-03-08 12:59:46 110080 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-03-08 12:59:45 -------- d-----w- C:\sh4ldr
2012-03-08 12:59:45 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 12:59:07 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-07 17:46:47 -------- d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
2012-03-07 17:46:44 -------- d-----w- c:\programdata\Malwarebytes
2012-03-07 17:46:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 17:46:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-07 14:35:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-04 12:46:01 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-03-04 12:35:14 -------- d-----w- c:\program files\2K Games
2012-03-04 12:34:54 -------- d-----w- C:\BDS
2012-03-03 19:23:00 -------- d-----w- c:\users\daniel\appdata\local\Darksiders
2012-03-01 12:20:38 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-03-01 12:20:38 -------- d-----w- c:\program files\common files\Spigot
2012-03-01 12:20:38 -------- d-----w- c:\program files\Application Updater
2012-02-27 12:58:15 -------- d-----w- c:\program files\iPod
2012-02-27 12:58:14 -------- d-----w- c:\program files\iTunes
2012-02-23 20:36:18 -------- d-----w- c:\program files\Mass Effect 2
2012-02-23 14:56:21 -------- d-----w- c:\programdata\Media Center Programs
2012-02-22 19:53:03 -------- d-----w- c:\program files\Sid Meier's Civilization V
2012-02-22 14:35:51 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 14:35:51 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 14:35:51 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 14:35:51 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 14:35:51 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 14:35:51 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 14:35:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 14:35:51 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 14:35:51 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-19 15:23:54 -------- d-----w- c:\users\daniel\appdata\roaming\DarknessII
2012-02-19 14:25:34 -------- d-----w- C:\game
2012-02-19 10:43:41 -------- d-----w- c:\program files\Remedy Entertainment
2012-02-13 17:13:17 -------- d-----w- c:\program files\Eidos
2012-02-09 19:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-09 16:25:11 -------- d-----w- c:\users\daniel\appdata\local\BigHugeEngine
2012-02-08 16:18:05 3540 ----a-w- C:\STFD490.tmp
.
==================== Find3M ====================
.
2012-03-09 11:24:04 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-09 11:24:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-03-07 17:22:38 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-22 14:47:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00:25 710976 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-10 03:00:25 55104 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-10 03:00:25 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-01 15:57:14 3540 ----a-w- C:\STFF476.tmp
2012-02-01 12:41:00 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
2012-02-01 12:41:00 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
2012-01-31 18:17:00 3540 ----a-w- C:\STF9B8B.tmp
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_ rev.FCDO -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C3E000]<< >>UNKNOWN [0x8BA68000]<< >>UNKNOWN [0x8BA57000]<< >>UNKNOWN [0x87247FD0]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C7552A] -> \Device\Harddisk0\DR0[0x86DC3AC8]
\Driver\Disk[0x86DC2030] -> IRP_MJ_CREATE -> 0x8BA6C39F
3 [0x8BA6C59E] -> ntkrnlpa!IofCallDriver[0x82C7552A] -> [0x870D1AE8]
\Driver\00001084[0x870D1C20] -> IRP_MJ_CREATE -> 0x87247FD0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:44:42,67 ===============

=================================================================


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15-1-2011 20:29:15
System Uptime: 9-3-2012 12:23:18 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30E7
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | Intel(R) Genuine processor | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 28,417 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0,964 GiB free.
E: is FIXED (NTFS) - 9 GiB total, 2,23 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP419: 8-3-2012 17:30:22 - DirectX is geïnstalleerd.
.
==== Installed Programs ======================
.
ActivClient x86
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1) - Nederlands
Advanced Wheel Mouse 6.0.0.002
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AuthenTec Fingerprint System
AuthenTec TrueSuite
AVG 2012
AVG PC Tuneup 2011
Bonjour
Borderlands
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Chit Chat For Facebook 1.435
Credential Manager for HP ProtectTools
Darkness II
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Devices and Printers icon for Trust 15867
Drive Encryption for HP ProtectTools
Dropbox
Easy Driver Pro
Etude Afname Systeem 3.6.02
FileZilla Client 3.5.1
FileZilla Server (remove only)
Google Chrome
Google SketchUp 8
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP ESU for Microsoft Windows 7
HP JavaCard for HP ProtectTools
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Webcam Application
HP Wireless Assistant
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LSI HDA Modem
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware versie 1.60.1.1000
Mass Effect 2
Mass Effect™ 3
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (Dutch) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MS Access 97 SP2
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA-configuratiescherm 295.73
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision controllerstuurprogramma 295.73
NVIDIA 3D Vision stuurprogramma 295.73
NVIDIA Display Control Panel
NVIDIA Grafisch stuurprogramma 295.73
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX systeemsoftware 9.12.0209
NVIDIA Stereoscopic 3D Driver
PC Wizard 2010.1.96
PDF Settings CS5
PowerISO
PunkBuster Services
PVSonyDll
QuickTime
Reimage Repair
ReImageCompanion
Revo Uninstaller Pro 2.5.3
RICOH Media Driver
Rockstar Games Social Club
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SecureW2 EAP Suite 2.0.4 for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
SopCast 3.4.0
SpeedFan (remove only)
SpyHunter
Steam
Synaptics Pointing Device Driver
System Requirements Lab
The Witcher 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
V-Ray for SketchUp 6
VLC media player 1.1.10
Windows Live ID Sign-in Assistant
WinRAR
XoftSpySE
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.0
.
==== End Of File ===========================

=================================================================



Thanks alot for your time!
 
Welcome to TechSpot! It appears that you have the ZeroAccess Rootkit.

And there is additional malware also. AVG can't remove it, so instead of getting it back, it hasn't been removed!
==============================================
I note these entries: Are they yours?
uSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uStart Page = hxxp://www.google.com
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
mSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

Currently as it stands there are numerous vulnerabilities that affect all versions of PHP-Nuke, including the latest release 8.1.35. Until a new release is made it is strongly recommended to avoid this software.
  • Several security holes have been discovered in PHP-Nuke, including SQL injection via unchecked PHP code.[2][3]
  • PHP-Nuke may have issues with some search engine indexes. PHP-Nuke does not use simple URLs or unique titles for pages.
==============================================
Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan:
  • On completion of the scan click "Save log", save it to your desktop
  • Post in your next reply:

=============================================
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
=======================================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
========================================
Please leave all logs in your next reply.
 
Hello Bobbye,

Thank you for your fast reply.

Everytime I scan using aswMBR the program crashes after scanning the same file:

C:\Windows\assembly\GAC_MSIL\Microsoft.Visualstudio.Tools.Applications.(something*)

I cant read the rest of the path, because the screen is too small..
After scanning that file, a box pops up saying the program stopped working, after which Windows starts searching for online sollutions.
I tried scanning 10 times now.

As for the phpnuke entries, I have no idea what they are, or what phpnuke is. It's not a program I use or anything.
 
Skip it for now and go on with the other scans. I can remove the phpnuke with script after you've run Combofix.
 
I have run TDSSKiller, it found 3 infections and I quaratined them. It didn't produce any log, is that ok?

I'm having some problems with Combofix. How long does a scan normally take?
I have been scanning from saturdaymorning 11.00h till sundayevening 21.00h and it is still not finnished.
Combofix says it normally takes 10 minutes to double that on heavilly infected pc's...
 
It didn't produce any log, is that ok?

Not okay. There is a log> please find it:>>
Tdsskiller log, located at C:\TDSSKiller.~~~`~~log.txt
===================================
Stop the Combofix scan you are running now. I need to see what was found in the TDSS scan.
=================================
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
===================================
It is xurious why Malwarebytes didn't identify some of the malware you have, so we're going to run it again, but as a Full Scan:
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
===============================================
You have a large assortment of various malwares that need to be removed. The potential for more vulnerability is great as long as they are on the system. Please try the suggestions for running Combofix.

You've had several dates where you have downloaded groups of programs. Some of them came with foistware and some are PUPs> 'potentially unwanted programs.' I can remove some entries and have you uninstall the programs and folders if you can get Combofix to run.

Please do not download, install anything now or update anything you have now except the AV program. Did you uninstall AVG before Combofix as directed? Did you install one of the temporary AV programs?
 
Thank you, I will get to that this weekend. You might also want to know that my computer can not connect to the internet anymore (I am posting this from my phone), so it is a bit harder to post/download things for me at this moment.
 
Take your time. If is not uncommon to lose the internet connection while we're cleaning. You might find it easier to use a flash drive instead of your phone.
 
Ok, here are the logs of TDSS, Combofix and the full Malwarebytes scan. Combofix worked when I scanned in safe mode.

I turned off my AV when running combofix, but when my computer restarted after/during the scan my AV restarted also and started giving loads of warnings, not sure if it's a problem.

Also my computer is no longer giving warnings of infections, so I guess that's a good sign. After the combofix scan, my internet is also up again.


