Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two infected laptops


  • Please log in to reply
33 replies to this topic

#1 Men

Men

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 29 January 2015 - 03:04 AM

We work with two laptops, my wife works with Windows 7, I still have XP professional. Couple of month ago we caught malware on both in the same week, no idea where it came from. (We are careful not to click when we are not sure about the link). First we only suffered from redirects that I thought I had 'killed' with Malwarebytes.

But whatever we quarantine, it seems to come back. Since a week both our laptops are very slow, to start up but also to connect to the internet. Connection is often failing (server not found). I compared with a 3rd laptop (Windows 7) that was not in use lately, and that one starts up and connects at normal speed, the internetconnection seems okay. I really would appreciate your help!

I would prefer to do one at the time, the Windows XP laptop first.

Please let me know what you need from me to get started.

Thanks

 

 



BC AdBot (Login to Remove)

 


#2 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 30 January 2015 - 06:29 PM

Hello and :welcome: on bleeping computer
My name is Sandra and I will help you with your problem.
  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply within 48 hours, feel free to send me a PM
Please notice: I am Malware Study Hall Senior, that means all of my answers will reviewed by an expert before I can post them here. Therefore it could be, that there is a little delay in my answering.

Pleace notice also: You are using Windows XP as an OS. Microsofts Support for this operating system ended in April 2014. This means, that there are no significant updates and patches given for this OS. It is not save to have Windows XP and going online with this machine, especially if you are using this laptop for onlinebanking or other sensible transactions.

Step 1
Scan with FRST
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was runing from.
  • Please copy and paste these logs in your next reply.

Edited by Bootsektor, 30 January 2015 - 06:30 PM.

regards,

 

Sandra


#3 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 01 February 2015 - 07:40 AM

Hello Sandra,

My Thai nickname is Men. (Mijnd in Dutch)

Thank you for this quick response. I followed your instructions, here are the results of the scans:

 

This is log 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by mijnd (administrator) on ACER on 01-02-2015 17:05:51
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\mijnd\LOCALS~1\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-06-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17530368 2009-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [715272 2007-08-13] (Dritek System Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1151976 2015-01-24] (Hola Networks Ltd.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10134360 2012-10-24] ()
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2aa-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2ab-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750dd-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750de-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1a-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1b-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\mijnd\Start Menu\Programs\Startup\Network-USB Navigator.lnk
ShortcutTarget: Network-USB Navigator.lnk -> C:\Program Files\BUFFALO\Device server\Connect.exe (BUFFALO INC.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * 猀瀀爀攀猀琀爀琀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-1390067357-1450960922-1417001333-1004] => http://127.0.0.1:6853/wpad.pac?stamp=0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?nord=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://192.168.1.250/IPCamPluginMJPEG.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1450960922-1417001333-1004: @hola.org/vlc,version=1.6.485 -> C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\vlc ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\startpage-ssl.xml
FF Extension: Avira Browser Safety - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: British English Dictionary - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-12]
FF Extension: Hola Better Internet - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-29]
FF Extension: NoScript - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Web Developer - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-17]
FF Extension: Adblock Plus - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-20]
FF Extension: BetterPrivacy - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-22]
FF Extension: Adblock Edge - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{E5C20E23-9BBF-4a06-AC43-277382EF1B43}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6
FF Extension: VerificationEngine&#174; - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010-02-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26]
FF HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0BtByEzy0E0E0DyD0ByCyEyDyDtN0D0Tzu0CtAtBtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1505212187"
CHR Profile: C:\Documents and Settings\mijnd\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Documents and Settings\mijnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [805112 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [6185960 2015-01-24] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [6185960 2015-01-24] (Hola Networks Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-03] (Oracle Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 0187451260843226mcinstcleanup; C:\DOCUME~1\mijnd\LOCALS~1\Temp\018745~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 szserver; "C:\Program Files\STOPzilla!\SZServer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66304 2007-01-31] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [45952 2007-01-31] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2007-01-31] (ENE Technology Inc.)
S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [133632 2008-09-29] (Microsoft Corporation) [File not signed]
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-05-08] (Intel Corporation)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R0 is3srv; C:\WINDOWS\System32\drivers\is3srv.sys [99728 2012-03-20] (iS3 Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2210816 2007-08-29] (Intel Corporation)
S3 PcaSp50; C:\WINDOWS\System32\DRIVERS\PcaSp50.sys [28160 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-11-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 szkg5; C:\WINDOWS\System32\DRIVERS\szkg.sys [99728 2012-03-20] (iS3 Inc.)
R0 szkgfs; C:\WINDOWS\System32\drivers\szkgfs.sys [73008 2012-05-04] (iS3, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 MFE_RR; \??\C:\DOCUME~1\mijnd\LOCALS~1\Temp\mfe_rr.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 17:05 - 2015-02-01 17:06 - 00027724 _____ () C:\Documents and Settings\mijnd\Desktop\FRST.txt
2015-02-01 17:05 - 2015-02-01 17:06 - 00000000 ___DC () C:\FRST
2015-02-01 17:04 - 2015-02-01 17:04 - 01122304 _____ (Farbar) C:\Documents and Settings\mijnd\Desktop\FRST.exe
2015-02-01 16:39 - 2015-02-01 16:39 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2015-01-29 12:50 - 2015-01-29 12:50 - 00010442 _____ () C:\Documents and Settings\mijnd\Desktop\AdwCleaner[S1].txt
2015-01-29 12:29 - 2015-01-29 12:29 - 02194432 _____ () C:\Documents and Settings\mijnd\Desktop\adwcleaner_4.109.exe
2015-01-27 08:28 - 2015-01-27 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 11:03 - 2015-01-24 11:03 - 00000700 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Hola.lnk
2015-01-24 11:02 - 2015-01-25 08:28 - 00000000 ____D () C:\Program Files\Hola
2015-01-23 08:37 - 2015-01-23 08:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola
2015-01-19 10:15 - 2015-01-29 12:28 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\antivirus
2015-01-16 17:18 - 2015-01-28 16:10 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Boekproject
2015-01-14 11:27 - 2015-01-15 07:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-09 11:33 - 2015-01-09 11:33 - 00001694 _____ () C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 17:06 - 2014-02-08 07:01 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-01 17:06 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Temp
2015-02-01 17:05 - 2008-11-26 23:21 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\Skype
2015-02-01 16:58 - 2012-03-29 07:31 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-01 16:45 - 2011-08-31 13:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-02-01 16:41 - 2008-11-26 21:13 - 01810584 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Program Files\Avira
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-01 16:33 - 2014-09-09 15:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-01 16:33 - 2008-11-26 21:11 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-01 16:28 - 2010-01-03 10:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 16:28 - 2008-11-26 21:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-01 16:28 - 2008-11-26 21:30 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-01 16:28 - 2008-11-26 21:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 16:28 - 2001-08-23 04:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-29 15:07 - 2014-08-14 14:35 - 00417178 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-29 15:07 - 2008-11-26 21:23 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 15:06 - 2008-11-26 21:24 - 00000178 ___SH () C:\Documents and Settings\mijnd\ntuser.ini
2015-01-29 15:06 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd
2015-01-29 14:11 - 2010-01-03 10:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 13:24 - 2014-12-25 11:33 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:12 - 2008-12-13 14:45 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-01-29 12:27 - 2014-12-23 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 08:04 - 2012-06-26 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 07:06 - 2014-02-08 07:01 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-26 09:19 - 2014-08-13 09:54 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Video editing
2015-01-26 08:58 - 2012-03-29 07:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-26 08:58 - 2011-05-23 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-26 07:51 - 2009-08-09 15:03 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Progrmms Shortcuts
2015-01-26 07:50 - 2008-11-28 18:24 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Software
2015-01-23 14:19 - 2014-09-09 16:57 - 01152138 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-1450960922-1417001333-1004-0.dat
2015-01-23 14:17 - 2014-11-27 10:11 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\IPVanish
2015-01-23 14:17 - 2014-11-27 10:10 - 00000000 ____D () C:\Program Files\IPVanish
2015-01-19 10:17 - 2014-09-10 07:32 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\temp docs
2015-01-16 15:12 - 2010-01-05 09:33 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\vlc
2015-01-16 15:09 - 2008-12-06 21:24 - 00151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 13:06 - 2013-07-16 18:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 12:57 - 2008-11-26 23:26 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 07:29 - 2014-11-09 09:13 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Kenza
2015-01-09 09:17 - 2014-09-04 10:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Avira

==================== Files in the root of some directories =======

2008-12-06 21:24 - 2015-01-16 15:09 - 0151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 09:55 - 2014-09-20 09:55 - 0000863 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\mijnd\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.390.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.434.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.449.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.463.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.467.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.485.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\mijnd\Local Settings\Temp\IPVanish-Setup-2.0.18.6.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl155.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl160.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\xuninst.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is144.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is58.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is59.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5A.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5B.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5C7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

