Inactive Win 32 malware-gen problems

J

JDK88

Posts: 13   +0
I think a got a Win32 Malware-Gen on my PC.

after my pc didn't want to start up I downloaded avast! in the safe modus (Which I'm currently in). after a full scan it told me something about Win32 Malware-gen. I deleted the file in the hope it would help but it didnt.

Everytime I start my pc in the regular mode, I need to log in. After that it freezes when I try to click on something.

Hopefully someone has an answers to my problem:)
Thanks in advance,

JDK88
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Job der Kinderen :: JOBDERKINDEREN [administrator]

Protection: Disabled

18/06/2012 22:24:45
mbam-log-2012-06-18 (22-24-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266688
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
  • Like
Reactions: JDK88
I downloaded alvast! and did the scan, second I did the Malwarebytes. here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Job der Kinderen :: JOBDERKINDEREN [administrator]

24/06/2012 15:18:45
mbam-log-2012-06-24 (15-18-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268605
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-26 10:21:58
Windows 6.1.7601 Service Pack 1
Running: 9o0hmksn.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x44 0x85 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x85 0xF2 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0x84 0x1E 0xE5 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS816CA.log 1048576 bytes

---- EOF - GMER 1.0.15 ----
 
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Job der Kinderen at 10:55:32 on 2012-06-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3963.3258 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [Facebook Update] "C:\Users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] C:\Users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ThreatFire] C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe
StartupFolder: C:\Users\JOBDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Job der Kinderen\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{291712B0-5C29-4A10-B733-CFBE89962186} : DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [ThreatFire] C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Users\Job der Kinderen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Job der Kinderen\AppData\Local\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-18 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-10-1 68136]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-8 135664]
S2 MBAMService;MBAMService;C:\Users\Job der Kinderen\Desktop\Cleaning\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-13 2214504]
S2 SBSDWSCService;SBSD Security Center Service;C:\Users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\SDWinSec.exe [2012-6-19 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-10-1 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-20 378984]
S2 ThreatFire;ThreatFire;C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service --> C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service [?]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-1 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-22 257696]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-1 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-8 1315592]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-8 135664]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-1 30528]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-26 08:40:15 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82827488-20D5-40EB-8A09-21BB7D7E2A8A}\mpengine.dll
2012-06-26 08:30:54 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D672AFF4-4337-407E-926D-0A99B1EEE53C}
2012-06-26 08:29:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EF40F944-B46C-45E5-A293-11DCC1EA2DCC}
2012-06-26 07:53:07 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{AB14867C-8B7E-4DDB-927E-8409FAB8DAC8}
2012-06-26 07:52:52 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C0CD00A8-8E72-4CF1-9C14-81E48BC1A990}
2012-06-25 17:40:53 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D4889851-82D4-4DAE-B21B-EB0D0CA1C694}
2012-06-25 17:40:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D90B9709-BCD9-4D23-A3FB-ABDAAD595471}
2012-06-25 17:25:22 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D64EEF56-A8A6-4BE9-AB20-1AF9226C3FDB}
2012-06-25 17:25:10 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B863EFB1-B8B8-4698-8271-BDC85D8C30BF}
2012-06-25 14:31:18 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{CB337A44-853A-4FED-A074-F540FCFBA86F}
2012-06-25 14:31:06 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{4C8F61A2-B8CA-475D-B350-83F7004DB5B7}
2012-06-25 05:55:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EA1A12DD-0507-46FF-A2D6-37DF5C02D2D4}
2012-06-25 05:55:00 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{2506B82E-0900-420A-AC4F-36572C75BD2C}
2012-06-24 09:36:24 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9C07E09C-FDB2-44BB-9449-383DAF69987C}
2012-06-24 07:30:52 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1B7099A8-A706-44F0-B70D-5716454A0742}