21:23:58.0304 1180 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
21:23:58.0416 1180 ============================================================
21:23:58.0416 1180 Current date / time: 2012/03/09 21:23:58.0416
21:23:58.0416 1180 SystemInfo:
21:23:58.0416 1180
21:23:58.0416 1180 OS Version: 6.1.7601 ServicePack: 1.0
21:23:58.0416 1180 Product type: Workstation
21:23:58.0416 1180 ComputerName: DANIEL-PC
21:23:58.0416 1180 UserName: Daniel
21:23:58.0416 1180 Windows directory: C:\Windows
21:23:58.0416 1180 System windows directory: C:\Windows
21:23:58.0416 1180 Processor architecture: Intel x86
21:23:58.0416 1180 Number of processors: 2
21:23:58.0416 1180 Page size: 0x1000
21:23:58.0416 1180 Boot type: Normal boot
21:23:58.0416 1180 ============================================================
21:23:58.0910 1180 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:23:58.0912 1180 \Device\Harddisk0\DR0:
21:23:58.0916 1180 MBR used
21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDC3FC1
21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1BDC4000, BlocksNum 0x1FD800
21:23:58.0916 1180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BFC1F09, BlocksNum 0x1201000
21:23:58.0980 1180 Initialize success
21:23:58.0980 1180 ============================================================
21:25:50.0481 2400 ============================================================
21:25:50.0481 2400 Scan started
21:25:50.0481 2400 Mode: Manual;
21:25:50.0481 2400 ============================================================
21:25:50.0823 2400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:25:50.0826 2400 1394ohci - ok
21:25:50.0902 2400 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:25:50.0903 2400 Accelerometer - ok
21:25:50.0954 2400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:25:50.0958 2400 ACPI - ok
21:25:50.0979 2400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:25:50.0980 2400 AcpiPmi - ok
21:25:50.0999 2400 ADIHdAudAddService - ok
21:25:51.0092 2400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:51.0092 2400 adp94xx - ok
21:25:51.0171 2400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:25:51.0176 2400 adpahci - ok
21:25:51.0259 2400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:25:51.0262 2400 adpu320 - ok
21:25:51.0301 2400 AFD (9f845170417afca60bc94183fa36e01a) C:\Windows\system32\drivers\afd.sys
21:25:51.0303 2400 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 9f845170417afca60bc94183fa36e01a, Fake md5: a15d2fa344c64412633356865c469cd3
21:25:51.0304 2400 AFD ( ForgedFile.Multi.Generic ) - warning
21:25:51.0304 2400 AFD - detected ForgedFile.Multi.Generic (1)
21:25:51.0377 2400 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\Windows\system32\DRIVERS\AGRSM.sys
21:25:51.0394 2400 AgereSoftModem - ok
21:25:51.0426 2400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:25:51.0427 2400 agp440 - ok
21:25:51.0526 2400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:25:51.0528 2400 aic78xx - ok
21:25:51.0608 2400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:25:51.0609 2400 aliide - ok
21:25:51.0629 2400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:25:51.0631 2400 amdagp - ok
21:25:51.0655 2400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:25:51.0656 2400 amdide - ok
21:25:51.0677 2400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:25:51.0678 2400 AmdK8 - ok
21:25:51.0695 2400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:25:51.0696 2400 AmdPPM - ok
21:25:51.0722 2400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:25:51.0724 2400 amdsata - ok
21:25:51.0740 2400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:51.0742 2400 amdsbs - ok
21:25:51.0761 2400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:25:51.0762 2400 amdxata - ok
21:25:51.0806 2400 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
21:25:51.0807 2400 androidusb - ok
21:25:51.0908 2400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:25:51.0909 2400 AppID - ok
21:25:52.0039 2400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:25:52.0041 2400 arc - ok
21:25:52.0064 2400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:25:52.0065 2400 arcsas - ok
21:25:52.0128 2400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:52.0129 2400 AsyncMac - ok
21:25:52.0170 2400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:25:52.0171 2400 atapi - ok
21:25:52.0242 2400 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\Windows\system32\DRIVERS\atksgt.sys
21:25:52.0244 2400 atksgt - ok
21:25:52.0296 2400 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys
21:25:52.0303 2400 ATSwpWDF - ok
21:25:52.0396 2400 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:25:52.0397 2400 AVGIDSDriver - ok
21:25:52.0418 2400 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:25:52.0418 2400 AVGIDSEH - ok
21:25:52.0430 2400 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:25:52.0431 2400 AVGIDSFilter - ok
21:25:52.0471 2400 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:25:52.0471 2400 AVGIDSShim - ok
21:25:52.0493 2400 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:25:52.0496 2400 Avgldx86 - ok
21:25:52.0506 2400 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:25:52.0507 2400 Avgmfx86 - ok
21:25:52.0537 2400 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:25:52.0538 2400 Avgrkx86 - ok
21:25:52.0561 2400 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:25:52.0565 2400 Avgtdix - ok
21:25:52.0681 2400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:25:52.0688 2400 b06bdrv - ok
21:25:52.0766 2400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:25:52.0769 2400 b57nd60x - ok
21:25:52.0799 2400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:25:52.0800 2400 Beep - ok
21:25:52.0821 2400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:52.0822 2400 blbdrive - ok
21:25:52.0885 2400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:25:52.0886 2400 bowser - ok
21:25:52.0904 2400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:52.0905 2400 BrFiltLo - ok
21:25:52.0923 2400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:52.0923 2400 BrFiltUp - ok
21:25:52.0967 2400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:25:52.0972 2400 Brserid - ok
21:25:53.0052 2400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:53.0053 2400 BrSerWdm - ok
21:25:53.0068 2400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:53.0069 2400 BrUsbMdm - ok
21:25:53.0125 2400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:53.0126 2400 BrUsbSer - ok
21:25:53.0154 2400 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:25:53.0156 2400 BthEnum - ok
21:25:53.0169 2400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:53.0170 2400 BTHMODEM - ok
21:25:53.0213 2400 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:25:53.0215 2400 BthPan - ok
21:25:53.0248 2400 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:25:53.0254 2400 BTHPORT - ok
21:25:53.0297 2400 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:25:53.0298 2400 BTHUSB - ok
21:25:53.0334 2400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:25:53.0335 2400 cdfs - ok
21:25:53.0405 2400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:25:53.0406 2400 cdrom - ok
21:25:53.0497 2400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:25:53.0498 2400 circlass - ok
21:25:53.0569 2400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:25:53.0572 2400 CLFS - ok
21:25:53.0627 2400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:53.0629 2400 CmBatt - ok
21:25:53.0647 2400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:25:53.0648 2400 cmdide - ok
21:25:53.0695 2400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:25:53.0700 2400 CNG - ok
21:25:53.0717 2400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:25:53.0718 2400 Compbatt - ok
21:25:53.0754 2400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:25:53.0755 2400 CompositeBus - ok
21:25:53.0822 2400 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
21:25:53.0824 2400 cpuz134 - ok
21:25:53.0880 2400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:53.0880 2400 crcdisk - ok
21:25:53.0984 2400 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:25:53.0989 2400 CSC - ok
21:25:54.0056 2400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:25:54.0058 2400 DfsC - ok
21:25:54.0116 2400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:25:54.0117 2400 discache - ok
21:25:54.0150 2400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:25:54.0151 2400 Disk - ok
21:25:54.0229 2400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:25:54.0229 2400 drmkaud - ok
21:25:54.0282 2400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:25:54.0292 2400 DXGKrnl - ok
21:25:54.0435 2400 e1yexpress (f8261752ab473e3b24376aab280ad15a) C:\Windows\system32\DRIVERS\e1y6232.sys
21:25:54.0439 2400 e1yexpress - ok
21:25:54.0511 2400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:25:54.0558 2400 ebdrv - ok
21:25:54.0656 2400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:25:54.0662 2400 elxstor - ok
21:25:54.0755 2400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:25:54.0756 2400 ErrDev - ok
21:25:54.0836 2400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:25:54.0839 2400 exfat - ok
21:25:54.0863 2400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:25:54.0865 2400 fastfat - ok
21:25:54.0902 2400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:25:54.0904 2400 fdc - ok
21:25:54.0930 2400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:25:54.0931 2400 FileInfo - ok
21:25:54.0945 2400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:25:54.0946 2400 Filetrace - ok
21:25:55.0026 2400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:55.0027 2400 flpydisk - ok
21:25:55.0050 2400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:25:55.0054 2400 FltMgr - ok
21:25:55.0148 2400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:25:55.0150 2400 FsDepends - ok
21:25:55.0170 2400 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:55.0172 2400 Fs_Rec - ok
21:25:55.0211 2400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:25:55.0215 2400 fvevol - ok
21:25:55.0233 2400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:55.0235 2400 gagp30kx - ok
21:25:55.0288 2400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:55.0289 2400 GEARAspiWDM - ok
21:25:55.0336 2400 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
21:25:55.0338 2400 giveio - ok
21:25:55.0371 2400 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\Windows\system32\DRIVERS\cpqbttn.sys
21:25:55.0372 2400 HBtnKey - ok
21:25:55.0394 2400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:25:55.0395 2400 hcw85cir - ok
21:25:55.0439 2400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:25:55.0444 2400 HdAudAddService - ok
21:25:55.0471 2400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:25:55.0474 2400 HDAudBus - ok
21:25:55.0582 2400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:55.0583 2400 HidBatt - ok
21:25:55.0615 2400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:25:55.0618 2400 HidBth - ok
21:25:55.0642 2400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:25:55.0643 2400 HidIr - ok
21:25:55.0692 2400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:25:55.0694 2400 HidUsb - ok
21:25:55.0772 2400 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:25:55.0773 2400 hpdskflt - ok
21:25:55.0820 2400 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:25:55.0821 2400 HpqKbFiltr - ok
21:25:55.0863 2400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:25:55.0864 2400 HpSAMD - ok
21:25:55.0926 2400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:25:55.0934 2400 HTTP - ok
21:25:56.0048 2400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:25:56.0049 2400 hwpolicy - ok
21:25:56.0087 2400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:25:56.0089 2400 i8042prt - ok
21:25:56.0117 2400 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\Windows\system32\DRIVERS\iaStor.sys
21:25:56.0119 2400 iaStor - ok
21:25:56.0140 2400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:25:56.0144 2400 iaStorV - ok
21:25:56.0205 2400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:25:56.0207 2400 iirsp - ok
21:25:56.0263 2400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:25:56.0264 2400 intelide - ok
21:25:56.0304 2400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:25:56.0305 2400 intelppm - ok
21:25:56.0408 2400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:56.0410 2400 IpFilterDriver - ok
21:25:56.0441 2400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:25:56.0442 2400 IPMIDRV - ok
21:25:56.0458 2400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:25:56.0460 2400 IPNAT - ok
21:25:56.0491 2400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:25:56.0492 2400 IRENUM - ok
21:25:56.0511 2400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:25:56.0512 2400 isapnp - ok
21:25:56.0536 2400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:25:56.0540 2400 iScsiPrt - ok
21:25:56.0569 2400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:56.0570 2400 kbdclass - ok
21:25:56.0590 2400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:56.0591 2400 kbdhid - ok
21:25:56.0648 2400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:25:56.0650 2400 KSecDD - ok
21:25:56.0672 2400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:25:56.0674 2400 KSecPkg - ok
21:25:56.0807 2400 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
21:25:56.0808 2400 lirsgt - ok
21:25:56.0848 2400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:25:56.0863 2400 lltdio - ok
21:25:56.0894 2400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:56.0894 2400 LSI_FC - ok
21:25:56.0910 2400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:56.0910 2400 LSI_SAS - ok
21:25:56.0926 2400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:56.0926 2400 LSI_SAS2 - ok
21:25:56.0957 2400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:56.0957 2400 LSI_SCSI - ok
21:25:56.0972 2400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:25:56.0972 2400 luafv - ok
21:25:57.0031 2400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:25:57.0033 2400 megasas - ok
21:25:57.0052 2400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:57.0056 2400 MegaSR - ok
21:25:57.0096 2400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:25:57.0098 2400 Modem - ok
21:25:57.0125 2400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:25:57.0126 2400 monitor - ok
21:25:57.0221 2400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:25:57.0223 2400 mouclass - ok
21:25:57.0280 2400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:25:57.0281 2400 mouhid - ok
21:25:57.0339 2400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:25:57.0341 2400 mountmgr - ok
21:25:57.0368 2400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:25:57.0370 2400 mpio - ok
21:25:57.0395 2400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:25:57.0397 2400 mpsdrv - ok
21:25:57.0459 2400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:25:57.0461 2400 MRxDAV - ok
21:25:57.0519 2400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:57.0521 2400 mrxsmb - ok
21:25:57.0544 2400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:57.0547 2400 mrxsmb10 - ok
21:25:57.0569 2400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:57.0571 2400 mrxsmb20 - ok
21:25:57.0671 2400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:25:57.0673 2400 msahci - ok
21:25:57.0694 2400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:25:57.0696 2400 msdsm - ok
21:25:57.0755 2400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:25:57.0756 2400 Msfs - ok
21:25:57.0774 2400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:25:57.0774 2400 mshidkmdf - ok
21:25:57.0794 2400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:25:57.0795 2400 msisadrv - ok
21:25:57.0827 2400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:25:57.0828 2400 MSKSSRV - ok
21:25:57.0843 2400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:57.0844 2400 MSPCLOCK - ok
21:25:57.0877 2400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:25:57.0878 2400 MSPQM - ok
21:25:57.0898 2400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:25:57.0901 2400 MsRPC - ok
21:25:57.0929 2400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:25:57.0930 2400 mssmbios - ok
21:25:57.0941 2400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:25:57.0942 2400 MSTEE - ok
21:25:57.0958 2400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:57.0959 2400 MTConfig - ok
21:25:57.0977 2400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:25:57.0979 2400 Mup - ok
21:25:58.0004 2400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:25:58.0008 2400 NativeWifiP - ok
21:25:58.0149 2400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:25:58.0158 2400 NDIS - ok
21:25:58.0202 2400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:58.0204 2400 NdisCap - ok