And this is log 2:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by mijnd at 2015-02-01 17:07:10
Running from C:\Documents and Settings\mijnd\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.11a - Acer Crystal Eye)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Alky for Applications (Windows XP) (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.1 - Alky Team)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline (Version: 1.01.00 - Articulate) Hidden
ASUS RT-N12B1 Wireless Router Utilities (HKLM\...\{23306E15-327A-496E-8AE1-9E62E63BF27D}) (Version: 4.1.9.0 - ASUS)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Babylon (HKLM\...\Babylon) (Version:  - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BUFFALO Network-USB Navigator (HKLM\...\BUFFALO Device server) (Version: 1.40 - BUFFALO INC.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.2.2140 - CDBurnerXP)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Dropbox) (Version: 0.7.110 - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elektronisch Groene Boekje (HKLM\...\{B8903E65-D802-4D34-A72D-101EBA881D90}) (Version: 3.0.1 - Sdu Uitgevers)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPubsoft Adobe PDF ePub DRM Removal 8.1.7 (HKLM\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 8.1.7 - EPUBSOFT)
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Gadget Installer (HKLM\...\{3F3733A5-8322-454D-A638-3B74E1C83752}) (Version: 1.0.2 - VistaExperience.org)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync V6 (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version:  - Siber Systems)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hola™ 1.6.390 - Better Internet (HKLM\...\Hola) (Version: 1.6.390 - Hola Networks Ltd.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IconPackager (HKLM\...\IconPackager) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
IPVanish (Version: 2.0.18.6 - IPVanish.com) Hidden
IPVanish VPN (HKLM\...\{56fb1453-6bf9-40da-b615-32fbe5567eb4}) (Version: 2.0.18.6 - IPVanish.com)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Kubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Kubuntu)
Launch Manager (HKLM\...\LManager) (Version:  - )
LClock (HKLM\...\LClock) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Recent Documents Gadget (HKLM\...\{90120000-008A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Photo to Cartoon (HKLM\...\{C7DE53DF-A820-431B-9A24-F558C374C500}) (Version: 4.0.0 - Caricature Software)
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.012 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5802 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version:  - NCH Software)
Resource Hacker 3.4.0 (HKLM\...\Resource Hacker 3.4.0) (Version:  - Resource Hacker 3.4.0) <==== ATTENTION!
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigil 0.7.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.1.00.17290 - Sony Corporation)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
Styler (HKLM\...\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}) (Version: 1.4.0.1 - ta2027)
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version:  - )
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.19.4 - Synaptics)
TalkAndWrite (HKLM\...\TalkAndWrite_is1) (Version: 5.1.0.206 - TalkAndWrite)
Thai-English English-Thai Talking Dictionary v1.6 (HKLM\...\ThaiDict_is1) (Version:  - Paiboon Publishing Inc. and Word in the Hand Inc.)
TK8 StickyNotes 4.0 (HKLM\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.33 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\{B63F5DA2-FD25-4437-A60B-1E99029E99D5}) (Version: 2.1.2 - Van Dale Lexicografie)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSDC Free Video Editor version 2.1.8.149 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.149 - Flash-Integro LLC)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sidebar (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
xp-AntiSpy 3.96-8 (HKLM\...\xp-AntiSpy) (Version: 3.96-8 - Christian Taubenheim)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {589B7306-9468-D082-50E3-EAA985889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {45638ACD-9468-D082-9B1A-12B485889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-11-2014 08:41:09 System Checkpoint
02-11-2014 09:44:50 System Checkpoint
03-11-2014 09:46:50 System Checkpoint
03-11-2014 11:16:40 Installed EPubsoft Adobe PDF ePub DRM Removal 8.1.7.
05-11-2014 08:40:08 System Checkpoint
06-11-2014 10:07:14 System Checkpoint
07-11-2014 10:42:18 System Checkpoint
08-11-2014 11:59:30 System Checkpoint
11-11-2014 08:35:55 System Checkpoint
12-11-2014 08:51:20 System Checkpoint
13-11-2014 06:57:10 Software Distribution Service 3.0
15-11-2014 09:16:28 System Checkpoint
16-11-2014 09:23:31 System Checkpoint
17-11-2014 09:56:38 System Checkpoint
19-11-2014 08:54:59 System Checkpoint
20-11-2014 14:46:40 System Checkpoint
22-11-2014 07:34:23 System Checkpoint
23-11-2014 07:59:41 System Checkpoint
24-11-2014 08:50:13 System Checkpoint
25-11-2014 08:52:26 System Checkpoint
26-11-2014 10:18:43 Installed COMODO Unite
27-11-2014 10:03:25 IPVanish VPN
29-11-2014 12:33:32 System Checkpoint
01-12-2014 10:03:23 System Checkpoint
03-12-2014 08:50:10 System Checkpoint
05-12-2014 07:39:19 System Checkpoint
06-12-2014 09:07:43 System Checkpoint
10-12-2014 08:31:23 Software Distribution Service 3.0
12-12-2014 07:38:38 IPVanish VPN
12-12-2014 07:39:10 IPVanish VPN
13-12-2014 09:41:24 System Checkpoint
14-12-2014 11:36:55 System Checkpoint
17-12-2014 13:05:32 System Checkpoint
18-12-2014 10:02:12 Removed IIS 7.5 Express
20-12-2014 10:25:38 System Checkpoint
22-12-2014 09:01:05 System Checkpoint
23-12-2014 08:27:38 IPVanish VPN
23-12-2014 08:30:16 IPVanish VPN
23-12-2014 09:52:42 IPVanish VPN
23-12-2014 10:19:13 IPVanish VPN
23-12-2014 15:20:21 HP Update verwijderd.
23-12-2014 15:20:36 Removed Google+ Auto Backup
25-12-2014 08:29:04 System Checkpoint
27-12-2014 09:25:12 System Checkpoint
29-12-2014 08:26:41 System Checkpoint
30-12-2014 15:05:56 Software Distribution Service 3.0
01-01-2015 11:13:24 System Checkpoint
08-01-2015 08:28:16 System Checkpoint
09-01-2015 10:09:25 System Checkpoint
11-01-2015 08:15:51 System Checkpoint
15-01-2015 08:31:37 System Checkpoint
15-01-2015 12:57:35 Software Distribution Service 3.0
17-01-2015 09:24:36 System Checkpoint
19-01-2015 08:34:45 System Checkpoint
20-01-2015 09:02:55 System Checkpoint
23-01-2015 09:15:23 System Checkpoint
24-01-2015 14:25:19 System Checkpoint
26-01-2015 08:54:58 System Checkpoint
27-01-2015 08:59:15 System Checkpoint
29-01-2015 13:06:50 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 04:00 - 2012-02-10 12:32 - 00000758 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 NAS server


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnSevenDaysInit.job => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\DOCUME~1\mijnd\LOCALS~1\Temp\n1s.exe
Task: C:\WINDOWS\Tasks\expressripShakeIcon.job => C:\Program Files\NCH Swift Sound\ExpressRip\expressrip.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\switchSevenDays.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\wavepadSevenDays.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) =============

2013-08-21 13:38 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-13 10:44 - 2001-03-15 05:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2010-06-25 15:09 - 2008-06-16 13:11 - 00081920 _____ () C:\WINDOWS\system32\emfxp.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2008-04-14 19:00 - 2011-11-03 22:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 19:00 - 2013-01-02 13:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-05-17 21:23 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2012-11-29 16:18 - 2012-10-24 16:08 - 10134360 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\lang_0874.uni:index

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk => C:\WINDOWS\pss\Mediacontrole Picture Motion Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Styler.lnk => C:\WINDOWS\pss\Styler.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon.exe -AutoStart
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LClock => C:\Program Files\LClock\LClock.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VEngine => C:\Program Files\Comodo\VEngine\VEngine.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1390067357-1450960922-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1390067357-1450960922-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1390067357-1450960922-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1450960922-1417001333-1000 - Limited - Disabled)
mijnd (S-1-5-21-1390067357-1450960922-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mijnd
SUPPORT_388945a0 (S-1-5-21-1390067357-1450960922-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor   
Description: Fingerprint Sensor   
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 #2
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 09:18:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1972) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/25/2014 10:39:31 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/24/2014 00:28:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:57:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:56:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 07:31:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VPNClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at VPNClient.App.Main()

Error: (12/22/2014 07:54:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.exe, version 14.0.7.462, faulting module msvcr120.dll, version 12.0.21005.1, fault address 0x000129bf.
Processing media-specific event for [update.exe!ws!]

Error: (12/20/2014 02:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (12/20/2014 02:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module hotplug.dll, version 5.1.2600.5512, fault address 0x00006901.
Processing media-specific event for [rundll32.exe!ws!]

Error: (12/20/2014 09:47:45 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.


System errors:
=============
Error: (02/01/2015 04:30:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/01/2015 04:30:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/01/2015 04:28:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/01/2015 04:28:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (02/01/2015 04:28:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (02/01/2015 04:28:30 PM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (01/29/2015 01:30:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Web Deployment Agent Service service terminated with the following error:
%%2148734208

Error: (01/29/2015 01:29:58 PM) (Source: 0) (EventID: 15005) (User: )
Description: 0.0.0.0:80

Error: (01/29/2015 01:29:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (01/29/2015 01:29:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3781 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (10/31/2013 02:53:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 11:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/23/2012 11:55:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4704 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (03/02/2012 01:00:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14606 seconds with 7680 seconds of active time.  This session ended with a crash.

Error: (10/06/2010 09:05:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26582 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 07:26:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32797 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/11/2009 11:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5618 seconds with 2760 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 2038.36 MB
Available physical RAM: 1199.65 MB
Total Pagefile: 3928.8 MB
Available Pagefile: 3020.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.48 GB) (Free:5.93 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

 



#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 02 February 2015 - 05:39 AM

Hello Men,

First I would like you to read an article about the danger of using registrycleaners Why not to use registry cleaners

Please post me the logs of adwarecleaner and Malwarebytes, thank you.

Do you use the Babylon translation program on your laptop

Did you set these policy restrictions on your laptop?
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
And finally: are you connected via WLAN to the Internet? :) Can you test if there is a difference between WLAN and LAN on your laptop?

Step 1
We need to remove programs using "Add/Remove Programs"

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Hola 1.6.390 - Better Internet

Additional instructions can be found here if needed.


Step 2
  • Open your Chrome Browser
  • Move to Settings ( that is the Symbol right beneath the adress line, it looks like three horizontal lines)
  • Go there on Settings
  • Move to On Startup
  • Go on Open a specific page or set of pages
  • remove funmoods (if existing), delete it and choose another Startpage (normally it is google.com)
  • Step 3
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log ( Fixlog.txt ) in the same location the tool was run, please post it to your reply
  • Step 4
Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points
Step 5
Please restart FRST.
  • Check also addition.txt then press Scan.
  • When the scan is finished, two new logfiles FRST.txt and additon.txt will be created and saved on your desktop.
  • Please post the content of the logfiles here in your thread.

Attached Files


regards,

 

Sandra


#5 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 03 February 2015 - 12:42 AM

Hello Sandra,

 

I read the article re the danger of using registry cleaners, thanks for the warning.

 

Please find the logs of adwarecleaner and Malwarebytes attached to this post, as requested.

 

Yes I use the Babylon translation program, but rarely. I have no problem with removing it of that seems better.

 

No, I did not set any policy restrictions on my laptop (would not even know how to do that).

FYI, AviraPro is no longer working properly (since a week or so), email protection will not switch on. This happened before and I was advised by Avira to uninstall and re-install it, that worked at that time. I wait for your advice before I do anything with AviraPro now (I do not do banking etc on this computer, I have Ubuntu installed on a HD partition for secure online business, but Ubuntu will not start up I noticed. I will address that when we have finished cleaning my laptop)

 

I use both WLAN and LAN with this laptop and noticed no differences.

 

Hola 1.6.390 - Better Internet has been removed. FYI: I use Hola to access websites blocked by the military junta in Thailand (my location, BTW 6 hours ahead of EU time). I removed it once before to check if that made a difference, it does not. Please let me know if it is safe to install Hola again.

 

I never use the Chrome browser (I only work with FF with DuckDuckGo as homepage) and uninstalled it.

 

I downloaded the fixlist.txt file and ran FRST.exe. This is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by mijnd at 2015-02-03 11:14:27 Run:1
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\mijnd\LOCALS~1\Temp\mfe_rr.sys [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\exefile:  <===== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\WINDOWS\System32\drivers\Bhbase.sys
*****************

Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
MFE_RR => Service deleted successfully.
"HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Classes\exefile => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\WINDOWS\System32\drivers\Bhbase.sys => Moved successfully.


The system needed a reboot.

==== End of Fixlog 11:14:35 ====

 

FYI: While running the fix I got the warning: Plug-in container exe encounterred a problem, it was closed.

 

I ran MiniToolbox, it gave me a Result.txt log. You did not ask for it in your post but I attached it, just in case.