2012-06-24 07:30:40 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7C807792-E340-42F9-818B-0278E3B8EE17}
2012-06-24 07:19:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{72D61257-CDDC-4FBE-AEAC-4893B0470221}
2012-06-24 07:19:17 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FAD23B71-D75C-4220-A1ED-0E97C6FA69DF}
2012-06-24 06:11:15 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{4CADD0B8-A9CD-4A57-A673-C0DF4979EAF2}
2012-06-24 06:11:03 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{335FF896-1521-4E7D-91E8-983E745B98AD}
2012-06-23 17:07:19 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{450C2602-2CBE-4808-98AF-C8E271B42369}
2012-06-23 17:07:08 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{29663E22-B97B-4D1A-B549-3D18A6287A08}
2012-06-23 16:54:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{154F4AF6-C2C1-4397-96D4-B79629F6B4E0}
2012-06-23 16:54:07 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{8F2D57EC-2B14-4DFA-AD0C-FA456DA6B4A8}
2012-06-23 16:16:48 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A1B9E899-1E85-492D-91CD-CE04DEFD85CE}
2012-06-23 16:16:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{AB5E2DB3-2A3C-4C97-AEDC-22A8D93DA9E2}
2012-06-23 07:08:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E76D7981-D61E-4267-A698-5832189F345B}
2012-06-23 07:08:26 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BB264797-B386-40ED-92D7-897494A1F3DD}
2012-06-22 17:35:10 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{299D6F13-5C00-40B7-982F-52715EEE695C}
2012-06-22 17:34:58 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{68E94815-3AE1-4C4B-9337-7EA1EDF6AD5F}
2012-06-22 14:41:47 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BBBCE876-BFF1-4E59-8FDA-8323112E39D3}
2012-06-22 14:41:34 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{6BCD5955-2AFC-4CC9-A5F1-B87BA6F6F6FF}
2012-06-22 06:21:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3EDA3542-6BA3-4449-B0E0-F7E7044126CF}
2012-06-22 06:21:00 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F93B3A9D-5F8A-4BB4-8F86-342372950AD4}
2012-06-21 15:18:49 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{910E51BC-3E76-489A-A39D-0B5A23971146}
2012-06-21 15:18:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{62B6E66B-AEC3-4C95-8865-5C7092917000}
2012-06-21 05:24:19 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7FA44E26-DACC-486C-B5B8-0E4BE41D864A}
2012-06-21 05:24:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{03BA5D29-82E4-4EF4-9CFB-9705537B16D5}
2012-06-20 21:35:46 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{694D2294-434F-4D35-BCDE-CC40D626DD76}
2012-06-20 21:35:31 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E06A6C63-2AD5-4071-95F5-255157526AB2}
2012-06-20 05:57:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B8E4B885-65DC-494A-A534-617606AC8E1B}
2012-06-20 05:57:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{31E61343-CD81-4E9A-AC84-BFEF6EE84AE6}
2012-06-20 05:54:27 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-19 18:50:16 74824 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys
2012-06-19 18:50:16 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys
2012-06-19 18:50:16 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys
2012-06-19 18:50:15 -------- d-----w- C:\ProgramData\PC Tools
2012-06-19 18:00:17 -------- d-----w- C:\Users\Job der Kinderen\DoctorWeb
2012-06-19 16:52:04 -------- d-----w- C:\Users\Job der Kinderen\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 16:51:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-19 16:51:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-19 16:24:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-18 20:11:15 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A9E3B292-07B3-48CD-BD08-9AE308903B51}
2012-06-18 19:55:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Roaming\Malwarebytes
2012-06-18 19:55:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-18 19:55:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-18 17:09:22 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-06-18 17:09:21 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-06-18 17:09:17 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-06-18 17:08:33 41184 ----a-w- C:\Windows\avastSS.scr
2012-06-18 17:08:23 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-18 17:08:23 -------- d-----w- C:\Program Files\AVAST Software
2012-06-18 05:17:12 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{83F0F012-1D90-4E88-A8C3-93B04B48F4C0}
2012-06-17 15:50:32 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F3456F1D-377B-4C89-8636-DF3612508750}
2012-06-15 08:02:32 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1ABAB431-C325-4B8C-8363-1DF1AC3BB88F}
2012-06-14 05:55:42 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9A8EDC63-D8E9-44A2-AD5F-2E615910D5B9}
2012-06-14 05:55:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D743F3B2-F84C-4EE1-AE37-6D507BEFC52F}
2012-06-13 06:06:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 06:06:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 06:06:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:57:57 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9E456BCF-2DAF-4689-91FB-3CC457829BEF}