21:25:58.0233 2400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:58.0234 2400 NdisTapi - ok
21:25:58.0276 2400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:58.0276 2400 Ndisuio - ok
21:25:58.0321 2400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:58.0322 2400 NdisWan - ok
21:25:58.0368 2400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:25:58.0370 2400 NDProxy - ok
21:25:58.0406 2400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:25:58.0407 2400 NetBIOS - ok
21:25:58.0453 2400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:25:58.0457 2400 NetBT - ok
21:25:58.0738 2400 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:25:58.0811 2400 NETw5s32 - ok
21:25:58.0917 2400 netw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\netw5v32.sys
21:25:58.0964 2400 netw5v32 - ok
21:25:59.0202 2400 NETwNs32 (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys
21:25:59.0280 2400 NETwNs32 - ok
21:25:59.0424 2400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:59.0424 2400 nfrd960 - ok
21:25:59.0461 2400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:25:59.0463 2400 Npfs - ok
21:25:59.0475 2400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:25:59.0476 2400 nsiproxy - ok
21:25:59.0543 2400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:25:59.0560 2400 Ntfs - ok
21:25:59.0580 2400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:25:59.0580 2400 Null - ok
21:25:59.0821 2400 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:59.0934 2400 nvlddmkm - ok
21:26:00.0049 2400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:26:00.0052 2400 nvraid - ok
21:26:00.0072 2400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:26:00.0074 2400 nvstor - ok
21:26:00.0098 2400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:26:00.0101 2400 nv_agp - ok
21:26:00.0130 2400 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:26:00.0132 2400 ohci1394 - ok
21:26:00.0228 2400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:26:00.0230 2400 Parport - ok
21:26:00.0271 2400 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:26:00.0272 2400 partmgr - ok
21:26:00.0294 2400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:26:00.0295 2400 Parvdm - ok
21:26:00.0318 2400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:26:00.0321 2400 pci - ok
21:26:00.0340 2400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:26:00.0341 2400 pciide - ok
21:26:00.0360 2400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:00.0363 2400 pcmcia - ok
21:26:00.0465 2400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:26:00.0465 2400 pcw - ok
21:26:00.0497 2400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:26:00.0497 2400 PEAUTH - ok
21:26:00.0635 2400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:26:00.0637 2400 PptpMiniport - ok
21:26:00.0666 2400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:26:00.0668 2400 Processor - ok
21:26:00.0710 2400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:26:00.0712 2400 Psched - ok
21:26:00.0779 2400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:26:00.0797 2400 ql2300 - ok
21:26:00.0892 2400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:00.0894 2400 ql40xx - ok
21:26:00.0941 2400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:26:00.0943 2400 QWAVEdrv - ok
21:26:00.0967 2400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:26:00.0968 2400 RasAcd - ok
21:26:01.0021 2400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:01.0023 2400 RasAgileVpn - ok
21:26:01.0099 2400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:01.0101 2400 Rasl2tp - ok
21:26:01.0121 2400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:01.0123 2400 RasPppoe - ok
21:26:01.0139 2400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:26:01.0141 2400 RasSstp - ok
21:26:01.0192 2400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:26:01.0195 2400 rdbss - ok
21:26:01.0210 2400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:01.0211 2400 rdpbus - ok
21:26:01.0262 2400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:01.0263 2400 RDPCDD - ok
21:26:01.0314 2400 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:26:01.0316 2400 RDPDR - ok
21:26:01.0414 2400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:26:01.0415 2400 RDPENCDD - ok
21:26:01.0437 2400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:26:01.0439 2400 RDPREFMP - ok
21:26:01.0481 2400 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:26:01.0484 2400 RDPWD - ok
21:26:01.0527 2400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:26:01.0530 2400 rdyboost - ok
21:26:01.0595 2400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
21:26:01.0595 2400 Revoflt - ok
21:26:01.0626 2400 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:26:01.0626 2400 RFCOMM - ok
21:26:01.0658 2400 RICOH SmartCard Reader (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
21:26:01.0658 2400 RICOH SmartCard Reader - ok
21:26:01.0689 2400 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:26:01.0689 2400 rimmptsk - ok
21:26:01.0704 2400 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:26:01.0704 2400 rimsptsk - ok
21:26:01.0802 2400 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
21:26:01.0803 2400 rismc32 - ok
21:26:01.0829 2400 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:26:01.0830 2400 rismxdp - ok
21:26:01.0887 2400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:26:01.0888 2400 rspndr - ok
21:26:01.0918 2400 RsvLock (9bb0009c4822bf6af4c903eea1332e2e) C:\Windows\system32\drivers\RsvLock.sys
21:26:01.0919 2400 RsvLock - ok
21:26:01.0949 2400 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:26:01.0950 2400 s3cap - ok
21:26:01.0983 2400 SafeBoot (c9e02c8cdea1230729ee0e0f683428c3) C:\Windows\system32\drivers\SafeBoot.sys
21:26:01.0983 2400 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: c9e02c8cdea1230729ee0e0f683428c3
21:26:01.0984 2400 SafeBoot ( LockedFile.Multi.Generic ) - warning
21:26:01.0984 2400 SafeBoot - detected LockedFile.Multi.Generic (1)
21:26:02.0008 2400 SbAlg (227d5ea7301b6286b18660d83ae066a9) C:\Windows\system32\drivers\SbAlg.sys
21:26:02.0009 2400 SbAlg - ok
21:26:02.0020 2400 SbFsLock (3be51c4a8f7489b6758033debd2bce6e) C:\Windows\system32\drivers\SbFsLock.sys
21:26:02.0021 2400 SbFsLock - ok
21:26:02.0057 2400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:26:02.0059 2400 sbp2port - ok
21:26:02.0173 2400 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
21:26:02.0174 2400 SCDEmu - ok
21:26:02.0213 2400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:26:02.0214 2400 scfilter - ok
21:26:02.0249 2400 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:26:02.0252 2400 sdbus - ok
21:26:02.0295 2400 SecDrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\SECDRV.SYS
21:26:02.0298 2400 SecDrv - ok
21:26:02.0348 2400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:26:02.0350 2400 Serenum - ok
21:26:02.0380 2400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:26:02.0382 2400 Serial - ok
21:26:02.0407 2400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:26:02.0409 2400 sermouse - ok
21:26:02.0434 2400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:26:02.0435 2400 sffdisk - ok
21:26:02.0453 2400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:26:02.0454 2400 sffp_mmc - ok
21:26:02.0466 2400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:26:02.0467 2400 sffp_sd - ok
21:26:02.0491 2400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:02.0492 2400 sfloppy - ok
21:26:02.0514 2400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:26:02.0516 2400 sisagp - ok
21:26:02.0594 2400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:02.0595 2400 SiSRaid2 - ok
21:26:02.0616 2400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:02.0618 2400 SiSRaid4 - ok
21:26:02.0636 2400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:26:02.0637 2400 Smb - ok
21:26:02.0716 2400 SNP2UVC (50660e6b082a7bf86751a003c3bb5210) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:26:02.0740 2400 SNP2UVC - ok
21:26:02.0793 2400 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
21:26:02.0795 2400 speedfan - ok
21:26:02.0917 2400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:26:02.0918 2400 spldr - ok
21:26:02.0990 2400 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
21:26:02.0991 2400 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:26:02.0992 2400 sptd ( LockedFile.Multi.Generic ) - warning
21:26:02.0992 2400 sptd - detected LockedFile.Multi.Generic (1)
21:26:03.0034 2400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:26:03.0038 2400 srv - ok
21:26:03.0056 2400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:26:03.0061 2400 srv2 - ok
21:26:03.0082 2400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:26:03.0084 2400 srvnet - ok
21:26:03.0126 2400 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
21:26:03.0128 2400 ssadbus - ok
21:26:03.0245 2400 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:26:03.0247 2400 ssadmdfl - ok
21:26:03.0288 2400 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:26:03.0290 2400 ssadmdm - ok
21:26:03.0317 2400 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
21:26:03.0319 2400 sscdbus - ok
21:26:03.0351 2400 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:26:03.0352 2400 sscdmdfl - ok
21:26:03.0375 2400 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:26:03.0379 2400 sscdmdm - ok
21:26:03.0500 2400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:26:03.0501 2400 stexstor - ok
21:26:03.0608 2400 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:26:03.0610 2400 storflt - ok
21:26:03.0646 2400 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:26:03.0647 2400 storvsc - ok
21:26:03.0671 2400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:26:03.0672 2400 swenum - ok
21:26:03.0742 2400 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
21:26:03.0759 2400 SynTP - ok
21:26:03.0845 2400 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:26:03.0862 2400 Tcpip - ok
21:26:03.0962 2400 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:26:03.0962 2400 TCPIP6 - ok
21:26:04.0009 2400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:26:04.0009 2400 tcpipreg - ok
21:26:04.0055 2400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:26:04.0055 2400 TDPIPE - ok
21:26:04.0080 2400 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:26:04.0081 2400 TDTCP - ok
21:26:04.0145 2400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:26:04.0146 2400 tdx - ok
21:26:04.0175 2400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:26:04.0176 2400 TermDD - ok
21:26:04.0231 2400 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
21:26:04.0233 2400 TPM - ok
21:26:04.0253 2400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:04.0254 2400 tssecsrv - ok
21:26:04.0324 2400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:26:04.0326 2400 TsUsbFlt - ok
21:26:04.0381 2400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:26:04.0382 2400 tunnel - ok
21:26:04.0519 2400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:26:04.0520 2400 uagp35 - ok
21:26:04.0573 2400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:26:04.0576 2400 udfs - ok
21:26:04.0602 2400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:26:04.0603 2400 uliagpkx - ok
21:26:04.0638 2400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:26:04.0639 2400 umbus - ok
21:26:04.0658 2400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:26:04.0658 2400 UmPass - ok
21:26:04.0704 2400 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:26:04.0705 2400 USBAAPL - ok
21:26:04.0728 2400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:04.0730 2400 usbccgp - ok
21:26:04.0755 2400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:26:04.0756 2400 usbcir - ok
21:26:04.0774 2400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
21:26:04.0776 2400 usbehci - ok
21:26:04.0801 2400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:26:04.0805 2400 usbhub - ok
21:26:04.0825 2400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:26:04.0826 2400 usbohci - ok
21:26:04.0844 2400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:26:04.0845 2400 usbprint - ok
21:26:04.0868 2400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:04.0869 2400 USBSTOR - ok
21:26:04.0969 2400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:26:04.0969 2400 usbuhci - ok
21:26:05.0002 2400 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:26:05.0004 2400 usbvideo - ok
21:26:05.0025 2400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:26:05.0027 2400 vdrvroot - ok
21:26:05.0071 2400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:05.0072 2400 vga - ok
21:26:05.0089 2400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:26:05.0091 2400 VgaSave - ok
21:26:05.0125 2400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:26:05.0128 2400 vhdmp - ok
21:26:05.0150 2400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:26:05.0152 2400 viaagp - ok
21:26:05.0171 2400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:26:05.0173 2400 ViaC7 - ok
21:26:05.0198 2400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:26:05.0199 2400 viaide - ok
21:26:05.0235 2400 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:26:05.0238 2400 vmbus - ok
21:26:05.0259 2400 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:26:05.0260 2400 VMBusHID - ok
21:26:05.0285 2400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:26:05.0287 2400 volmgr - ok
21:26:05.0306 2400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:26:05.0311 2400 volmgrx - ok
21:26:05.0409 2400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:26:05.0413 2400 volsnap - ok
21:26:05.0449 2400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:05.0451 2400 vsmraid - ok
21:26:05.0470 2400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:26:05.0471 2400 vwifibus - ok
21:26:05.0522 2400 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:26:05.0524 2400 vwififlt - ok
21:26:05.0555 2400 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:26:05.0556 2400 vwifimp - ok
21:26:05.0583 2400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:26:05.0584 2400 WacomPen - ok
21:26:05.0632 2400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:05.0633 2400 WANARP - ok
21:26:05.0637 2400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:05.0638 2400 Wanarpv6 - ok
21:26:05.0671 2400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:26:05.0673 2400 Wd - ok
21:26:05.0703 2400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:26:05.0708 2400 Wdf01000 - ok
21:26:05.0754 2400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:05.0755 2400 WfpLwf - ok
21:26:05.0852 2400 whfltr2k (97d0d27a87622154bc90b92d84fd91b5) C:\Windows\system32\DRIVERS\whfltr2k.sys
21:26:05.0853 2400 whfltr2k - ok
21:26:05.0874 2400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:26:05.0876 2400 WIMMount - ok
21:26:05.0952 2400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:05.0953 2400 WinUsb - ok
21:26:06.0009 2400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:26:06.0010 2400 WmiAcpi - ok
21:26:06.0076 2400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:26:06.0077 2400 ws2ifsl - ok
21:26:06.0105 2400 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:26:06.0106 2400 WSDPrintDevice - ok
21:26:06.0161 2400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:26:06.0163 2400 WudfPf - ok
21:26:06.0192 2400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:06.0195 2400 WUDFRd - ok
21:26:06.0239 2400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:26:06.0262 2400 \Device\Harddisk0\DR0 - ok
21:26:06.0264 2400 Boot (0x1200) (f3c07f66d21afa514ae955056369dd38) \Device\Harddisk0\DR0\Partition0
21:26:06.0265 2400 \Device\Harddisk0\DR0\Partition0 - ok
21:26:06.0275 2400 Boot (0x1200) (936582fd651dd3fbd1b5554a225eaaa0) \Device\Harddisk0\DR0\Partition1
21:26:06.0275 2400 \Device\Harddisk0\DR0\Partition1 - ok
21:26:06.0291 2400 Boot (0x1200) (4139fb40c32137aca3dffa104ee1e22d) \Device\Harddisk0\DR0\Partition2
21:26:06.0291 2400 \Device\Harddisk0\DR0\Partition2 - ok
21:26:06.0291 2400 ============================================================
21:26:06.0291 2400 Scan finished
21:26:06.0291 2400 ============================================================
21:26:06.0291 5820 Detected object count: 3
21:26:06.0291 5820 Actual detected object count: 3
21:26:56.0871 5820 C:\Windows\system32\drivers\afd.sys - copied to quarantine
21:26:56.0871 5820 AFD ( ForgedFile.Multi.Generic ) - User select action: Quarantine
21:26:56.0886 5820 C:\Windows\system32\drivers\SafeBoot.sys - copied to quarantine
21:26:56.0886 5820 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine
21:26:56.0933 5820 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
21:26:56.0933 5820 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
21:28:20.0213 2164 Deinitialize success