Finally I restarted FRST.exe. here are the 2 logs:

 

Log 1:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by mijnd (administrator) on ACER on 03-02-2015 11:42:33
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\mijnd\LOCALS~1\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Hola Networks Ltd.) C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\hola_plugin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-06-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17530368 2009-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [715272 2007-08-13] (Dritek System Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10134360 2012-10-24] ()
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2aa-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2ab-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750dd-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750de-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1a-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1b-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\mijnd\Start Menu\Programs\Startup\Network-USB Navigator.lnk
ShortcutTarget: Network-USB Navigator.lnk -> C:\Program Files\BUFFALO\Device server\Connect.exe (BUFFALO INC.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * 猀瀀爀攀猀琀爀琀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?nord=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://192.168.1.250/IPCamPluginMJPEG.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1450960922-1417001333-1004: @hola.org/vlc,version=1.6.520 -> C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\vlc ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\startpage-ssl.xml
FF Extension: Avira Browser Safety - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: British English Dictionary - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-12]
FF Extension: Hola Better Internet - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-29]
FF Extension: NoScript - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Web Developer - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-17]
FF Extension: Adblock Plus - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-20]
FF Extension: BetterPrivacy - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-22]
FF Extension: Adblock Edge - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{E5C20E23-9BBF-4a06-AC43-277382EF1B43}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6
FF Extension: VerificationEngine&#174; - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010-02-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26]
FF HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [805112 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-03] (Oracle Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 0187451260843226mcinstcleanup; C:\DOCUME~1\mijnd\LOCALS~1\Temp\018745~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 szserver; "C:\Program Files\STOPzilla!\SZServer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66304 2007-01-31] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [45952 2007-01-31] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2007-01-31] (ENE Technology Inc.)
S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [133632 2008-09-29] (Microsoft Corporation) [File not signed]
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-05-08] (Intel Corporation)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R0 is3srv; C:\WINDOWS\System32\drivers\is3srv.sys [99728 2012-03-20] (iS3 Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2210816 2007-08-29] (Intel Corporation)
S3 PcaSp50; C:\WINDOWS\System32\DRIVERS\PcaSp50.sys [28160 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-11-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 szkg5; C:\WINDOWS\System32\DRIVERS\szkg.sys [99728 2012-03-20] (iS3 Inc.)
R0 szkgfs; C:\WINDOWS\System32\drivers\szkgfs.sys [73008 2012-05-04] (iS3, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:42 - 2015-02-03 11:43 - 00026417 _____ () C:\Documents and Settings\mijnd\Desktop\FRST.txt
2015-02-03 11:38 - 2015-02-03 11:39 - 00045954 _____ () C:\Documents and Settings\mijnd\Desktop\Result.txt
2015-02-03 11:36 - 2015-02-03 11:37 - 00401920 _____ (Farbar) C:\Documents and Settings\mijnd\Desktop\MiniToolBox.exe
2015-02-01 17:07 - 2015-02-01 17:08 - 00041549 _____ () C:\Documents and Settings\mijnd\Desktop\Addition_1.txt
2015-02-01 17:05 - 2015-02-03 11:42 - 00000000 ___DC () C:\FRST
2015-02-01 17:05 - 2015-02-01 17:08 - 00036733 _____ () C:\Documents and Settings\mijnd\Desktop\FRST_1.txt
2015-02-01 17:04 - 2015-02-01 17:04 - 01122304 _____ (Farbar) C:\Documents and Settings\mijnd\Desktop\FRST.exe
2015-02-01 16:39 - 2015-02-01 16:39 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2015-01-29 12:50 - 2015-01-29 12:50 - 00010442 _____ () C:\Documents and Settings\mijnd\Desktop\AdwCleaner[S1].txt
2015-01-29 12:29 - 2015-01-29 12:29 - 02194432 _____ () C:\Documents and Settings\mijnd\Desktop\adwcleaner_4.109.exe
2015-01-27 08:28 - 2015-01-27 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 11:02 - 2015-01-25 08:28 - 00000000 ____D () C:\Program Files\Hola
2015-01-23 08:37 - 2015-01-23 08:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola
2015-01-19 10:15 - 2015-01-29 12:28 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\antivirus
2015-01-16 17:18 - 2015-02-02 15:19 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Boekproject
2015-01-14 11:27 - 2015-01-15 07:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-09 11:33 - 2015-02-03 10:01 - 00004004 _____ () C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:43 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Temp
2015-02-03 11:24 - 2008-11-26 23:21 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\Skype
2015-02-03 11:23 - 2008-11-26 21:13 - 01840693 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-03 11:20 - 2010-01-03 10:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 11:20 - 2008-11-26 21:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-03 11:20 - 2008-11-26 21:30 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-03 11:19 - 2014-09-09 15:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-03 11:19 - 2008-11-26 21:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 11:17 - 2014-08-14 14:35 - 00417178 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-03 11:17 - 2008-11-26 21:24 - 00000178 ___SH () C:\Documents and Settings\mijnd\ntuser.ini
2015-02-03 11:17 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd
2015-02-03 11:17 - 2008-11-26 21:23 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-03 11:11 - 2010-01-03 10:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 11:06 - 2014-02-08 07:01 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-03 10:58 - 2012-03-29 07:31 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-03 10:33 - 2014-11-27 10:10 - 00000000 ____D () C:\Program Files\IPVanish
2015-02-03 10:30 - 2008-12-13 14:45 - 00000000 ____D () C:\Program Files\Google
2015-02-03 10:30 - 2008-12-13 14:36 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Google
2015-02-03 09:05 - 2014-12-23 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 08:11 - 2001-08-23 04:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-02 13:12 - 2008-12-13 14:45 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-02-02 10:08 - 2014-08-13 09:54 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Video editing
2015-02-02 10:07 - 2010-01-05 09:33 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\vlc
2015-02-01 19:44 - 2014-09-09 16:57 - 01152138 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-1450960922-1417001333-1004-0.dat
2015-02-01 16:45 - 2011-08-31 13:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Program Files\Avira
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-01 16:33 - 2008-11-26 21:11 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-29 13:24 - 2014-12-25 11:33 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 08:04 - 2012-06-26 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 07:06 - 2014-02-08 07:01 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-26 08:58 - 2012-03-29 07:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-26 08:58 - 2011-05-23 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-26 07:51 - 2009-08-09 15:03 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Progrmms Shortcuts
2015-01-26 07:50 - 2008-11-28 18:24 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Software
2015-01-23 14:17 - 2014-11-27 10:11 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\IPVanish
2015-01-19 10:17 - 2014-09-10 07:32 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\temp docs
2015-01-16 15:09 - 2008-12-06 21:24 - 00151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 13:06 - 2013-07-16 18:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 12:57 - 2008-11-26 23:26 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 07:29 - 2014-11-09 09:13 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Kenza
2015-01-09 09:17 - 2014-09-04 10:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Avira

==================== Files in the root of some directories =======

2008-12-06 21:24 - 2015-01-16 15:09 - 0151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 09:55 - 2014-09-20 09:55 - 0000863 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\mijnd\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.390.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.434.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.449.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.463.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.467.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.485.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.520.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\mijnd\Local Settings\Temp\IPVanish-Setup-2.0.18.6.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl155.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl160.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\xuninst.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is144.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is58.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is59.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5A.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5B.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5C7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Log 2:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by mijnd at 2015-02-03 11:43:58
Running from C:\Documents and Settings\mijnd\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.11a - Acer Crystal Eye)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Alky for Applications (Windows XP) (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.1 - Alky Team)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline (Version: 1.01.00 - Articulate) Hidden
ASUS RT-N12B1 Wireless Router Utilities (HKLM\...\{23306E15-327A-496E-8AE1-9E62E63BF27D}) (Version: 4.1.9.0 - ASUS)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Babylon (HKLM\...\Babylon) (Version:  - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BUFFALO Network-USB Navigator (HKLM\...\BUFFALO Device server) (Version: 1.40 - BUFFALO INC.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.2.2140 - CDBurnerXP)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Dropbox) (Version: 0.7.110 - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elektronisch Groene Boekje (HKLM\...\{B8903E65-D802-4D34-A72D-101EBA881D90}) (Version: 3.0.1 - Sdu Uitgevers)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPubsoft Adobe PDF ePub DRM Removal 8.1.7 (HKLM\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 8.1.7 - EPUBSOFT)
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Gadget Installer (HKLM\...\{3F3733A5-8322-454D-A638-3B74E1C83752}) (Version: 1.0.2 - VistaExperience.org)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync V6 (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version:  - Siber Systems)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IconPackager (HKLM\...\IconPackager) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Kubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Kubuntu)
Launch Manager (HKLM\...\LManager) (Version:  - )
LClock (HKLM\...\LClock) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Recent Documents Gadget (HKLM\...\{90120000-008A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Photo to Cartoon (HKLM\...\{C7DE53DF-A820-431B-9A24-F558C374C500}) (Version: 4.0.0 - Caricature Software)
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.012 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5802 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version:  - NCH Software)
Resource Hacker 3.4.0 (HKLM\...\Resource Hacker 3.4.0) (Version:  - Resource Hacker 3.4.0) <==== ATTENTION!
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigil 0.7.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.1.00.17290 - Sony Corporation)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
Styler (HKLM\...\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}) (Version: 1.4.0.1 - ta2027)
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version:  - )
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.19.4 - Synaptics)
TalkAndWrite (HKLM\...\TalkAndWrite_is1) (Version: 5.1.0.206 - TalkAndWrite)
Thai-English English-Thai Talking Dictionary v1.6 (HKLM\...\ThaiDict_is1) (Version:  - Paiboon Publishing Inc. and Word in the Hand Inc.)
TK8 StickyNotes 4.0 (HKLM\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.33 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\{B63F5DA2-FD25-4437-A60B-1E99029E99D5}) (Version: 2.1.2 - Van Dale Lexicografie)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSDC Free Video Editor version 2.1.8.149 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.149 - Flash-Integro LLC)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sidebar (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
xp-AntiSpy 3.96-8 (HKLM\...\xp-AntiSpy) (Version: 3.96-8 - Christian Taubenheim)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {589B7306-9468-D082-50E3-EAA985889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {45638ACD-9468-D082-9B1A-12B485889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)

==================== Restore Points  =========================

05-11-2014 08:40:08 System Checkpoint
06-11-2014 10:07:14 System Checkpoint
07-11-2014 10:42:18 System Checkpoint
08-11-2014 11:59:30 System Checkpoint
11-11-2014 08:35:55 System Checkpoint
12-11-2014 08:51:20 System Checkpoint
13-11-2014 06:57:10 Software Distribution Service 3.0
15-11-2014 09:16:28 System Checkpoint
16-11-2014 09:23:31 System Checkpoint
17-11-2014 09:56:38 System Checkpoint
19-11-2014 08:54:59 System Checkpoint
20-11-2014 14:46:40 System Checkpoint
22-11-2014 07:34:23 System Checkpoint
23-11-2014 07:59:41 System Checkpoint
24-11-2014 08:50:13 System Checkpoint
25-11-2014 08:52:26 System Checkpoint
26-11-2014 10:18:43 Installed COMODO Unite
27-11-2014 10:03:25 IPVanish VPN
29-11-2014 12:33:32 System Checkpoint
01-12-2014 10:03:23 System Checkpoint
03-12-2014 08:50:10 System Checkpoint
05-12-2014 07:39:19 System Checkpoint
06-12-2014 09:07:43 System Checkpoint
10-12-2014 08:31:23 Software Distribution Service 3.0
12-12-2014 07:38:38 IPVanish VPN
12-12-2014 07:39:10 IPVanish VPN
13-12-2014 09:41:24 System Checkpoint
14-12-2014 11:36:55 System Checkpoint
17-12-2014 13:05:32 System Checkpoint
18-12-2014 10:02:12 Removed IIS 7.5 Express
20-12-2014 10:25:38 System Checkpoint
22-12-2014 09:01:05 System Checkpoint
23-12-2014 08:27:38 IPVanish VPN
23-12-2014 08:30:16 IPVanish VPN
23-12-2014 09:52:42 IPVanish VPN
23-12-2014 10:19:13 IPVanish VPN
23-12-2014 15:20:21 HP Update verwijderd.
23-12-2014 15:20:36 Removed Google+ Auto Backup
25-12-2014 08:29:04 System Checkpoint
27-12-2014 09:25:12 System Checkpoint
29-12-2014 08:26:41 System Checkpoint
30-12-2014 15:05:56 Software Distribution Service 3.0
01-01-2015 11:13:24 System Checkpoint
08-01-2015 08:28:16 System Checkpoint
09-01-2015 10:09:25 System Checkpoint
11-01-2015 08:15:51 System Checkpoint
15-01-2015 08:31:37 System Checkpoint
15-01-2015 12:57:35 Software Distribution Service 3.0
17-01-2015 09:24:36 System Checkpoint
19-01-2015 08:34:45 System Checkpoint
20-01-2015 09:02:55 System Checkpoint
23-01-2015 09:15:23 System Checkpoint
24-01-2015 14:25:19 System Checkpoint
26-01-2015 08:54:58 System Checkpoint
27-01-2015 08:59:15 System Checkpoint
29-01-2015 13:06:50 System Checkpoint
01-02-2015 17:24:49 System Checkpoint
03-02-2015 08:33:19 System Checkpoint
03-02-2015 10:32:34 IPVanish VPN