2012-06-13 05:57:45 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3F1C778F-683F-4584-8A7B-FE8535213E8F}
2012-06-12 06:00:14 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BD4B2F4A-2022-471F-937F-E3A931FD7EE8}
2012-06-12 06:00:02 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0BE1C546-5079-450B-AD7D-30E8958EE0B2}
2012-06-11 05:52:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A2F7AA8C-0E0E-4AA8-96F7-1E106B049C38}
2012-06-11 05:52:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{46B9B157-9C40-4EDF-B6E7-8C93495A73D2}
2012-06-10 11:28:17 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{44405AAB-3989-4549-A632-1A9F90F8B2C5}
2012-06-10 11:28:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{600ACFEB-6BED-4238-BCBA-1B70EB6A01B3}
2012-06-09 11:06:37 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{2FCCC962-B79D-4A8C-BB38-4E47B6EDADD4}
2012-06-09 11:06:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{13D14F29-149B-4625-8F3C-F9EBFB0A9963}
2012-06-09 01:36:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-09 01:35:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-09 01:35:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-09 01:35:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-08 17:38:56 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{DEB93950-2B4B-4198-BDBD-7CC235AA4338}
2012-06-08 17:38:44 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F1A2AFEE-B32A-4F34-9655-BAE97DFC4B92}
2012-06-08 05:47:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9CFF3EED-0C6B-49E8-875E-26C0AE93F12A}
2012-06-08 05:47:04 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{34642675-C7FE-4EA2-BD37-64F64CCBEFAF}
2012-06-07 15:08:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{76D84811-78C0-4F4A-B05D-48A4A26A4CB2}
2012-06-07 15:07:59 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C95664EE-E196-493E-A056-3978CE504860}
2012-06-07 05:51:40 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{96B7A69B-4EBE-4390-B25F-07F113831DE2}
2012-06-07 05:51:24 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A6F65DF4-BAAC-4495-AF3E-8C8C0CAA8B7E}
2012-06-06 06:32:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B483F667-ED80-42DC-B918-8ED76DFE5E0A}
2012-06-06 06:31:53 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{5B57DBB1-98CF-4CF5-A13D-B88F4C7BA8AA}
2012-06-05 05:02:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{6164906A-27A8-40FA-9F72-EED39331A3B5}
2012-06-05 05:02:28 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{5CFBC3B5-D5E4-4CEC-96B0-D8D26DB59F2F}
2012-06-04 05:32:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F0B1115F-9A55-469D-A0F2-238976259095}
2012-06-04 05:32:23 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FEAF9C77-300C-4DDE-BCDC-2E89160BE0D0}
2012-06-03 09:28:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{8CBF2003-544B-429C-834D-510944C5A274}
2012-06-03 09:28:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{58116E21-9659-4EFD-A988-729E6649F042}
2012-06-02 10:08:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{231F2F70-0053-4C37-AA0B-16BA4CE33BFB}
2012-06-02 10:08:14 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B4DF299B-BB57-462F-BEE6-1EDAD6174C26}
2012-06-02 07:36:39 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C2E971A7-E03D-44EE-AE27-04DC7F8CA64C}
2012-06-02 07:36:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7D58B23D-39E8-4602-A97C-C1364BFC6820}
2012-06-01 05:57:50 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E8EF04B5-7F0A-459D-8732-27D0986A5D22}
2012-06-01 05:57:37 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FA2E4059-BE1A-45B3-A6BC-F3E702A38645}
2012-05-31 05:48:23 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{410EC1D3-6830-4125-BF57-68C1B7CDBF23}
2012-05-31 05:48:09 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D2737C0C-DBAF-4DAF-8F0B-5BB13B59AB9A}
2012-05-30 05:49:36 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0D1C87DF-92F1-4C98-9A7B-FE527477FA2F}
2012-05-30 05:49:22 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9B29476A-CC4A-44C7-AB68-028088FF7DD9}
2012-05-29 05:50:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EE1CF24F-F997-4F01-8A70-59BBC66B6698}
2012-05-29 05:50:26 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3B880AAE-7331-4E69-B0E3-8170719DE674}
2012-05-28 05:39:20 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1DAFA5E4-56B8-49AF-B26C-DDF97D9E9B51}
2012-05-28 05:39:08 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{28FFD7E6-6509-4F1B-A69D-90201F66E1CF}
2012-05-27 10:44:03 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{23CE778E-B3CB-4EB6-977C-9868403761B7}
2012-05-27 10:43:50 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0B79D3B2-9780-4B4A-AAF5-04A72CC561B8}
.
==================== Find3M ====================
.
2012-06-26 08:28:03 25640 ----a-w- C:\Windows\gdrv.sys
2012-05-22 06:05:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 06:05:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:56:15,63 ===============
 