=================================================================
 
ComboFix 12-03-10.01 - Daniel 16-03-2012 21:37:35.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3036.2518 [GMT 1:00]
Gestart vanuit: c:\users\Daniel\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
- VERMINDERDE FUNCTIONALITEIT MODUS -
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
Besmet exemplaar van c:\windows\System32\autochk.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
.
c:\windows\system32\drivers\afd.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\netbt.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
c:\windows\system32\drivers\cdrom.sys was verdwenen
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
c:\windows\system32\drivers\tdx.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-16 to 2012-03-16 ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 20:43 . 2011-01-15 20:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-03-16 20:43 . 2011-01-15 19:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-03-16 20:42 . 2011-01-15 19:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-02-22 14:47 . 2011-10-11 14:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:13 . 2010-12-04 04:45 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2010-12-04 04:45 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2010-12-04 04:45 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2010-12-04 03:45 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2010-12-04 03:45 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2010-12-04 03:45 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2010-12-04 03:45 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2010-12-04 03:45 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2011-10-11 14:30 55104 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-10 03:00 . 2011-10-11 14:30 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 03:00 . 2010-12-04 03:45 710976 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-09 19:05 . 2012-02-09 19:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-08 16:18 . 2012-02-08 16:18 3540 ----a-w- C:\STFD490.tmp
2012-02-01 15:57 . 2012-02-01 15:57 3540 ----a-w- C:\STFF476.tmp
2012-02-01 12:41 . 2011-11-11 22:53 973632 ----a-w- c:\windows\system32\nvdispco3220155.dll
2012-02-01 12:41 . 2011-10-11 14:29 877376 ----a-w- c:\windows\system32\nvgenco3220103.dll
2012-01-31 18:17 . 2012-01-31 18:17 3540 ----a-w- C:\STF9B8B.tmp
2012-01-14 03:35 . 2012-02-15 07:04 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58 . 2012-02-15 07:04 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 07:04 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2012-02-09 09:45 141176 ----a-w- c:\program files\ReImageCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}]
2012-02-09 09:44 225656 ----a-w- c:\program files\ReImageCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-10 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2010-04-13 45056]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-11-17 3668480]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-08 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-03-05 256616]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
NETSVCS VEREIST REPARATIES - huidige waarden worden getoond
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
oraclesnmppeermasteragent
Cinemsup
dmusic
AN983
mks_scan
Xponaut_WBD
mrvw245
magictuneengine
MMRTKRNL
QPSched
viagfx
sonypvs1
mod7700
UNDPX2A
e1express
fsaua
btwusb
mnsframework
FiltUSBEMPIA
viairda
netsvc
ASLDRService
sp_rssrv
s217unic
NWSAP
AX88772
clsched
avg7updsvc
DumaNT
incdsrv
ino_flpy
windrvNT
NsTrcNT
pcscnsrv
elnkfwppservice
w550bus
SaiNtSub
NITaggerService
DMICall
phnxvcdservice
pdfcreatormessages
odclientservice
BrSerIf
vnxservice
dnetc
iksyssec
U81xmgmt
zebrceb
atimtag
oracle_load_balancer_60_client-forms6ip9
F700iat
ELkbd
p1110vid
vpctcom
TVALG
swwd
s616obex
EIO_XP
EntDrv51
atitunep
mwlsvc
pinnaclesys.mediaserver
flashcomadmin
T6963C
bmuservice
BrScnUsb
JGOGO
L6POD
messenger
hpci
apache2
gusvc
Cap7134
lxdm_device
HabuFltr
nvidesm
DFUBTUSB
eskerlicensecontrol
FontCache3.0.0.0.
uisp
nsm1mdfl
deltafw
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\OriginInstaller.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\CDCheck.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}]
\shell\AutoRun\command - I:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 19:48]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 19:48]
.
2012-03-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43]
.
2012-03-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
2012-03-11 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 82.139.64.64 82.139.66.66
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{46735dee-f862-49d1-876d-6382794dc625} - (no file)
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
AddRemove-PunkBusterSvc - c:\program files\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2059425759-54560146-3784166824-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ab,95,72,7e,6c,1d,b4,8f,30,31,2d,37,4f,4d,52,7e,6e,7d,df,42,e7,55,ef,
fc,96,98,27,ba,e0,3f,5c,35,60,c6,a0,93,88,25,9b,7c,aa,50,62,ea,27,09,59,f0,\
"??"=hex:5c,6c,41,e4,05,30,f4,0a,11,d2,00,54,2b,e0,09,e5
.
[HKEY_USERS\S-1-5-21-2059425759-54560146-3784166824-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,1e,c6,1a,8c,e1,3d,a0,81,7d,a8,10,f3,76,61,03,6e,1b,98,c7,6e,
65,28,40,1a,3d,d1,61,cd,8f,34,f4,85,63,68,ac,f1,4e,dc,b9,21,06,7a,62,aa,a2,\
"rkeysecu"=hex:06,d8,e4,eb,43,1f,52,14,b0,64,20,13,bc,68,db,cd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.DLL
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
.
- - - - - - - > 'explorer.exe'(5372)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\NVIDIA Corporation\nview\nvshell.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rpcnet.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-03-16 21:47:55 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-16 20:47
.
Pre-Run: 39.796.080.640 bytes beschikbaar
Post-Run: 43.147.554.816 bytes beschikbaar
.
- - End Of File - - 2412528B31B003A4B701214C6D37A3B4
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Daniel :: DANIEL-PC [administrator]