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 04:00 - 2012-02-10 12:32 - 00000758 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 NAS server


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnSevenDaysInit.job => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\DOCUME~1\mijnd\LOCALS~1\Temp\n1s.exe
Task: C:\WINDOWS\Tasks\expressripShakeIcon.job => C:\Program Files\NCH Swift Sound\ExpressRip\expressrip.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\switchSevenDays.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\wavepadSevenDays.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) =============

2013-08-21 13:38 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-13 10:44 - 2001-03-15 05:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2010-06-25 15:09 - 2008-06-16 13:11 - 00081920 _____ () C:\WINDOWS\system32\emfxp.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2008-04-14 19:00 - 2011-11-03 22:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 19:00 - 2013-01-02 13:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-05-17 21:23 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2012-11-29 16:18 - 2012-10-24 16:08 - 10134360 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
2015-01-14 11:27 - 2015-01-14 11:27 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-27 08:28 - 2015-01-27 08:29 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-26 08:58 - 2015-01-26 08:58 - 16844976 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll
2011-10-05 03:52 - 2011-10-05 03:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\lang_0874.uni:index

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk => C:\WINDOWS\pss\Mediacontrole Picture Motion Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Styler.lnk => C:\WINDOWS\pss\Styler.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon.exe -AutoStart
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LClock => C:\Program Files\LClock\LClock.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VEngine => C:\Program Files\Comodo\VEngine\VEngine.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1390067357-1450960922-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1390067357-1450960922-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1390067357-1450960922-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1450960922-1417001333-1000 - Limited - Disabled)
mijnd (S-1-5-21-1390067357-1450960922-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mijnd
SUPPORT_388945a0 (S-1-5-21-1390067357-1450960922-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor   
Description: Fingerprint Sensor   
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 #2
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:14:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/23/2015 09:18:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1972) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/25/2014 10:39:31 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/24/2014 00:28:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:57:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:56:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 07:31:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VPNClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at VPNClient.App.Main()

Error: (12/22/2014 07:54:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.exe, version 14.0.7.462, faulting module msvcr120.dll, version 12.0.21005.1, fault address 0x000129bf.
Processing media-specific event for [update.exe!ws!]

Error: (12/20/2014 02:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (12/20/2014 02:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module hotplug.dll, version 5.1.2600.5512, fault address 0x00006901.
Processing media-specific event for [rundll32.exe!ws!]


System errors:
=============
Error: (02/03/2015 11:22:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HTTP SSL service failed to start due to the following error:
%%1053

Error: (02/03/2015 11:22:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error: (02/03/2015 11:22:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/03/2015 11:21:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/03/2015 11:20:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/03/2015 11:20:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (02/03/2015 11:20:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (02/03/2015 11:19:50 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (02/03/2015 08:15:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Web Deployment Agent Service service terminated with the following error:
%%2148734208

Error: (02/03/2015 08:15:00 AM) (Source: 0) (EventID: 15005) (User: )
Description: 0.0.0.0:80


Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3781 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (10/31/2013 02:53:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 11:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/23/2012 11:55:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4704 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (03/02/2012 01:00:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14606 seconds with 7680 seconds of active time.  This session ended with a crash.

Error: (10/06/2010 09:05:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26582 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 07:26:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32797 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/11/2009 11:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5618 seconds with 2760 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 2038.36 MB
Available physical RAM: 667.75 MB
Total Pagefile: 3928.84 MB
Available Pagefile: 2359.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.48 GB) (Free:6.18 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

FYI: I will be travelling and off line Wednesday 4th, back 5th. I apologise for the delay in the process that this may cause.

 

Best regards

 

Men

 

 

 

 

 

Attached Files



#6 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 03 February 2015 - 02:49 AM

When I started FF again I noticed Hola was not removed. I checked again in the Control Pame add/remove programs, it had disappeared here.

In FF add-ons I could however remove Hola without a problem.

Hope this has no consequences for the FRST scans I ran at the end of your instruction list.

BR

Men



#7 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 05 February 2015 - 04:53 PM

Hello Men,
 

FYI: I will be travelling and off line Wednesday 4th, back 5th. I apologise for the delay in the process that this may cause.

That is not a problem, but thank you for letting me know. :)
.

Please find the logs of adwarecleaner and Malwarebytes attached to this post, as requested.

Thank you, but please do not attach the logs onwards instead of doing this please post them here directly in your thread.
 

Yes I use the Babylon translation program, but rarely. I have no problem with removing it of that seems better.

No, that is not necessary, I only wanted do know if this entry in the uninstall-list is babylon, thanks.
 

Hola 1.6.390 - Better Internet has been removed. FYI: I use Hola to access websites blocked by the military junta in Thailand (my location, BTW 6 hours ahead of EU time). I removed it once before to check if that made a difference, it does not. Please let me know if it is safe to install Hola again.

I am sorry, yes, you can re-install Hola.
 

FYI, AviraPro is no longer working properly (since a week or so), email protection will not switch on. This happened before and I was advised by Avira to uninstall and re-install it, that worked at that time. I wait for your advice before I do anything with AviraPro now (I do not do banking etc on this computer, I have Ubuntu installed on a HD partition for secure online business, but Ubuntu will not start up I noticed. I will address that when we have finished cleaning my laptop)

Ok, then, we will fix this issue too.

Step 1
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log ( Fixlog.txt ) in the same location the tool was run, please post it to your reply
Step 2
Please follow the instructions given in this manual, delete these

91.212.124.159
entries and perform after finishing a restart, then perform step 3, thank you.

Step 3
Please restart FRST.
  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile FRST.txt will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

Attached Files


Edited by Bootsektor, 05 February 2015 - 06:32 PM.

regards,

 

Sandra


#8 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 05 February 2015 - 11:42 PM

Hello Sandra,

This is the step 1 fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015
Ran by mijnd at 2015-02-06 10:11:03 Run:2
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog 10:11:03 ====

 

With step 2 I have a problem.

I read the manual but when I open the Internet Protocol (TCP/IP) properties I don't find 91.212.124.159 (all DNS server addresses windows are/stay empty)

When I copied 91.212.124.159 in my browser I received the note that this site was blocked for good reasons and I did not try to access it.

(I do not think you want me to change the DNS in the Router as my iPad en our phones use WiFi without problems, right?)

What am I doing wrong?

 

I postponed step 3 as I think it does not make sense without step 2.

 

Best regards

Men



#9 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 06 February 2015 - 12:17 AM

On second thought: I restarted the laptop and noticed Avira umbrella is still not up.

 

To be sure I ran the FRST scan, it may help you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by mijnd (administrator) on ACER on 06-02-2015 12:06:31
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\mijnd\LOCALS~1\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-06-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17530368 2009-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [715272 2007-08-13] (Dritek System Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10134360 2012-10-24] ()
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2aa-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2ab-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750dd-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750de-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1a-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1b-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\mijnd\Start Menu\Programs\Startup\Network-USB Navigator.lnk
ShortcutTarget: Network-USB Navigator.lnk -> C:\Program Files\BUFFALO\Device server\Connect.exe (BUFFALO INC.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * 猀瀀爀攀猀琀爀琀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?nord=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://192.168.1.250/IPCamPluginMJPEG.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1450960922-1417001333-1004: @hola.org/vlc,version=1.6.520 -> C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\vlc ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\startpage-ssl.xml
FF Extension: Avira Browser Safety - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: British English Dictionary - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-12]
FF Extension: NoScript - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Web Developer - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-17]
FF Extension: Adblock Plus - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-20]
FF Extension: BetterPrivacy - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-22]
FF Extension: Adblock Edge - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{E5C20E23-9BBF-4a06-AC43-277382EF1B43}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6
FF Extension: VerificationEngine&#174; - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010-02-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26]
FF HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [805112 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-03] (Oracle Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 0187451260843226mcinstcleanup; C:\DOCUME~1\mijnd\LOCALS~1\Temp\018745~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 szserver; "C:\Program Files\STOPzilla!\SZServer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66304 2007-01-31] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [45952 2007-01-31] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2007-01-31] (ENE Technology Inc.)
S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [133632 2008-09-29] (Microsoft Corporation) [File not signed]
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-05-08] (Intel Corporation)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R0 is3srv; C:\WINDOWS\System32\drivers\is3srv.sys [99728 2012-03-20] (iS3 Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2210816 2007-08-29] (Intel Corporation)
S3 PcaSp50; C:\WINDOWS\System32\DRIVERS\PcaSp50.sys [28160 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-11-26] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 szkg5; C:\WINDOWS\System32\DRIVERS\szkg.sys [99728 2012-03-20] (iS3 Inc.)
R0 szkgfs; C:\WINDOWS\System32\drivers\szkgfs.sys [73008 2012-05-04] (iS3, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 12:06 - 2015-02-06 12:07 - 00025267 _____ () C:\Documents and Settings\mijnd\Desktop\FRST.txt
2015-02-06 10:10 - 2015-02-06 10:10 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\FRST-OlderVersion
2015-02-03 15:05 - 2015-02-03 15:05 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\trip mirjam_MH
2015-02-03 14:08 - 2015-02-06 10:07 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraanivirus
2015-02-01 17:05 - 2015-02-06 12:06 - 00000000 ___DC () C:\FRST
2015-02-01 17:04 - 2015-02-06 10:10 - 01123328 ____C (Farbar) C:\Documents and Settings\mijnd\Desktop\FRST.exe
2015-02-01 16:39 - 2015-02-01 16:39 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2015-01-29 12:29 - 2015-01-29 12:29 - 02194432 _____ () C:\Documents and Settings\mijnd\Desktop\adwcleaner_4.109.exe
2015-01-27 08:28 - 2015-01-27 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 11:02 - 2015-01-25 08:28 - 00000000 ____D () C:\Program Files\Hola
2015-01-23 08:37 - 2015-01-23 08:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola
2015-01-19 10:15 - 2015-01-29 12:28 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\antivirus
2015-01-16 17:18 - 2015-02-02 15:19 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Boekproject
2015-01-14 11:27 - 2015-01-15 07:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-09 11:33 - 2015-02-06 12:00 - 00004640 _____ () C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 12:07 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Temp
2015-02-06 12:06 - 2014-02-08 07:01 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-06 12:01 - 2008-11-26 23:21 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\Skype
2015-02-06 11:58 - 2012-03-29 07:31 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-06 11:49 - 2008-11-26 21:13 - 01877260 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 11:48 - 2010-01-03 10:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 11:48 - 2008-11-26 21:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-06 11:48 - 2008-11-26 21:30 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-06 11:47 - 2008-11-26 21:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 11:45 - 2014-08-14 14:35 - 00417178 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-06 11:45 - 2008-11-26 21:24 - 00000178 ___SH () C:\Documents and Settings\mijnd\ntuser.ini
2015-02-06 11:45 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd
2015-02-06 11:45 - 2008-11-26 21:23 - 00032530 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-06 11:11 - 2010-01-03 10:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 15:58 - 2012-03-29 07:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 15:58 - 2011-05-23 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 14:26 - 2001-08-23 04:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-03 14:14 - 2014-09-10 07:32 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\temp docs
2015-02-03 11:19 - 2014-09-09 15:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-03 10:33 - 2014-11-27 10:10 - 00000000 ____D () C:\Program Files\IPVanish
2015-02-03 10:30 - 2008-12-13 14:45 - 00000000 ____D () C:\Program Files\Google
2015-02-03 10:30 - 2008-12-13 14:36 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Google
2015-02-03 09:05 - 2014-12-23 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 13:12 - 2008-12-13 14:45 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-02-02 10:08 - 2014-08-13 09:54 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Video editing
2015-02-02 10:07 - 2010-01-05 09:33 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\vlc
2015-02-01 19:44 - 2014-09-09 16:57 - 01152138 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-1450960922-1417001333-1004-0.dat
2015-02-01 16:45 - 2011-08-31 13:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Program Files\Avira
2015-02-01 16:39 - 2014-12-25 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-01 16:33 - 2008-11-26 21:11 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-29 13:24 - 2014-12-25 11:33 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 08:04 - 2012-06-26 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 07:06 - 2014-02-08 07:01 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-26 07:51 - 2009-08-09 15:03 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Progrmms Shortcuts
2015-01-26 07:50 - 2008-11-28 18:24 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Software
2015-01-23 14:17 - 2014-11-27 10:11 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\IPVanish
2015-01-16 15:09 - 2008-12-06 21:24 - 00151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 13:06 - 2013-07-16 18:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 12:57 - 2008-11-26 23:26 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 07:29 - 2014-11-09 09:13 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Kenza
2015-01-09 09:17 - 2014-09-04 10:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Avira