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2010 23:11:04
System Uptime: 26/06/2012 10:37:06 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-UD2H
Processor: Intel(R) Core(TM) i3 CPU 560 @ 3.33GHz | Socket 1156 | 3333/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 651,565 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP1825: 21/06/2012 7:53:32 - Automatic creation
RP1829: 22/06/2012 8:50:13 - Automatic creation
RP1831: 23/06/2012 18:46:30 - Automatic creation
RP1833: 24/06/2012 10:00:09 - Automatic creation
RP1840: 26/06/2012 10:22:32 - Automatic creation
RP1841: 26/06/2012 10:30:57 - Windows Update
.
==== Installed Programs ======================
.
@BIOS
µTorrent
Adobe AIR
Adobe Download Assistant
Adobe InDesign CS5.5
Adobe Photoshop CS5.1
Adobe Reader 9.5.1 - Nederlands
Age of Mythology
Apple Application Support
Apple Software Update
AutoGreen B09.1014.2
avast! Free Antivirus
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
CameraHelperMsi
COMSOL 4.2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DES 2.0
Dropbox
DWGeditor
Easy Tune 6 B10.0521.1
erLT
Facebook Video Calling 1.2.0.159
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iPhone-configuratieprogramma
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Logitech-webcamsoftware
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2003 Web Components
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 nl)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B10.0427.1
PDF Settings CS5
PhotoView 360
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.9
Smart 6 B10.0422.1
SolidWorks 2010 x64 Edition SP0
SolidWorks eDrawings 2010
Spotify
Spybot - Search & Destroy
Teach2000 version 8.53
ThreatFire
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.1.11
Vtune 7.16
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.0
Write-N-Cite
.
==== Event Viewer Messages From Past Week ========
.
26/06/2012 10:54:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
26/06/2012 10:46:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
26/06/2012 10:40:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
26/06/2012 10:40:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
26/06/2012 10:38:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
26/06/2012 10:38:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/06/2012 10:38:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/06/2012 10:38:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26/06/2012 10:37:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger aswSnx aswSP aswTdi discache MpFilter SASDIFSV SASKUTIL spldr sptd Wanarpv6
26/06/2012 10:37:10, Error: sptd [4] - Driver detected an internal error in its data structures for .
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:28:06, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: SBSD Security Center Service is not a valid Win32 application.
26/06/2012 10:28:05, Error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: ThreatFire is not a valid Win32 application.
26/06/2012 10:25:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
25/06/2012 20:06:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
25/06/2012 16:58:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
24/06/2012 9:39:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/06/2012 19:24:50, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/06/2012 19:24:45, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
23/06/2012 19:24:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
23/06/2012 18:01:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
22/06/2012 8:31:50, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.268.0).
22/06/2012 8:31:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070643 Error description: Fatal error during installation.
22/06/2012 20:36:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
22/06/2012 20:20:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
22/06/2012 17:03:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
22/06/2012 1:24:29, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
21/06/2012 17:42:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/06/2012 7:54:20, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
19/06/2012 7:43:37, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
19/06/2012 20:51:13, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
19/06/2012 17:28:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger aswSnx aswSP aswTdi discache MpFilter spldr sptd Wanarpv6
.
==== End Of File ===========================
 