17-3-2012 0:01:34
mbam-log-2012-03-17 (00-01-34).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 384356
Verstreken tijd: 1 uur/uren, 14 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 1
C:\Windows\System32\BRGSp50.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Windows\System32\BRGSp50.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.

(einde)
 
This is your output from a part of Combofix:
Besmet exemplaar van c:\windows\System32\autochk.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
.
c:\windows\system32\drivers\afd.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\netbt.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
c:\windows\system32\drivers\cdrom.sys was verdwenen
Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e0 9675524225\cdrom.sys
.
c:\windows\system32\drivers\tdx.sys was verdwenen
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
------------------------------------
This is a translation: Please format so I can read it:
Copy of c:\windows\System32\autochk.exe contaminates was found and was desinfected Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860 \ autochk.exe. c:\windows\system32\drivers\afd.sys had disappeared Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e \ afd.sys. c:\windows\system32\drivers\netbt.sys had disappeared Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6 \ netbt.sys. c:\windows\system32\drivers\cdrom.sys had disappeared Repaired copy of - c:\windows\System32\DriverStore\FileRepository\cdrom.inf _x86_neutral_6381e0 9675524225 \ cdrom.sys . c:\windows\system32\drivers\tdx.sys had disappeared Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28 \ tdx.sys.
=====================================
Steps to Disable Avast Antivirus
• Right-click "Avast Antivirus" icon on the task bar. The task bar is located on the bottom of your screen.
• Click on “Program Settings” and then
• Click on “Troubleshooting”
• Place a tick next to Disable avast! self-defense module
• Right Click on the Avast icon in the system tray and click “Stop On-Access protection”
• Click "OK" to confirm and save changes
From Avast Support

When the AV is running, it forces the program (Combofix) to run in VERMINDERDE FUNCTIONALITEIT MODUS -
=================================
Daniel, I need these logs in English. If you can run the following in English, please do it:
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Your Dutch isn't that good is it? ;)
Here is the formatted translation:

Copy of c:\windows\System32\autochk.exe contaminates was found and was desinfected
Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860 \ autochk.exe.

c:\windows\system32\drivers\afd.sys had disappeared
Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e \ afd.sys.

c:\windows\system32\drivers\netbt.sys had disappeared
Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6 \ netbt.sys.

c:\windows\system32\drivers\cdrom.sys had disappeared
Repaired copy of - c:\windows\System32\DriverStore\FileRepository\cdrom.inf _x86_neutral_6381e0 9675524225 \ cdrom.sys .

c:\windows\system32\drivers\tdx.sys had disappeared
Repaired copy of - c:\windows\winsxs\x86 _microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28 \ tdx.sys.


Do you want me to run Combofix without AV on, so it doesn't run in VERMINDERDE FUNCTIONALITEIT MODUS?
 
Here are the OTL logs:



OTL logfile created on: 26-3-2012 14:10:43 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Daniel\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,80% Memory free
5,93 Gb Paging File | 4,57 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 21,46 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
Drive D: | 1015,00 Mb Total Space | 987,12 Mb Free Space | 97,25% Space Free | Partition Type: FAT32
Drive E: | 9,00 Gb Total Space | 2,23 Gb Free Space | 24,78% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe (Athena IT Limited)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
PRC - C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)


========== Modules (No Company Name) ==========

MOD - C:\Users\Daniel\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\858316efc815bdff25c4fc66a0d80448\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\554211ea9870563ab6a2544faa234d48\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d1a4e5284f73c0426fdbe8fa4dea3db\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\859f6bb004636fbd0a0e390002aa993c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\acabbdbe75352f8e60be98a285da9f67\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ba14959449e5c27d9c9f593c55cd7ccf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\84b2d318cdd18d46edd3afb78e7e6ddd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d03a9a44a9482c0932beb1e3eabb11c3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\54ad69352f06b426ec621752b0a7bc8a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\569b4aaba7843810942abc04dfa400e4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\483ca92d1c432c2ab4f45bcdca10e591\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\245a2d9be605b96e0f1a0ef79ae3a28b\System.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservicePS.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_nl_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()