==================== Files in the root of some directories =======

2008-12-06 21:24 - 2015-01-16 15:09 - 0151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 09:55 - 2014-09-20 09:55 - 0000863 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\mijnd\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.390.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.434.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.449.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.463.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.467.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.485.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.520.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\mijnd\Local Settings\Temp\IPVanish-Setup-2.0.18.6.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl155.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl160.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\xuninst.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is144.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is58.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is59.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5A.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5B.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5C7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by mijnd at 2015-02-06 12:07:49
Running from C:\Documents and Settings\mijnd\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.11a - Acer Crystal Eye)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Alky for Applications (Windows XP) (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.1 - Alky Team)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline (Version: 1.01.00 - Articulate) Hidden
ASUS RT-N12B1 Wireless Router Utilities (HKLM\...\{23306E15-327A-496E-8AE1-9E62E63BF27D}) (Version: 4.1.9.0 - ASUS)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Babylon (HKLM\...\Babylon) (Version:  - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BUFFALO Network-USB Navigator (HKLM\...\BUFFALO Device server) (Version: 1.40 - BUFFALO INC.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.2.2140 - CDBurnerXP)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Dropbox) (Version: 0.7.110 - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elektronisch Groene Boekje (HKLM\...\{B8903E65-D802-4D34-A72D-101EBA881D90}) (Version: 3.0.1 - Sdu Uitgevers)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPubsoft Adobe PDF ePub DRM Removal 8.1.7 (HKLM\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 8.1.7 - EPUBSOFT)
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Gadget Installer (HKLM\...\{3F3733A5-8322-454D-A638-3B74E1C83752}) (Version: 1.0.2 - VistaExperience.org)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync V6 (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version:  - Siber Systems)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IconPackager (HKLM\...\IconPackager) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Kubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Kubuntu)
Launch Manager (HKLM\...\LManager) (Version:  - )
LClock (HKLM\...\LClock) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Recent Documents Gadget (HKLM\...\{90120000-008A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Photo to Cartoon (HKLM\...\{C7DE53DF-A820-431B-9A24-F558C374C500}) (Version: 4.0.0 - Caricature Software)
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.012 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5802 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version:  - NCH Software)
Resource Hacker 3.4.0 (HKLM\...\Resource Hacker 3.4.0) (Version:  - Resource Hacker 3.4.0)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigil 0.7.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.1.00.17290 - Sony Corporation)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
Styler (HKLM\...\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}) (Version: 1.4.0.1 - ta2027)
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version:  - )
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.19.4 - Synaptics)
TalkAndWrite (HKLM\...\TalkAndWrite_is1) (Version: 5.1.0.206 - TalkAndWrite)
Thai-English English-Thai Talking Dictionary v1.6 (HKLM\...\ThaiDict_is1) (Version:  - Paiboon Publishing Inc. and Word in the Hand Inc.)
TK8 StickyNotes 4.0 (HKLM\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.33 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\{B63F5DA2-FD25-4437-A60B-1E99029E99D5}) (Version: 2.1.2 - Van Dale Lexicografie)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSDC Free Video Editor version 2.1.8.149 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.149 - Flash-Integro LLC)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sidebar (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
xp-AntiSpy 3.96-8 (HKLM\...\xp-AntiSpy) (Version: 3.96-8 - Christian Taubenheim)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {589B7306-9468-D082-50E3-EAA985889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {45638ACD-9468-D082-9B1A-12B485889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-11-2014 10:07:14 System Checkpoint
07-11-2014 10:42:18 System Checkpoint
08-11-2014 11:59:30 System Checkpoint
11-11-2014 08:35:55 System Checkpoint
12-11-2014 08:51:20 System Checkpoint
13-11-2014 06:57:10 Software Distribution Service 3.0
15-11-2014 09:16:28 System Checkpoint
16-11-2014 09:23:31 System Checkpoint
17-11-2014 09:56:38 System Checkpoint
19-11-2014 08:54:59 System Checkpoint
20-11-2014 14:46:40 System Checkpoint
22-11-2014 07:34:23 System Checkpoint
23-11-2014 07:59:41 System Checkpoint
24-11-2014 08:50:13 System Checkpoint
25-11-2014 08:52:26 System Checkpoint
26-11-2014 10:18:43 Installed COMODO Unite
27-11-2014 10:03:25 IPVanish VPN
29-11-2014 12:33:32 System Checkpoint
01-12-2014 10:03:23 System Checkpoint
03-12-2014 08:50:10 System Checkpoint
05-12-2014 07:39:19 System Checkpoint
06-12-2014 09:07:43 System Checkpoint
10-12-2014 08:31:23 Software Distribution Service 3.0
12-12-2014 07:38:38 IPVanish VPN
12-12-2014 07:39:10 IPVanish VPN
13-12-2014 09:41:24 System Checkpoint
14-12-2014 11:36:55 System Checkpoint
17-12-2014 13:05:32 System Checkpoint
18-12-2014 10:02:12 Removed IIS 7.5 Express
20-12-2014 10:25:38 System Checkpoint
22-12-2014 09:01:05 System Checkpoint
23-12-2014 08:27:38 IPVanish VPN
23-12-2014 08:30:16 IPVanish VPN
23-12-2014 09:52:42 IPVanish VPN
23-12-2014 10:19:13 IPVanish VPN
23-12-2014 15:20:21 HP Update verwijderd.
23-12-2014 15:20:36 Removed Google+ Auto Backup
25-12-2014 08:29:04 System Checkpoint
27-12-2014 09:25:12 System Checkpoint
29-12-2014 08:26:41 System Checkpoint
30-12-2014 15:05:56 Software Distribution Service 3.0
01-01-2015 11:13:24 System Checkpoint
08-01-2015 08:28:16 System Checkpoint
09-01-2015 10:09:25 System Checkpoint
11-01-2015 08:15:51 System Checkpoint
15-01-2015 08:31:37 System Checkpoint
15-01-2015 12:57:35 Software Distribution Service 3.0
17-01-2015 09:24:36 System Checkpoint
19-01-2015 08:34:45 System Checkpoint
20-01-2015 09:02:55 System Checkpoint
23-01-2015 09:15:23 System Checkpoint
24-01-2015 14:25:19 System Checkpoint
26-01-2015 08:54:58 System Checkpoint
27-01-2015 08:59:15 System Checkpoint
29-01-2015 13:06:50 System Checkpoint
01-02-2015 17:24:49 System Checkpoint
03-02-2015 08:33:19 System Checkpoint
03-02-2015 10:32:34 IPVanish VPN
06-02-2015 11:04:50 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 04:00 - 2012-02-10 12:32 - 00000758 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 NAS server


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnSevenDaysInit.job => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\DOCUME~1\mijnd\LOCALS~1\Temp\n1s.exe
Task: C:\WINDOWS\Tasks\expressripShakeIcon.job => C:\Program Files\NCH Swift Sound\ExpressRip\expressrip.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\switchSevenDays.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\wavepadSevenDays.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-21 13:38 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-13 10:44 - 2001-03-15 05:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2010-06-25 15:09 - 2008-06-16 13:11 - 00081920 _____ () C:\WINDOWS\system32\emfxp.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 19:00 - 2011-11-03 22:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 19:00 - 2013-01-02 13:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2010-05-17 21:23 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2012-11-29 16:18 - 2012-10-24 16:08 - 10134360 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
2015-01-14 11:27 - 2015-01-14 11:27 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-27 08:28 - 2015-01-27 08:29 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\lang_0874.uni:index

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\mijnd\My Documents\My Pictures\Picasa\Achtergronden\picasabackground-006.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk => C:\WINDOWS\pss\Mediacontrole Picture Motion Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Styler.lnk => C:\WINDOWS\pss\Styler.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon.exe -AutoStart
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LClock => C:\Program Files\LClock\LClock.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VEngine => C:\Program Files\Comodo\VEngine\VEngine.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1390067357-1450960922-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1390067357-1450960922-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1390067357-1450960922-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1450960922-1417001333-1000 - Limited - Disabled)
mijnd (S-1-5-21-1390067357-1450960922-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mijnd
SUPPORT_388945a0 (S-1-5-21-1390067357-1450960922-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor   
Description: Fingerprint Sensor   
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 #2
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:14:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/23/2015 09:18:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1972) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/25/2014 10:39:31 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/24/2014 00:28:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:57:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:56:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 07:31:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VPNClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at VPNClient.App.Main()

Error: (12/22/2014 07:54:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.exe, version 14.0.7.462, faulting module msvcr120.dll, version 12.0.21005.1, fault address 0x000129bf.
Processing media-specific event for [update.exe!ws!]

Error: (12/20/2014 02:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (12/20/2014 02:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module hotplug.dll, version 5.1.2600.5512, fault address 0x00006901.
Processing media-specific event for [rundll32.exe!ws!]


System errors:
=============
Error: (02/06/2015 11:50:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/06/2015 11:50:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/06/2015 11:48:04 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (02/06/2015 11:48:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/06/2015 11:48:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (02/06/2015 11:48:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (02/06/2015 08:54:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/06/2015 08:53:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/06/2015 08:52:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/06/2015 08:52:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.


Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3781 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (10/31/2013 02:53:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 11:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/23/2012 11:55:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4704 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (03/02/2012 01:00:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14606 seconds with 7680 seconds of active time.  This session ended with a crash.

Error: (10/06/2010 09:05:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26582 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 07:26:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32797 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/11/2009 11:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5618 seconds with 2760 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 2038.36 MB
Available physical RAM: 879.62 MB
Total Pagefile: 3928.84 MB
Available Pagefile: 2567.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.48 GB) (Free:6.21 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 07540753)
Partition 1: (Active) - (Size=88.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=23.3 GB) - (Type=05)

==================== End Of Log ============================



#10 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 07 February 2015 - 06:02 AM

Hello Men,
 

On second thought: I restarted the laptop and noticed Avira umbrella is still not up.

When you open Aviras control panel what status shows it?
 

I read the manual but when I open the Internet Protocol (TCP/IP) properties I don't find 91.212.124.159 (all DNS server addresses windows are/stay empty)


(I do not think you want me to change the DNS in the Router as my iPad en our phones use WiFi without problems, right?)

What am I doing wrong?

I think you were doing that pretty well, but there isn't this entry we are looking for, so we must do a deeper search do find out if this problem is located on your laptop or if its in the router.