Thanks for helping me Broni!

I did everything in Safe modus because it keept on crashing. Another thing, I cant use my Word program anymore. Maybe that got something to do with the Virus?
 
You're running two AV programs, Avast and MSE.
You must uninstall one of them.

When done....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-28.01 - Job der Kinderen 28/06/2012 8:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3963.1996 [GMT 2:00]
Running from: c:\users\Job der Kinderen\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 06:53 . 2012-06-28 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-27 05:50 . 2012-06-27 05:50 -------- d-----w- c:\program files\Windows Live
2012-06-19 18:50 . 2011-02-22 11:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-06-19 18:50 . 2011-02-22 11:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-06-19 18:50 . 2011-02-22 11:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-06-19 18:50 . 2012-06-19 18:50 -------- d-----w- c:\programdata\PC Tools
2012-06-19 18:00 . 2012-06-19 18:15 -------- d-----w- c:\users\Job der Kinderen\DoctorWeb
2012-06-19 16:52 . 2012-06-19 16:52 -------- d-----w- c:\users\Job der Kinderen\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 16:51 . 2012-06-19 16:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-19 16:51 . 2012-06-19 16:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-19 16:24 . 2012-06-19 16:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-18 19:55 . 2012-06-18 19:55 -------- d-----w- c:\users\Job der Kinderen\AppData\Roaming\Malwarebytes
2012-06-18 19:55 . 2012-06-18 19:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 19:55 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 17:09 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-18 17:09 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-18 17:09 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-18 17:09 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-18 17:09 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-18 17:09 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-18 17:09 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-18 17:08 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-18 17:08 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-18 17:08 . 2012-06-18 17:23 -------- d-----w- c:\programdata\AVAST Software
2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\program files\AVAST Software
2012-06-13 06:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-09 01:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:35 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:35 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 06:54 . 2010-10-01 21:28 25640 ----a-w- c:\windows\gdrv.sys
2012-05-22 06:05 . 2012-05-22 06:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 06:05 . 2011-05-19 07:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-23 04:21 . 2012-04-23 04:21 53248 ----a-r- c:\users\Job der Kinderen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-30 11:35 . 2012-05-09 08:33 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-01-27 2236416]
"Facebook Update"="c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-23 137536]
"SpybotSD TeaTimer"="c:\users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"ThreatFire"="c:\users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
c:\users\Job der Kinderen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 ThreatFire;ThreatFire;c:\users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-10-01 25640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-08 1315592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 135664]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-09 30528]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 834544]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 MBAMService;MBAMService;c:\users\Job der Kinderen\Desktop\Cleaning\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-20 378984]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-02-14 155752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 06:05]
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-342277662-3814480884-1719931436-1000Core.job
- c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-23 15:53]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-342277662-3814480884-1719931436-1000UA.job
- c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-23 15:53]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 21:10]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-COMSOL42 - c:\comsol42\bin\win64\comsoluninstall.exe
AddRemove-VLC media player - c:\program files (x86)vlcmediaplayer\uninstall.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-06-28 08:59:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 06:59
.
Pre-Run: 700.260.880.384 bytes free
Post-Run: 701.635.686.400 bytes free
.
- - End Of File - - 554C380EC5771C885D95739D67665C94
 
I don't see anything malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Intel 15th-gen Core 'Arrow Lake' might support 120 Gbps Thunderbolt 5 and 20 PCIe 5.0...
Replies
12
Views
327
HardReset
H
Cal Jeffrey
Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions...
Replies
0
Views
144
Cal Jeffrey
Cal Jeffrey
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
168
James Ryan
J

Latest posts

Back