========== Win32 Services (SafeList) ==========

SRV - (zebrceb) -- %systemroot%\system32\SiSRaid.dll File not found
SRV - (Xponaut_WBD) -- %systemroot%\system32\ROB_A.dll File not found
SRV - (windrvNT) -- %systemroot%\system32\wwnetdde.dll File not found
SRV - (w550bus) -- %systemroot%\system32\genmcmn.dll File not found
SRV - (vpctcom) -- %systemroot%\system32\NxSysMon.dll File not found
SRV - (vnxservice) -- %systemroot%\system32\protectedstorage.dll File not found
SRV - (viairda) -- %systemroot%\system32\avfilter.dll File not found
SRV - (viagfx) -- %systemroot%\system32\PTproct.dll File not found
SRV - (UNDPX2A) -- %systemroot%\system32\ZSMC303.dll File not found
SRV - (uisp) -- %systemroot%\system32\epstnt01.dll File not found
SRV - (U81xmgmt) -- %systemroot%\system32\sr_service.dll File not found
SRV - (TVALG) -- %systemroot%\system32\NetMsmqActivator.dll File not found
SRV - (T6963C) -- %systemroot%\system32\db2licd.dll File not found
SRV - (swwd) -- %systemroot%\system32\ntcharge.dll File not found
SRV - (sp_rssrv) -- %systemroot%\system32\elotouchscreen.dll File not found
SRV - (sonypvs1) -- %systemroot%\system32\cvintdrv.dll File not found
SRV - (SaiNtSub) -- %systemroot%\system32\DMICall.dll File not found
SRV - (s616obex) -- %systemroot%\system32\cacheserver.dll File not found
SRV - (s217unic) -- %systemroot%\system32\MRESP50a64.dll File not found
SRV - (radiosvr) -- %systemroot%\system32\FlexBios.dll File not found
SRV - (QPSched) -- %systemroot%\system32\sfusvc.dll File not found
SRV - (pinnaclesys.mediaserver) -- %systemroot%\system32\epsonbidirectionalagent.dll File not found
SRV - (phnxvcdservice) -- %systemroot%\system32\trufos.dll File not found
SRV - (pdfcreatormessages) -- %systemroot%\system32\w810mdfl.dll File not found
SRV - (pcscnsrv) -- %systemroot%\system32\radiosvr.dll File not found
SRV - (p1110vid) -- %systemroot%\system32\wps.dll File not found
SRV - (oraclesnmppeermasteragent) -- %systemroot%\system32\purgeieservice.dll File not found
SRV - (oracle_load_balancer_60_client-forms6ip9) -- %systemroot%\system32\SbieDrv.dll File not found
SRV - (odclientservice) -- %systemroot%\system32\BRGSp50.dll File not found
SRV - (NWSAP) -- %systemroot%\system32\prepdrvr.dll File not found
SRV - (nvidesm) -- %systemroot%\system32\vzcdbsvc.dll File not found
SRV - (NsTrcNT) -- %systemroot%\system32\cmpci.dll File not found
SRV - (nsm1mdfl) -- %systemroot%\system32\pchost.dll File not found
SRV - (NITaggerService) -- %systemroot%\system32\ca-messagequeuing.dll File not found
SRV - (netsvc) -- %systemroot%\system32\prodrv06.dll File not found
SRV - (mwlsvc) -- %systemroot%\system32\se27nd5.dll File not found
SRV - (mrvw245) -- %systemroot%\system32\rdpcdd.dll File not found
SRV - (mod7700) -- %systemroot%\system32\sfman.dll File not found
SRV - (mnsframework) -- %systemroot%\system32\LUsbKbd.dll File not found
SRV - (MMRTKRNL) -- %systemroot%\system32\carboncopy32.dll File not found
SRV - (mks_scan) -- %systemroot%\system32\zpmysql.dll File not found
SRV - (magictuneengine) -- %systemroot%\system32\scdemu.dll File not found
SRV - (lxdm_device) -- %systemroot%\system32\pfc.dll File not found
SRV - (L6POD) -- %systemroot%\system32\anio.dll File not found
SRV - (JGOGO) -- %systemroot%\system32\vcommmgr.dll File not found
SRV - (ino_flpy) -- %systemroot%\system32\usbsermptxp.dll File not found
SRV - (incdsrv) -- %systemroot%\system32\w39n51.dll File not found
SRV - (iksyssec) -- %systemroot%\system32\SWNC5E00.dll File not found
SRV - (httpfilter) -- %systemroot%\system32\TMBUS.dll File not found
SRV - (hpci) -- %systemroot%\system32\se45bus.dll File not found
SRV - (HabuFltr) -- %systemroot%\system32\mr2kserv.dll File not found
SRV - (gusvc) -- %systemroot%\system32\fsaua.dll File not found
SRV - (fsaua) -- %systemroot%\system32\MSCamSvc.dll File not found
SRV - (FontCache3.0.0.0.) -- %systemroot%\system32\ncupdatesvc.dll File not found
SRV - (flashcomadmin) -- %systemroot%\system32\clcapsvc.dll File not found
SRV - (FiltUSBEMPIA) -- %systemroot%\system32\wandrv.dll File not found
SRV - (F700iat) -- %systemroot%\system32\netdevio.dll File not found
SRV - (eskerlicensecontrol) -- %systemroot%\system32\WDM_YAMAHAAC97.dll File not found
SRV - (EntDrv51) -- %systemroot%\system32\amdk77.dll File not found
SRV - (elnkfwppservice) -- %systemroot%\system32\wacommousefilter.dll File not found
SRV - (ELkbd) -- %systemroot%\system32\symantecantibotfilter.dll File not found
SRV - (EIO_XP) -- %systemroot%\system32\ATIVXSTW.dll File not found
SRV - (eelsservice) -- %systemroot%\system32\orbmediaservice.dll File not found
SRV - (e1express) -- %systemroot%\system32\edspport.dll File not found
SRV - (DumaNT) -- %systemroot%\system32\clisvc.dll File not found
SRV - (dnetc) -- %systemroot%\system32\ccispwdsvc.dll File not found
SRV - (DMICall) -- %systemroot%\system32\ntcharge.dll File not found
SRV - (DFUBTUSB) -- %systemroot%\system32\sigfilt.dll File not found
SRV - (deltafw) -- %systemroot%\system32\MREMP50.dll File not found
SRV - (clsched) -- %systemroot%\system32\regservice.dll File not found
SRV - (Cinemsup) -- %systemroot%\system32\iastor.dll File not found
SRV - (Cap7134) -- %systemroot%\system32\rt73.dll File not found
SRV - (btwusb) -- %systemroot%\system32\Anydlc.dll File not found
SRV - (BrSerIf) -- %systemroot%\system32\SE2Bmgmt.dll File not found
SRV - (BrScnUsb) -- %systemroot%\system32\dmisrv.dll File not found
SRV - (bmuservice) -- %systemroot%\system32\icdsptsv.dll File not found
SRV - (AX88772) -- %systemroot%\system32\sit_bus.dll File not found
SRV - (avg7updsvc) -- %systemroot%\system32\U2SP.dll File not found
SRV - (atitunep) -- %systemroot%\system32\nnsvc.dll File not found
SRV - (atimtag) -- %systemroot%\system32\epstnt01.dll File not found
SRV - (ASLDRService) -- %systemroot%\system32\bc_ngn.dll File not found
SRV - (apache2) -- %systemroot%\system32\cportclm.dll File not found
SRV - (AN983) -- %systemroot%\system32\lightscribeservice.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (FileZilla Server) -- C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ASBroker) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Daniel\AppData\Local\Temp\catchme.sys File not found
DRV - (ADIHdAudAddService) -- system32\drivers\ADIHdAud.sys File not found
DRV - (a56dqoi5) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (cpuz134) -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (SbAlg) -- C:\Windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\Windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\Windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\Windows\System32\drivers\SafeBoot.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (RICOH SmartCard Reader) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKLM\..\SearchScopes,DefaultScope = {463950B9-F6CC-4D35-AA66-750719C153DF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{13ED4B41-E671-4570-904A-C91B8F770C57}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKLM\..\SearchScopes\{463950B9-F6CC-4D35-AA66-750719C153DF}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKLM\..\SearchScopes\{5FAC5ECD-E5CF-4D36-887C-68066B3B6F86}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 10 85 1B ED B4 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{13ED4B41-E671-4570-904A-C91B8F770C57}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKCU\..\SearchScopes\{463950B9-F6CC-4D35-AA66-750719C153DF}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKCU\..\SearchScopes\{55C1D1F0-1680-44F8-AEF5-3600D2E47BF1}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{5FAC5ECD-E5CF-4D36-887C-68066B3B6F86}: "URL" = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