Step 1
We need to search for a few things with SystemLook:
  • Please download SystemLook (32-bit) by jpshortstuff and save it to your desktop
  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:
    :regfind
    91.212.124.159
    
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Step 2
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Do not select cure. select skip and save the logfile.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards,

 

Sandra


#11 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 07 February 2015 - 09:45 PM

Hello Sandra,

The Avira control panel tells me that I need to fix mail protection (it shows deactivated), but when I try it does not work. I had this before, month ago, and re-installing did not help. Avira helpdesk advised me to un-install manually all Avira files in the Program Files. They also let me download a avira-registry cleaner and I used it. Then installed AviraPro again and it worked until last week. Should I try this again? (If so, with or without the registry cleaner?)

 

Re step1: This is the Systemlook log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:59 on 08/02/2015 by mijnd
Administrator - Elevation successful

========== regfind ==========

Searching for "91.212.124.159"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"DhcpNameServer"="91.212.124.159 8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C8D9EA60-488B-4D08-852F-735F871CE14E}]
"DhcpNameServer"="91.212.124.159 8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
"DhcpNameServer"="91.212.124.159 8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C8D9EA60-488B-4D08-852F-735F871CE14E}]
"DhcpNameServer"="91.212.124.159 8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="91.212.124.159 8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8D9EA60-488B-4D08-852F-735F871CE14E}]
"DhcpNameServer"="91.212.124.159 8.8.8.8"

-= EOF =-

 

Step 2:

 