[2011-11-09 22:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2011-11-09 22:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Vivienne Westwood = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0\
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: ReImage Browser Helper = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\
CHR - Extension: avast! WebRep = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-03-17 00:44:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files\ReImageCompanion\jsloader.dll (ReImage)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.64.64 82.139.66.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D118C8FB-642F-4477-952D-A4BAEF5FF7E6}: DhcpNameServer = 82.139.64.64 82.139.66.66
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll (reimage)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}\Shell - "" = AutoRun
O33 - MountPoints2\{ab74ac9d-3385-11e0-af57-0025b3bf5118}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\OriginInstaller.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\CDCheck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: oraclesnmppeermasteragent - %systemroot%\system32\purgeieservice.dll File not found
NetSvcs: Cinemsup - %systemroot%\system32\iastor.dll File not found
NetSvcs: dmusic - C:\Windows\System32\dmusic.dll (Microsoft Corporation)
NetSvcs: AN983 - %systemroot%\system32\lightscribeservice.dll File not found
NetSvcs: mks_scan - %systemroot%\system32\zpmysql.dll File not found
NetSvcs: Xponaut_WBD - %systemroot%\system32\ROB_A.dll File not found
NetSvcs: mrvw245 - %systemroot%\system32\rdpcdd.dll File not found
NetSvcs: magictuneengine - %systemroot%\system32\scdemu.dll File not found
NetSvcs: MMRTKRNL - %systemroot%\system32\carboncopy32.dll File not found
NetSvcs: QPSched - %systemroot%\system32\sfusvc.dll File not found
NetSvcs: viagfx - %systemroot%\system32\PTproct.dll File not found
NetSvcs: sonypvs1 - %systemroot%\system32\cvintdrv.dll File not found
NetSvcs: mod7700 - %systemroot%\system32\sfman.dll File not found
NetSvcs: UNDPX2A - %systemroot%\system32\ZSMC303.dll File not found
NetSvcs: e1express - %systemroot%\system32\edspport.dll File not found
NetSvcs: fsaua - %systemroot%\system32\MSCamSvc.dll File not found
NetSvcs: btwusb - %systemroot%\system32\Anydlc.dll File not found
NetSvcs: mnsframework - %systemroot%\system32\LUsbKbd.dll File not found
NetSvcs: FiltUSBEMPIA - %systemroot%\system32\wandrv.dll File not found
NetSvcs: viairda - %systemroot%\system32\avfilter.dll File not found
NetSvcs: netsvc - %systemroot%\system32\prodrv06.dll File not found
NetSvcs: ASLDRService - %systemroot%\system32\bc_ngn.dll File not found
NetSvcs: sp_rssrv - %systemroot%\system32\elotouchscreen.dll File not found
NetSvcs: s217unic - %systemroot%\system32\MRESP50a64.dll File not found
NetSvcs: NWSAP - %systemroot%\system32\prepdrvr.dll File not found
NetSvcs: AX88772 - %systemroot%\system32\sit_bus.dll File not found
NetSvcs: clsched - %systemroot%\system32\regservice.dll File not found
NetSvcs: avg7updsvc - %systemroot%\system32\U2SP.dll File not found
NetSvcs: DumaNT - %systemroot%\system32\clisvc.dll File not found
NetSvcs: incdsrv - %systemroot%\system32\w39n51.dll File not found
NetSvcs: ino_flpy - %systemroot%\system32\usbsermptxp.dll File not found
NetSvcs: windrvNT - %systemroot%\system32\wwnetdde.dll File not found
NetSvcs: NsTrcNT - %systemroot%\system32\cmpci.dll File not found
NetSvcs: pcscnsrv - %systemroot%\system32\radiosvr.dll File not found
NetSvcs: elnkfwppservice - %systemroot%\system32\wacommousefilter.dll File not found
NetSvcs: w550bus - %systemroot%\system32\genmcmn.dll File not found
NetSvcs: SaiNtSub - %systemroot%\system32\DMICall.dll File not found
NetSvcs: NITaggerService - %systemroot%\system32\ca-messagequeuing.dll File not found
NetSvcs: DMICall - %systemroot%\system32\ntcharge.dll File not found
NetSvcs: phnxvcdservice - %systemroot%\system32\trufos.dll File not found
NetSvcs: pdfcreatormessages - %systemroot%\system32\w810mdfl.dll File not found
NetSvcs: odclientservice - %systemroot%\system32\BRGSp50.dll File not found
NetSvcs: BrSerIf - %systemroot%\system32\SE2Bmgmt.dll File not found
NetSvcs: vnxservice - %systemroot%\system32\protectedstorage.dll File not found
NetSvcs: dnetc - %systemroot%\system32\ccispwdsvc.dll File not found
NetSvcs: iksyssec - %systemroot%\system32\SWNC5E00.dll File not found
NetSvcs: U81xmgmt - %systemroot%\system32\sr_service.dll File not found
NetSvcs: zebrceb - %systemroot%\system32\SiSRaid.dll File not found
NetSvcs: atimtag - %systemroot%\system32\epstnt01.dll File not found
NetSvcs: oracle_load_balancer_60_client-forms6ip9 - %systemroot%\system32\SbieDrv.dll File not found
NetSvcs: F700iat - %systemroot%\system32\netdevio.dll File not found
NetSvcs: ELkbd - %systemroot%\system32\symantecantibotfilter.dll File not found
NetSvcs: p1110vid - %systemroot%\system32\wps.dll File not found
NetSvcs: vpctcom - %systemroot%\system32\NxSysMon.dll File not found
NetSvcs: TVALG - %systemroot%\system32\NetMsmqActivator.dll File not found
NetSvcs: swwd - %systemroot%\system32\ntcharge.dll File not found
NetSvcs: s616obex - %systemroot%\system32\cacheserver.dll File not found
NetSvcs: EIO_XP - %systemroot%\system32\ATIVXSTW.dll File not found
NetSvcs: EntDrv51 - %systemroot%\system32\amdk77.dll File not found
NetSvcs: atitunep - %systemroot%\system32\nnsvc.dll File not found
NetSvcs: mwlsvc - %systemroot%\system32\se27nd5.dll File not found
NetSvcs: pinnaclesys.mediaserver - %systemroot%\system32\epsonbidirectionalagent.dll File not found
NetSvcs: flashcomadmin - %systemroot%\system32\clcapsvc.dll File not found
NetSvcs: T6963C - %systemroot%\system32\db2licd.dll File not found
NetSvcs: bmuservice - %systemroot%\system32\icdsptsv.dll File not found
NetSvcs: BrScnUsb - %systemroot%\system32\dmisrv.dll File not found
NetSvcs: JGOGO - %systemroot%\system32\vcommmgr.dll File not found
NetSvcs: L6POD - %systemroot%\system32\anio.dll File not found
NetSvcs: messenger - File not found
NetSvcs: hpci - %systemroot%\system32\se45bus.dll File not found
NetSvcs: apache2 - %systemroot%\system32\cportclm.dll File not found
NetSvcs: gusvc - %systemroot%\system32\fsaua.dll File not found
NetSvcs: Cap7134 - %systemroot%\system32\rt73.dll File not found
NetSvcs: lxdm_device - %systemroot%\system32\pfc.dll File not found
NetSvcs: HabuFltr - %systemroot%\system32\mr2kserv.dll File not found
NetSvcs: nvidesm - %systemroot%\system32\vzcdbsvc.dll File not found
NetSvcs: DFUBTUSB - %systemroot%\system32\sigfilt.dll File not found
NetSvcs: eskerlicensecontrol - %systemroot%\system32\WDM_YAMAHAAC97.dll File not found
NetSvcs: FontCache3.0.0.0. - %systemroot%\system32\ncupdatesvc.dll File not found
NetSvcs: uisp - %systemroot%\system32\epstnt01.dll File not found
NetSvcs: nsm1mdfl - %systemroot%\system32\pchost.dll File not found
NetSvcs: deltafw - %systemroot%\system32\MREMP50.dll File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-03-26 13:09:48 | 000,000,000 | ---D | C] -- C:\50fa0ef34f9ef12aaf
[2012-03-25 11:48:45 | 000,000,000 | ---D | C] -- C:\9c145430caf831c9817f06c706
[2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012-03-24 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012-03-24 13:15:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-03-24 11:56:17 | 000,000,000 | ---D | C] -- C:\e4da17c275171bb8acade5d1a5
[2012-03-22 12:06:20 | 000,000,000 | ---D | C] -- C:\ea8b7a053f0a96b631e99f
[2012-03-20 13:28:21 | 000,000,000 | ---D | C] -- C:\089ffb56246d48b065
[2012-03-17 00:48:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-17 00:42:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-03-17 00:42:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\temp
[2012-03-17 00:38:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-03-10 12:40:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-10 12:40:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-10 12:40:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-10 12:40:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-10 12:39:41 | 004,432,970 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2012-03-09 23:07:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-09 22:47:20 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012-03-09 22:47:20 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012-03-09 22:47:20 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012-03-09 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012-03-09 22:47:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012-03-09 22:47:19 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012-03-09 22:47:19 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012-03-09 22:46:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-09 22:46:22 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012-03-09 22:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012-03-09 22:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012-03-09 22:34:08 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Daniel\Desktop\AppRemover.exe
[2012-03-09 22:28:51 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\TDSSKiller.exe
[2012-03-09 22:26:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-03-08 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 3
[2012-03-08 15:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XoftSpySE
[2012-03-08 15:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012-03-08 15:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012-03-08 15:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012-03-08 15:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2012-03-08 15:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2012-03-08 15:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012-03-08 15:03:51 | 000,000,000 | ---D | C] -- C:\rei
[2012-03-08 15:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012-03-08 15:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
[2012-03-08 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012-03-08 14:59:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-03-08 14:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-03-07 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012-03-07 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-07 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-07 19:46:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-03-07 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-03-04 14:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2012-03-04 14:34:54 | 000,000,000 | ---D | C] -- C:\BDS
[2012-03-03 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Darksiders
[2012-02-27 14:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-02-27 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-02-27 14:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-26 13:22:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000UA.job
[2012-03-26 13:21:31 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059425759-54560146-3784166824-1000Core.job
[2012-03-26 13:09:23 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012-03-26 13:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012-03-25 11:49:37 | 000,780,998 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-03-25 11:49:37 | 000,682,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-03-25 11:49:37 | 000,164,654 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-03-25 11:49:37 | 000,129,880 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-25 11:47:06 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2012-03-23 19:50:12 | 000,002,403 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2012-03-20 20:51:47 | 000,001,493 | ---- | M] () -- C:\Users\Daniel\Desktop\Wow - Snelkoppeling.lnk
[2012-03-20 13:28:05 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012-03-19 13:35:05 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-19 13:35:05 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-19 13:27:43 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012-03-19 13:27:27 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-17 00:44:52 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012-03-17 00:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-03-17 00:44:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012-03-10 12:39:49 | 004,432,970 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2012-03-09 22:47:20 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-03-09 22:47:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-03-09 22:34:47 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Daniel\Desktop\AppRemover.exe
[2012-03-09 22:28:38 | 002,044,980 | ---- | M] () -- C:\Users\Daniel\Desktop\tdsskiller.zip
[2012-03-09 18:24:28 | 000,186,170 | ---- | M] () -- C:\Users\Daniel\Desktop\Printscreen.png
[2012-03-08 18:34:19 | 000,001,743 | ---- | M] () -- C:\Users\Daniel\Desktop\MassEffect3 - Snelkoppeling.lnk
[2012-03-08 15:11:39 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2012-03-08 15:04:40 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012-03-08 15:03:52 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012-03-08 14:59:46 | 000,002,244 | ---- | M] () -- C:\Users\Daniel\Desktop\SpyHunter.lnk
[2012-03-07 19:46:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012-03-07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012-03-07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012-03-07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012-03-07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012-03-07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012-03-07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012-03-06 19:07:32 | 000,334,896 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-03-05 12:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\TDSSKiller.exe
[2012-03-04 14:51:20 | 000,002,013 | ---- | M] () -- C:\Users\Daniel\Desktop\Borderlands - Snelkoppeling.lnk
[2012-02-27 14:58:52 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-20 20:51:47 | 000,001,493 | ---- | C] () -- C:\Users\Daniel\Desktop\Wow - Snelkoppeling.lnk
[2012-03-17 00:44:20 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012-03-10 12:40:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-10 12:40:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-10 12:40:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-10 12:40:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-10 12:40:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-09 22:47:20 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-03-09 22:28:47 | 002,044,980 | ---- | C] () -- C:\Users\Daniel\Desktop\tdsskiller.zip
[2012-03-09 18:24:28 | 000,186,170 | ---- | C] () -- C:\Users\Daniel\Desktop\Printscreen.png
[2012-03-08 18:34:19 | 000,001,743 | ---- | C] () -- C:\Users\Daniel\Desktop\MassEffect3 - Snelkoppeling.lnk
[2012-03-08 15:12:21 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012-03-08 15:11:39 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2012-03-08 15:11:38 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012-03-08 15:11:35 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2012-03-08 15:04:24 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012-03-08 15:03:52 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012-03-08 14:59:46 | 000,002,244 | ---- | C] () -- C:\Users\Daniel\Desktop\SpyHunter.lnk
[2012-03-07 19:46:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:51:20 | 000,002,013 | ---- | C] () -- C:\Users\Daniel\Desktop\Borderlands - Snelkoppeling.lnk
[2012-02-27 14:58:52 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-02-09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011-12-22 16:44:24 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011-11-29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-10-26 13:04:27 | 000,023,040 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-10-22 20:02:28 | 000,002,544 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011-10-22 20:02:28 | 000,001,248 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011-10-14 20:50:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ccff.isl
[2011-09-16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-09-16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-09-16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-09-16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-09-13 13:27:41 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011-09-13 13:27:18 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011-09-08 23:07:11 | 000,000,810 | ---- | C] () -- C:\Windows\eReg.dat
[2011-09-05 15:04:51 | 000,000,132 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011-06-11 23:25:03 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2011-05-25 02:21:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-04-06 22:52:35 | 000,000,600 | ---- | C] () -- C:\Users\Daniel\AppData\Local\PUTTY.RND
[2011-02-09 21:32:30 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011-02-08 15:41:40 | 000,000,291 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011-01-23 14:36:03 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-01-23 14:36:03 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
[2011-01-23 14:35:35 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-01-23 14:35:33 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-01-23 14:35:27 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011-01-15 21:18:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011-01-15 21:17:35 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2011-01-14 20:56:51 | 001,810,992 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011-01-14 20:56:51 | 000,195,120 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011-01-14 20:56:51 | 000,034,096 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011-01-14 20:56:51 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011-01-14 20:56:51 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2011-01-15 23:45:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AVG
[2012-02-22 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DarknessII
[2011-11-24 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2012-02-06 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EurekaLog
[2012-02-13 18:12:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
[2011-09-18 15:54:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Glory of the Roman Empire
[2011-02-17 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HLSW
[2011-12-11 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient
[2011-02-17 23:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\inkscape
[2011-08-15 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
[2011-11-09 22:53:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire
[2011-12-29 01:06:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire Music
[2011-12-29 01:10:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MusicNet
[2011-10-26 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\My Games
[2011-08-05 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PunkBuster
[2011-12-30 17:53:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Samsung
[2011-05-24 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
[2012-01-18 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sports Interactive
[2011-10-06 19:56:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly
[2011-09-18 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011-04-07 12:47:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012-03-26 13:10:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
[2011-12-11 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XnView
[2012-03-25 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012-03-20 13:28:05 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012-03-17 14:18:14 | 000,032,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012-01-13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
 