09:20:17.0593 0x0784  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:20:49.0015 0x0784  ============================================================
09:20:49.0015 0x0784  Current date / time: 2015/02/08 09:20:49.0015
09:20:49.0015 0x0784  SystemInfo:
09:20:49.0015 0x0784  
09:20:49.0015 0x0784  OS Version: 5.1.2600 ServicePack: 3.0
09:20:49.0015 0x0784  Product type: Workstation
09:20:49.0015 0x0784  ComputerName: ACER
09:20:49.0015 0x0784  UserName: mijnd
09:20:49.0015 0x0784  Windows directory: C:\WINDOWS
09:20:49.0015 0x0784  System windows directory: C:\WINDOWS
09:20:49.0015 0x0784  Processor architecture: Intel x86
09:20:49.0015 0x0784  Number of processors: 2
09:20:49.0015 0x0784  Page size: 0x1000
09:20:49.0015 0x0784  Boot type: Normal boot
09:20:49.0015 0x0784  ============================================================
09:21:03.0328 0x0784  KLMD registered as C:\WINDOWS\system32\drivers\82194944.sys
09:21:03.0500 0x0784  System UUID: {8D351AC6-F268-D296-8646-E07A5DD494DF}
09:21:04.0156 0x0784  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:04.0171 0x0784  ============================================================
09:21:04.0171 0x0784  \Device\Harddisk0\DR0:
09:21:04.0171 0x0784  MBR partitions:
09:21:04.0171 0x0784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB0F7055
09:21:04.0203 0x0784  ============================================================
09:21:04.0250 0x0784  C: <-> \Device\Harddisk0\DR0\Partition1
09:21:04.0250 0x0784  ============================================================
09:21:04.0250 0x0784  Initialize success
09:21:04.0250 0x0784  ============================================================
09:21:33.0359 0x0f4c  ============================================================
09:21:33.0359 0x0f4c  Scan started
09:21:33.0359 0x0f4c  Mode: Manual;
09:21:33.0359 0x0f4c  ============================================================
09:21:33.0359 0x0f4c  KSN ping started
09:21:36.0109 0x0f4c  KSN ping finished: true
09:21:36.0375 0x0f4c  ================ Scan system memory ========================
09:21:36.0375 0x0f4c  System memory - ok
09:21:36.0375 0x0f4c  ================ Scan services =============================
09:21:36.0765 0x0f4c  0187451260843226mcinstcleanup - ok
09:21:36.0937 0x0f4c  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
09:21:36.0953 0x0f4c  6to4 - ok
09:21:37.0046 0x0f4c  Abiosdsk - ok
09:21:37.0046 0x0f4c  abp480n5 - ok
09:21:37.0109 0x0f4c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:21:37.0109 0x0f4c  ACPI - ok
09:21:37.0156 0x0f4c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:21:37.0156 0x0f4c  ACPIEC - ok
09:21:37.0250 0x0f4c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:37.0250 0x0f4c  AdobeFlashPlayerUpdateSvc - ok
09:21:37.0250 0x0f4c  adpu160m - ok
09:21:37.0343 0x0f4c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:21:37.0359 0x0f4c  aec - ok
09:21:37.0437 0x0f4c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:21:37.0453 0x0f4c  AFD - ok
09:21:37.0515 0x0f4c  [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
09:21:37.0531 0x0f4c  AgereModemAudio - ok
09:21:37.0609 0x0f4c  [ D31D1A92479BD8C0D050A6FFBDD410D9, 3E69DF407574771E077A35085948925AB788D3021388394EBE67C806D45C86D7 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:21:37.0671 0x0f4c  AgereSoftModem - ok
09:21:37.0687 0x0f4c  Aha154x - ok
09:21:37.0687 0x0f4c  aic78u2 - ok
09:21:37.0703 0x0f4c  aic78xx - ok
09:21:37.0734 0x0f4c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:21:37.0750 0x0f4c  Alerter - ok
09:21:37.0781 0x0f4c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
09:21:37.0796 0x0f4c  ALG - ok
09:21:37.0796 0x0f4c  AliIde - ok
09:21:37.0906 0x0f4c  [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
09:21:38.0093 0x0f4c  Ambfilt - ok
09:21:38.0093 0x0f4c  amsint - ok
09:21:38.0281 0x0f4c  [ 5641E3670C9156B2017876AE4B084215, DC3E85B7F45F6C07CAD1418C43D2CECC670F02BFE1051433D5BAD879608E5E72 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
09:21:38.0359 0x0f4c  AntiVirMailService - ok
09:21:38.0421 0x0f4c  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:21:38.0484 0x0f4c  AntiVirSchedulerService - ok
09:21:38.0531 0x0f4c  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:21:38.0562 0x0f4c  AntiVirService - ok
09:21:38.0656 0x0f4c  [ 051A7A9C035BBAB779E2C96E65C32600, 22B9FB02A24A64F8CD2C99BAA3AC0CD4ABD42FBAD495EBB2CE24504A1E44A184 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:21:38.0750 0x0f4c  AntiVirWebService - ok
09:21:38.0875 0x0f4c  [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:38.0890 0x0f4c  Apple Mobile Device - ok
09:21:38.0937 0x0f4c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:21:38.0968 0x0f4c  AppMgmt - ok
09:21:39.0000 0x0f4c  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:21:39.0000 0x0f4c  Arp1394 - ok
09:21:39.0015 0x0f4c  asc - ok
09:21:39.0015 0x0f4c  asc3350p - ok
09:21:39.0015 0x0f4c  asc3550 - ok
09:21:39.0734 0x0f4c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:21:39.0765 0x0f4c  aspnet_state - ok
09:21:39.0796 0x0f4c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:21:39.0796 0x0f4c  AsyncMac - ok
09:21:39.0843 0x0f4c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:21:39.0843 0x0f4c  atapi - ok
09:21:39.0843 0x0f4c  Atdisk - ok
09:21:39.0890 0x0f4c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:21:39.0890 0x0f4c  Atmarpc - ok
09:21:39.0921 0x0f4c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:21:39.0937 0x0f4c  AudioSrv - ok
09:21:39.0984 0x0f4c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:21:39.0984 0x0f4c  audstub - ok
09:21:40.0000 0x0f4c  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:21:40.0015 0x0f4c  avgntflt - ok
09:21:40.0062 0x0f4c  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:21:40.0078 0x0f4c  avipbb - ok
09:21:40.0281 0x0f4c  [ 523EBA6B6124EC416FF35A37BB47C30A, D2C545BB78E91ECCD3FFACFB524D03DFD5E277871A2500164F3602445A8A86FA ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
09:21:40.0296 0x0f4c  Avira.OE.ServiceHost - ok
09:21:40.0312 0x0f4c  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:21:40.0312 0x0f4c  avkmgr - ok
09:21:40.0375 0x0f4c  [ E470738B601A7FBB1E1C34CEC8355F5D, 4AF3F1F4C3B8C0D5F79CA24D7C89E51BA694E0186B16629A849E41BDF5B79B52 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:21:40.0390 0x0f4c  b57w2k - ok
09:21:40.0437 0x0f4c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:21:40.0453 0x0f4c  Beep - ok
09:21:40.0500 0x0f4c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:21:40.0640 0x0f4c  BITS - ok
09:21:40.0687 0x0f4c  [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge          C:\WINDOWS\system32\DRIVERS\bridge.sys
09:21:40.0687 0x0f4c  Bridge - ok
09:21:40.0703 0x0f4c  [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] BridgeMP        C:\WINDOWS\system32\DRIVERS\bridge.sys
09:21:40.0703 0x0f4c  BridgeMP - ok
09:21:40.0734 0x0f4c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
09:21:40.0750 0x0f4c  Browser - ok
09:21:40.0796 0x0f4c  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
09:21:40.0812 0x0f4c  BrScnUsb - ok
09:21:40.0859 0x0f4c  [ ECDC40CC54603C711E1A7A1C9255184A, 7F109180AAC41D79036085A5725544BFA3895CAF791B272D9460133A0868AECB ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
09:21:40.0890 0x0f4c  btaudio - ok
09:21:40.0921 0x0f4c  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
09:21:40.0921 0x0f4c  BTDriver - ok
09:21:40.0984 0x0f4c  [ 885B6D0F826A216EEE4C3AD883809012, C0C1DFE0E076464721C116CAF7193F3E5A3747097B4CAAD165511C2D391B3C58 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:21:41.0062 0x0f4c  BTKRNL - ok
09:21:41.0156 0x0f4c  [ 49E9ED37FAEC5E8C03E81FD73D3884D6, EE5AB3D1E4B6A3625B3DEEF7B83214AD557480DC393E16099EB8DA23F2FA4F79 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:21:41.0187 0x0f4c  btwdins - ok
09:21:41.0218 0x0f4c  [ B1D350F3F13CF340FCE93912D2BA1EBF, ADB2F5F70CB094AA0E582AD67A4D77F68B27DA6115722A2B9DD472C19BFB9DD0 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:21:41.0250 0x0f4c  BTWDNDIS - ok
09:21:41.0265 0x0f4c  [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:21:41.0281 0x0f4c  btwhid - ok
09:21:41.0312 0x0f4c  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
09:21:41.0312 0x0f4c  BTWUSB - ok
09:21:41.0375 0x0f4c  [ 1778EBA872274C1226D869CD9486847E, C76B8E07DD27E038B243A27C9FE6FB168731726638C83ADA29D18EE673D58835 ] Capture Device Service C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
09:21:41.0406 0x0f4c  Capture Device Service - ok
09:21:41.0453 0x0f4c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:21:41.0453 0x0f4c  cbidf2k - ok
09:21:41.0484 0x0f4c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:21:41.0484 0x0f4c  CCDECODE - ok
09:21:41.0500 0x0f4c  cd20xrnt - ok
09:21:41.0531 0x0f4c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:21:41.0531 0x0f4c  Cdaudio - ok
09:21:41.0578 0x0f4c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:21:41.0578 0x0f4c  Cdfs - ok
09:21:41.0625 0x0f4c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:21:41.0640 0x0f4c  Cdrom - ok
09:21:41.0640 0x0f4c  Changer - ok
09:21:41.0671 0x0f4c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:21:41.0671 0x0f4c  CiSvc - ok
09:21:41.0687 0x0f4c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:21:41.0687 0x0f4c  ClipSrv - ok
09:21:41.0781 0x0f4c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:41.0843 0x0f4c  clr_optimization_v2.0.50727_32 - ok
09:21:41.0890 0x0f4c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:41.0968 0x0f4c  clr_optimization_v4.0.30319_32 - ok
09:21:42.0015 0x0f4c  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:21:42.0015 0x0f4c  CmBatt - ok
09:21:42.0015 0x0f4c  CmdIde - ok
09:21:42.0078 0x0f4c  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:21:42.0078 0x0f4c  Compbatt - ok
09:21:42.0093 0x0f4c  COMSysApp - ok
09:21:42.0109 0x0f4c  Cpqarray - ok
09:21:42.0156 0x0f4c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:21:42.0156 0x0f4c  CryptSvc - ok
09:21:42.0171 0x0f4c  dac2w2k - ok
09:21:42.0171 0x0f4c  dac960nt - ok
09:21:42.0250 0x0f4c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:21:42.0265 0x0f4c  DcomLaunch - ok
09:21:42.0312 0x0f4c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:21:42.0328 0x0f4c  Dhcp - ok
09:21:42.0375 0x0f4c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:21:42.0375 0x0f4c  Disk - ok
09:21:42.0421 0x0f4c  [ 08D30AF92C270F2E76787C81589DBAD6, 9B88639CCDF83AEF87A0EB6FCB571BF56CDE2FDF4FD2FDE02699218667614559 ] DKbFltr         C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
09:21:42.0421 0x0f4c  DKbFltr - ok
09:21:42.0437 0x0f4c  dmadmin - ok
09:21:42.0500 0x0f4c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:21:42.0578 0x0f4c  dmboot - ok
09:21:42.0609 0x0f4c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
09:21:42.0609 0x0f4c  dmio - ok
09:21:42.0640 0x0f4c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:21:42.0640 0x0f4c  dmload - ok
09:21:42.0671 0x0f4c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:21:42.0671 0x0f4c  dmserver - ok
09:21:42.0718 0x0f4c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:21:42.0734 0x0f4c  DMusic - ok
09:21:42.0781 0x0f4c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:21:42.0796 0x0f4c  Dnscache - ok
09:21:42.0828 0x0f4c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:21:42.0843 0x0f4c  Dot3svc - ok
09:21:42.0843 0x0f4c  dpti2o - ok
09:21:42.0890 0x0f4c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:21:42.0906 0x0f4c  drmkaud - ok
09:21:42.0937 0x0f4c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:21:42.0937 0x0f4c  EapHost - ok
09:21:42.0984 0x0f4c  [ 80D2B63EDDFB3E0FA5B3A26623FA6CA2, 1DB13441C2145B1DAACD2B87194E7D011CC953DFDBE18B510A41D70B55258BD8 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
09:21:43.0000 0x0f4c  EMSCR - ok
09:21:43.0046 0x0f4c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:21:43.0046 0x0f4c  ERSvc - ok
09:21:43.0109 0x0f4c  [ 1BC911FD442B1188912AAAD39E0F3AF9, 0B5048E8BEF5EBFA271E2AF69160F7D21015F33544B2D8EA4AF373D4C6262BC9 ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
09:21:43.0125 0x0f4c  ESDCR - ok
09:21:43.0156 0x0f4c  esgiguard - ok
09:21:43.0156 0x0f4c  [ D68ECC1EC60094C3C217DB81A2FF77E8, 851C1D1244D94A86D79BE037EC181D6AD4E8763B3E95F62D3D8D33027A75E206 ] ESMCR           C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
09:21:43.0171 0x0f4c  ESMCR - ok
09:21:43.0234 0x0f4c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
09:21:43.0250 0x0f4c  Eventlog - ok
09:21:43.0312 0x0f4c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
09:21:43.0343 0x0f4c  EventSystem - ok
09:21:43.0390 0x0f4c  [ 3EF58F2EAE3AECAB45D682152DB2F67D, 61A0904D27572B1129B17CE073AEBF30E26398D8B9BD8279458D1A4363555467 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
09:21:43.0406 0x0f4c  exFat - ok
09:21:43.0468 0x0f4c  [ FBC0E085A5BECBA5DD3C401EEB6E45BB, B23A0123FFF43BF56E31C88DEE00ED2E2B91529FD53DA806A37163F91675BC85 ] Ext2fs          C:\WINDOWS\system32\DRIVERS\ext2fs.sys
09:21:43.0468 0x0f4c  Ext2fs - ok
09:21:43.0515 0x0f4c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:21:43.0531 0x0f4c  Fastfat - ok
09:21:43.0578 0x0f4c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:21:43.0593 0x0f4c  FastUserSwitchingCompatibility - ok
09:21:43.0640 0x0f4c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:21:43.0640 0x0f4c  Fdc - ok
09:21:43.0687 0x0f4c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:21:43.0703 0x0f4c  Fips - ok
09:21:43.0750 0x0f4c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:21:43.0750 0x0f4c  Flpydisk - ok
09:21:43.0750 0x0ac0  Object required for P2P: [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi
09:21:43.0812 0x0f4c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:21:43.0812 0x0f4c  FltMgr - ok
09:21:43.0906 0x0f4c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:21:43.0921 0x0f4c  FontCache3.0.0.0 - ok
09:21:43.0953 0x0f4c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:21:43.0953 0x0f4c  Fs_Rec - ok
09:21:43.0984 0x0f4c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:21:44.0000 0x0f4c  Ftdisk - ok
09:21:44.0109 0x0f4c  [ ED62B15B73209101759042A48C027F9E, 3D36E8B4550AE54CFF7FEC415BCC9B37FBA39F2B8FB79C1ECC0FF2BB410481DD ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
09:21:44.0156 0x0f4c  Garmin Core Update Service - ok
09:21:44.0187 0x0f4c  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:21:44.0203 0x0f4c  GEARAspiWDM - ok
09:21:44.0250 0x0f4c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:21:44.0250 0x0f4c  Gpc - ok
09:21:44.0296 0x0f4c  [ CEC45180029F1012054A41CEEEA9CEAB, FCE330FB9E4A9BA0BD1C31D94A5A73034175DB5FF4115009B3B3FFE327E31995 ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
09:21:44.0296 0x0f4c  grmnusb - ok
09:21:44.0421 0x0f4c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:44.0421 0x0f4c  gupdate - ok
09:21:44.0437 0x0f4c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:44.0437 0x0f4c  gupdatem - ok
09:21:44.0484 0x0f4c  [ 408DDD80EEDE47175F6844817B90213E, 836822885D90DAFFD25A7D7EE363F4DACD41AA4B59095243E2798B137DC55FE3 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:21:44.0515 0x0f4c  gusvc - ok
09:21:44.0578 0x0f4c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:21:44.0593 0x0f4c  HDAudBus - ok
09:21:44.0671 0x0f4c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:21:44.0687 0x0f4c  helpsvc - ok
09:21:44.0687 0x0f4c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
09:21:44.0703 0x0f4c  HidServ - ok
09:21:44.0703 0x0f4c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:21:44.0718 0x0f4c  hidusb - ok