OTL Extras logfile created on: 26-3-2012 14:10:43 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Daniel\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,80% Memory free
5,93 Gb Paging File | 4,57 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 21,46 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
Drive D: | 1015,00 Mb Total Space | 987,12 Mb Free Space | 97,25% Space Free | Partition Type: FAT32
Drive E: | 9,00 Gb Total Space | 2,23 Gb Free Space | 24,78% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{5D0F1D39-F353-42DD-B6A3-B947500E246B}" = HP ProtectTools Security Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{77819F21-42FA-4523-A40D-3EAC892B27F0}" = Google SketchUp 8
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{805FF8E4-2CC8-4981-8DD6-1EDF5A30F6CF}" = YouTube Downloader Toolbar v5.1
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7BD6EE-C597-4375-B07F-A91FC78991C7}" = V-Ray for SketchUp 6
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPRO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PRJPRO_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PRJPRO_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PRJPRO_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2010
"{90140000-00B4-0413-0000-0000000FF1CE}_Office14.PRJPRO_{E5AF66CE-C66D-49AD-A064-842D407E2B18}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EB1870B-333F-4310-A187-617C86E3473D}" = Drive Encryption for HP ProtectTools
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A88C35D3-A24A-4B10-9B78-E7409887A28D}" = HP ESU for Microsoft Windows 7
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Nederlands
"{AE33C672-86DD-4AEE-B7E7-8FC4B40D9B64}" = Etude Afname Systeem 3.6.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision stuurprogramma 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision controllerstuurprogramma 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15867-DMP" = Devices and Printers icon for Trust 15867
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chit Chat For Facebook_is1" = Chit Chat For Facebook 1.435
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Darkness II_is1" = Darkness II
"FileZilla Client" = FileZilla Client 3.5.1
"FileZilla Server" = FileZilla Server (remove only)
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"LSI Soft Modem" = LSI HDA Modem
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MS Access 97 SP2" = MS Access 97 SP2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PowerISO" = PowerISO
"Reimage Repair" = Reimage Repair
"ReImageCompanion" = ReImageCompanion
"Rockstar Games Social Club" = Rockstar Games Social Club
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"SopCast" = SopCast 3.4.0
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8-10-2011 0:04:06 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 9-10-2011 7:33:58 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 10-10-2011 8:51:04 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: hl2.exe, versie: 0.0.0.0, tijdstempel:
0x470c11ae Naam van module met fout: gameui.dll_unloaded, versie: 0.0.0.0, tijdstempel:
0x470aa055 Uitzonderingscode: 0xc0000005 Foutoffset: 0x1c5fcf57 Id van proces met
fout: 0xc28 Starttijd van toepassing met fout: 0x01cc8746e256f810 Pad naar toepassing
met fout: C:\Users\Daniel\Downloads\Half-Life 2 The Orange Box [Krayzie-N-Bone]\Portal\Portal\hl2.exe
Pad
naar module met fout: gameui.dll Rapport-id: 83038b38-f33e-11e0-8dca-00247e8b8740

Error - 10-10-2011 11:46:25 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
Description = Kan activeringscontext voor 'C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel 3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
van kenmerk version in element assemblyIdentity is ongeldig.

Error - 11-10-2011 9:30:04 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: steam.exe, versie: 1.0.1065.11, tijdstempel:
0x4d9b89de Naam van module met fout: ntdll.dll, versie: 6.1.7601.17514, tijdstempel:
0x4ce7b96e Uitzonderingscode: 0xc0000005 Foutoffset: 0x00032239 Id van proces met
fout: 0x1004 Starttijd van toepassing met fout: 0x01cc880f6fcaa68d Pad naar toepassing
met fout: C:\Program Files\Steam\steam.exe Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
202eb3e7-f40d-11e0-9380-00247e8b8740

Error - 11-10-2011 10:30:45 | Computer Name = Daniel-PC | Source = VSS | ID = 8194
Description =

Error - 11-10-2011 17:08:33 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 11-10-2011 17:08:33 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 12-10-2011 8:12:49 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Rage.exe, versie: 1.0.27.6901, tijdstempel:
0x4e89e183 Naam van module met fout: Rage.exe, versie: 1.0.27.6901, tijdstempel:
0x4e89e183 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00108468 Id van proces met
fout: 0x1714 Starttijd van toepassing met fout: 0x01cc88cc89f87052 Pad naar toepassing
met fout: C:\Program Files\Bethesda Softworks\Rage\Rage.exe Pad naar module met
fout: C:\Program Files\Bethesda Softworks\Rage\Rage.exe Rapport-id: 80150512-f4cb-11e0-8c36-00247e8b8740

Error - 13-10-2011 12:59:44 | Computer Name = Daniel-PC | Source = VSS | ID = 8194
Description =

[ Credential Manager Events ]
Error - 8-9-2011 10:53:47 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 8-9-2011 10:53:47 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 8-9-2011 10:53:50 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 8-9-2011 10:53:50 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 29-10-2011 14:59:12 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 29-10-2011 14:59:12 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 22-1-2012 7:11:01 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 22-1-2012 7:11:01 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 23-3-2012 13:48:38 | Computer Name = Daniel-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Daniel@DANIEL-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 23-3-2012 13:48:38 | Computer Name = Daniel-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Daniel@DANIEL-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

[ System Events ]
Error - 20-3-2012 7:29:01 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 21-3-2012 5:00:14 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 21-3-2012 18:16:27 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: XoftSpyService.

Error - 22-3-2012 6:07:05 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 23-3-2012 7:16:32 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 23-3-2012 13:48:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: ShellHWDetection.

Error - 23-3-2012 13:48:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (60000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: XoftSpyService.

Error - 24-3-2012 5:57:31 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 25-3-2012 5:49:12 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.

Error - 26-3-2012 7:10:40 | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0x80070643: KB2600217: Update voor Microsoft .NET Framework 4 op Windows
XP, Windows Server 2003, Windows Vista, Windows 7 en Windows Server 2008 x86.


< End of report >

I couldn't find a way to get this in English, so if you need a translation somewere, ask it.
 
Translations online leave a lot to be desired!

Do you want me to run Combofix without AV on

Please read directions carefully: Combofix directions:
Before you run the Combofix scan, please disable any security software you have running.
Close/disable all anti virus and anti malware programs

You had to remove AVG because the program left no way to completely disable it for scans. The temporary AV is to protect you between scans. But you still have to follow directions to disable the security.

I will not be responsible for entries in Dutch. I don't have time to translate and as you saw, translation leaves a lot to be desired.
 
Sorry, but what do you mean with translations online leave a lot to be desired? Do you want more translations from me? Are my translations incomplete? Because this is a correct translation of what you quoted.

Also sorry, what I meant was: Do I have to run Combofix a second time?
Since the AV was turned off when I started the scan. When my computer restarted, so did the AV.
 
My comment about translations was not meant as a criticism- but a fact. The translations are literal, not allowing for any idioms in a language. Therefore the actual meaning of an entry can be skewed. Although this is a global board, my language is English. While there is no problem if a heading of a section is in another language, that does not matter because I know the template or section headings. But I have to be able to read the file or process name.

But when the content of an entry is in Dutch, I either have to translate it online, which as mentioned has it's limitations, or go back to you to translate. There were several infected system files that were replaced by Combofix. But since the scan was run in the reduced functionality, I would like you to disable the temporary AV and repeat the Combofix scan.

Since you have Combofix already on the desktop, you can rerun the scan while disconnected from the internet if you wish.

I will be giving you some script to run through Combofix and/or OTL or possibly both to remove bad entries.
=========================================
Please locate and disable this process:
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
There are system errors occurring for User: Daniel@DANIEL-PC Credentials
The system could not log you on
The system failed to authenticate the submitted user credentials
I think the HP program could be responsible.
==================
Please uninstall all of the following:SearchScopes has everything set to use the phpnuke site I asked you about:
1. XoftSpySE> from Parentlogic>very checkered history in rogue programs
2. Spyhunter> from Enigma Software Group> Fails all Site Advisor categories.
3. Parentologic> Fails Site Advisor categories #2 & 3 below, Cautions #1 & 4.
4.SearchScopes
-----------------------------------
WOT Search Advisor rates the following categories:
1. Trustworthiness
2. Vendor Reliability
3. Privacy
4. Child Safety
When finished uninstalling, use Windows Explorer to access Computer> Local Drive(C)> Programs> find the program folder for each and do a right click> Delete.

I will recommend security for you later. I will include a Site Advisor also so when you see a site rated as 'red' you will know not to use it.
======================
Reimage is an online computer repair tool that will automatically fix Windows by replacing corrupt files. You have been using this during the cleaning. This appears to be basically a registry cleaner. We do no recommend this to anyone. Any small benefits you may get from a registry cleaner-if any- are far outweighed by the risk to the system. You can get a free scan, then have to purchase.
====================
All of the above have been running while I have been helping you.
=======================
P2P or 'file sharing' Warning:
Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Ares and uTorrent for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
 
Just a quick notion, so the thread doesn't get closed. I'm quite busy this and next week, so I will get to these things in about 2 weeks.

I get that you have a hard time with the Dutch entries. Thanks for atleast taking your time and trying it.
 
I'm going to go ahead and close this thread for now. If the problems persist when you return, please send a PM to me or Broni. Since it will be 2 weeks or so, you will need to repeat the original scans.
 
Back