09:21:44.0750 0x0f4c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:21:44.0765 0x0f4c  hkmsvc - ok
09:21:44.0765 0x0f4c  hpn - ok
09:21:44.0906 0x0f4c  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:21:44.0906 0x0f4c  hpqcxs08 - ok
09:21:44.0968 0x0f4c  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:21:44.0984 0x0f4c  hpqddsvc - ok
09:21:45.0031 0x0f4c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:21:45.0046 0x0f4c  HPZid412 - ok
09:21:45.0093 0x0f4c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:21:45.0109 0x0f4c  HPZipr12 - ok
09:21:45.0125 0x0f4c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:21:45.0140 0x0f4c  HPZius12 - ok
09:21:45.0140 0x0f4c  HTCAND32 - ok
09:21:45.0171 0x0f4c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:21:45.0218 0x0f4c  HTTP - ok
09:21:45.0265 0x0f4c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:21:45.0281 0x0f4c  HTTPFilter - ok
09:21:45.0281 0x0f4c  hwdatacard - ok
09:21:45.0296 0x0f4c  i2omgmt - ok
09:21:45.0296 0x0f4c  i2omp - ok
09:21:45.0343 0x0f4c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:21:45.0359 0x0f4c  i8042prt - ok
09:21:45.0453 0x0f4c  [ 271A5CA508B8172C050D726B217E9B99, 7FFAF9E3E907C4808BBAE02AE5707D4891731B1FFCCCD4611EFF131DEDB53BA9 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:21:45.0484 0x0f4c  IAANTMON - ok
09:21:45.0671 0x0330  Object required for P2P: [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32
09:21:45.0843 0x0f4c  [ 12C7F8D581C4A9F126F5F8F5683A1C29, DC86FF9BA6568B154C86556957068A1D83FD26668A3D0874586DE5C471347716 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:21:46.0187 0x0f4c  ialm - ok
09:21:46.0281 0x0f4c  [ 8EF427C54497C5F8A7A645990E4278C7, 3890391A489DAAFE155345C2E16BE17DF1E3E23DEE73EE849A7F96132AE65417 ] iastor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:21:46.0281 0x0f4c  iastor - ok
09:21:46.0328 0x0f4c  [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iastor78        C:\WINDOWS\system32\drivers\iastor78.sys
09:21:46.0375 0x0f4c  iastor78 - ok
09:21:46.0500 0x0f4c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:21:46.0578 0x0f4c  idsvc - ok
09:21:46.0609 0x0f4c  [ F3F825FCC70471FD967126E1871B2CDC, DFBE6642970661BDC37305128646E41C965690ED5214606F61236670E228FD32 ] IfsMount        C:\WINDOWS\system32\DRIVERS\ifsmount.sys
09:21:46.0625 0x0f4c  IfsMount - ok
09:21:46.0671 0x0f4c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:21:46.0671 0x0f4c  Imapi - ok
09:21:46.0718 0x0f4c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:21:46.0750 0x0f4c  ImapiService - ok
09:21:46.0750 0x0f4c  ini910u - ok
09:21:46.0906 0x0e0c  Object required for P2P: [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost
09:21:47.0031 0x0f4c  [ 6DB0A57519127AD416AC3F27FEA07D1A, F37034095716D05F8E27C6D7ECFA7719E830D96C9A14DAC4BF8FF072F5C078D7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:21:47.0125 0x0ac0  Object send P2P result: true
09:21:47.0375 0x0f4c  IntcAzAudAddService - ok
09:21:47.0390 0x0f4c  IntelIde - ok
09:21:47.0515 0x0f4c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:21:47.0531 0x0f4c  intelppm - ok
09:21:47.0546 0x0f4c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:21:47.0562 0x0f4c  Ip6Fw - ok
09:21:47.0609 0x0f4c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:21:47.0609 0x0f4c  IpFilterDriver - ok
09:21:47.0640 0x0f4c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:21:47.0640 0x0f4c  IpInIp - ok
09:21:47.0671 0x0f4c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:21:47.0687 0x0f4c  IpNat - ok
09:21:47.0765 0x0f4c  [ 57EDB35EA2FECA88F8B17C0C095C9A56, 7D5BD4547E60E42BE71C5D2B8FB91F0576D95CC9C86699FCA7F2A5722C318AB1 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:21:47.0906 0x0f4c  iPod Service - ok
09:21:47.0968 0x0f4c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:21:47.0968 0x0f4c  IPSec - ok
09:21:48.0031 0x0f4c  [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
09:21:48.0046 0x0f4c  irda - ok
09:21:48.0109 0x0f4c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:21:48.0109 0x0f4c  IRENUM - ok
09:21:48.0125 0x0f4c  [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon           C:\WINDOWS\System32\irmon.dll
09:21:48.0140 0x0f4c  Irmon - ok
09:21:48.0171 0x0f4c  [ DCCBDFD30BBECA6D74D9133981429B94, 1573010B36E5CE3D8B6CCC5C20FCDB7E38E42B8F7D67033D8262F945B38DA865 ] is3srv          C:\WINDOWS\system32\drivers\is3srv.sys
09:21:48.0171 0x0f4c  is3srv - ok
09:21:48.0234 0x0f4c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:21:48.0234 0x0f4c  isapnp - ok
09:21:48.0328 0x0f4c  [ 0AE61463ADDA697A6291155CE6B08AAF, DEB6A6477F0A0B9C8D86C6641507F74467E765C5B395F863E145D980A7EDDED1 ] ISODrive        C:\Program Files\UltraISO\drivers\ISODrive.sys
09:21:48.0343 0x0f4c  ISODrive - ok
09:21:48.0500 0x0f4c  [ E87885A59FDC241B6575943A75E495D9, 17837028307F57C85742036748D27E36DAE56BAD3D0F074149F758EF7B503A60 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:21:48.0531 0x0f4c  JavaQuickStarterService - ok
09:21:48.0578 0x0f4c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:21:48.0593 0x0f4c  Kbdclass - ok
09:21:48.0640 0x0f4c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:21:48.0656 0x0f4c  kbdhid - ok
09:21:48.0687 0x0f4c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:21:48.0703 0x0f4c  kmixer - ok
09:21:48.0750 0x0f4c  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:21:48.0750 0x0f4c  KSecDD - ok
09:21:48.0796 0x0f4c  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
09:21:48.0828 0x0f4c  LanmanServer - ok
09:21:48.0875 0x0f4c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:21:48.0906 0x0f4c  lanmanworkstation - ok
09:21:48.0921 0x0f4c  lbrtfdc - ok
09:21:48.0984 0x0f4c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:21:49.0000 0x0f4c  LmHosts - ok
09:21:49.0031 0x0f4c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:21:49.0062 0x0f4c  Messenger - ok
09:21:49.0156 0x0f4c  [ 7C4C76B39D5525C4A465E0BE32528E19, B7FE3B2AE7E8A936AFC0572A6C4F23327400EAD16B26B6E1193F1C9C3767B3E1 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:21:49.0187 0x0f4c  Microsoft Office Groove Audit Service - ok
09:21:49.0234 0x0f4c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:21:49.0250 0x0f4c  mnmdd - ok
09:21:49.0281 0x0f4c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:21:49.0328 0x0f4c  mnmsrvc - ok
09:21:49.0375 0x0f4c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:21:49.0390 0x0f4c  Modem - ok
09:21:49.0468 0x0f4c  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
09:21:49.0609 0x0f4c  Monfilt - ok
09:21:49.0656 0x0f4c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:21:49.0687 0x0f4c  Mouclass - ok
09:21:49.0734 0x0f4c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:21:49.0750 0x0f4c  mouhid - ok
09:21:49.0765 0x0f4c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:21:49.0781 0x0f4c  MountMgr - ok
09:21:49.0843 0x0f4c  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:21:49.0859 0x0f4c  MozillaMaintenance - ok
09:21:49.0859 0x0f4c  mraid35x - ok
09:21:49.0906 0x0f4c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:21:49.0906 0x0f4c  MRxDAV - ok
09:21:49.0984 0x0f4c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:21:49.0984 0x0f4c  MRxSmb - ok
09:21:50.0046 0x0f4c  [ 7A0BD2093B09FBDC555CE707A26756AB, B6F061173919B9A3DE72B3DB2C09CB30562AEAEC1CCEFFAB5C9CC484023B587F ] MsDepSvc        C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
09:21:50.0078 0x0f4c  MsDepSvc - ok
09:21:50.0078 0x02c8  Object required for P2P: [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk
09:21:50.0109 0x0f4c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:21:50.0140 0x0f4c  MSDTC - ok
09:21:50.0187 0x0f4c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:21:50.0203 0x0f4c  Msfs - ok
09:21:50.0203 0x0f4c  MSIServer - ok
09:21:50.0234 0x0f4c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:21:50.0265 0x0f4c  MSKSSRV - ok
09:21:50.0296 0x0f4c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:21:50.0296 0x0f4c  MSPCLOCK - ok
09:21:50.0312 0x0f4c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:21:50.0312 0x0f4c  MSPQM - ok
09:21:50.0343 0x0f4c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:21:50.0375 0x0f4c  mssmbios - ok
09:21:50.0406 0x0f4c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
09:21:50.0421 0x0f4c  MSTEE - ok
09:21:50.0484 0x0f4c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:21:50.0484 0x0f4c  Mup - ok
09:21:50.0515 0x0f4c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:21:50.0546 0x0f4c  NABTSFEC - ok
09:21:50.0625 0x0f4c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:21:50.0718 0x0f4c  napagent - ok
09:21:50.0781 0x0f4c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:21:50.0781 0x0f4c  NDIS - ok
09:21:50.0812 0x0f4c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:21:50.0812 0x0f4c  NdisIP - ok
09:21:50.0859 0x0f4c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:21:50.0875 0x0f4c  NdisTapi - ok
09:21:50.0890 0x0f4c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:21:50.0921 0x0f4c  Ndisuio - ok
09:21:50.0968 0x0f4c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:21:50.0984 0x0f4c  NdisWan - ok
09:21:51.0046 0x0f4c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:21:51.0062 0x0f4c  NDProxy - ok
09:21:51.0109 0x0f4c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:21:51.0125 0x0f4c  Net Driver HPZ12 - ok
09:21:51.0140 0x0f4c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:21:51.0140 0x0f4c  NetBIOS - ok
09:21:51.0156 0x0f4c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:21:51.0218 0x0f4c  NetBT - ok
09:21:51.0250 0x0f4c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:21:51.0265 0x0f4c  NetDDE - ok
09:21:51.0281 0x0f4c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:21:51.0281 0x0f4c  NetDDEdsdm - ok
09:21:51.0328 0x0f4c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:21:51.0343 0x0f4c  Netlogon - ok
09:21:51.0375 0x0f4c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:21:51.0406 0x0f4c  Netman - ok
09:21:51.0500 0x0f4c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:51.0578 0x0f4c  NetTcpPortSharing - ok
09:21:51.0750 0x0f4c  [ E0860951A0294826BE9D1A64A42370B4, A62E8BDB5CA36E608CE47B54565B6D32837BF9F2FF2E16547908FAFDC2A6EA49 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:21:51.0921 0x0f4c  NETw4x32 - ok
09:21:51.0968 0x0f4c  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:21:51.0968 0x0f4c  NIC1394 - ok
09:21:52.0015 0x0f4c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:21:52.0015 0x0f4c  Nla - ok
09:21:52.0078 0x0f4c  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F, 4CCE820F455512C41E4F98109FA6F048907DD3452D5A00D5F885C77F93C9C105 ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
09:21:52.0109 0x0f4c  NMSAccess - ok
09:21:52.0140 0x0f4c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:21:52.0140 0x0f4c  Npfs - ok
09:21:52.0140 0x0f4c  [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA         C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:21:52.0156 0x0f4c  NSCIRDA - ok
09:21:52.0218 0x0f4c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:21:52.0265 0x0f4c  Ntfs - ok
09:21:52.0296 0x0f4c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:21:52.0296 0x0f4c  NtLmSsp - ok
09:21:52.0343 0x0f4c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:21:52.0421 0x0f4c  NtmsSvc - ok
09:21:52.0468 0x0f4c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:21:52.0468 0x0f4c  Null - ok
09:21:52.0500 0x0f4c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:21:52.0531 0x0f4c  NwlnkFlt - ok
09:21:52.0562 0x0f4c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:21:52.0609 0x0f4c  NwlnkFwd - ok
09:21:52.0734 0x0f4c  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:21:52.0781 0x0f4c  odserv - ok
09:21:52.0812 0x0f4c  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:21:52.0812 0x0f4c  ohci1394 - ok
09:21:52.0859 0x0f4c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:21:52.0875 0x0f4c  ose - ok
09:21:52.0937 0x0f4c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:21:52.0968 0x0f4c  Parport - ok
09:21:53.0015 0x0f4c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:21:53.0015 0x0f4c  PartMgr - ok
09:21:53.0046 0x0f4c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:21:53.0046 0x0f4c  ParVdm - ok
09:21:53.0093 0x0f4c  [ CC91E0E369DF4A052EBDD1EA86AF999B, AF6AE0446E9580F924B38E997E096F40BD030C85C6FE78C36A8F512C4102BEE1 ] PcaSp50         C:\WINDOWS\system32\DRIVERS\PcaSp50.sys
09:21:53.0125 0x0f4c  PcaSp50 - ok
09:21:53.0203 0x0f4c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:21:53.0203 0x0f4c  PCI - ok
09:21:53.0203 0x0f4c  PCIDump - ok
09:21:53.0250 0x0f4c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:21:53.0250 0x0f4c  PCIIde - ok
09:21:53.0281 0x0f4c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:21:53.0281 0x0f4c  Pcmcia - ok
09:21:53.0296 0x0f4c  PDCOMP - ok
09:21:53.0296 0x0f4c  PDFRAME - ok
09:21:53.0312 0x0f4c  PDRELI - ok
09:21:53.0312 0x0f4c  PDRFRAME - ok
09:21:53.0312 0x0f4c  perc2 - ok
09:21:53.0328 0x0f4c  perc2hib - ok
09:21:53.0375 0x0f4c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:21:53.0375 0x0f4c  PlugPlay - ok
09:21:53.0390 0x0f4c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:21:53.0421 0x0f4c  Pml Driver HPZ12 - ok
09:21:53.0437 0x0f4c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:21:53.0437 0x0f4c  PolicyAgent - ok
09:21:53.0453 0x02c8  Object send P2P result: true
09:21:53.0453 0x02c8  Object required for P2P: [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus
09:21:53.0468 0x0f4c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:21:53.0500 0x0f4c  PptpMiniport - ok
09:21:53.0515 0x0f4c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:21:53.0515 0x0f4c  ProtectedStorage - ok
09:21:53.0515 0x0f4c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:21:53.0531 0x0f4c  PSched - ok
09:21:53.0531 0x0f4c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:21:53.0578 0x0f4c  Ptilink - ok
09:21:53.0625 0x0f4c  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:21:53.0625 0x0f4c  PxHelp20 - ok
09:21:53.0640 0x0f4c  ql1080 - ok
09:21:53.0640 0x0f4c  Ql10wnt - ok
09:21:53.0656 0x0f4c  ql12160 - ok
09:21:53.0656 0x0f4c  ql1240 - ok
09:21:53.0671 0x0f4c  ql1280 - ok
09:21:53.0718 0x0f4c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:21:53.0718 0x0f4c  RasAcd - ok
09:21:53.0734 0x0f4c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:21:53.0750 0x0f4c  RasAuto - ok
09:21:53.0796 0x0f4c  [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:21:53.0828 0x0f4c  Rasirda - ok
09:21:53.0875 0x0f4c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:21:53.0875 0x0f4c  Rasl2tp - ok
09:21:53.0906 0x0f4c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:21:53.0937 0x0f4c  RasMan - ok
09:21:53.0984 0x0f4c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:21:53.0984 0x0f4c  RasPppoe - ok
09:21:54.0000 0x0f4c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:21:54.0015 0x0f4c  Raspti - ok
09:21:54.0046 0x0f4c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:21:54.0046 0x0f4c  Rdbss - ok
09:21:54.0093 0x0f4c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:21:54.0125 0x0f4c  RDPCDD - ok
09:21:54.0187 0x0f4c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:21:54.0234 0x0f4c  rdpdr - ok
09:21:54.0312 0x0f4c  [ 6589DB6E5969F8EEE594CF71171C5028, E78EE5D10B0C69F51959372B88D95F9B9E785C39432FD63ED069FC3D90022292 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:21:54.0343 0x0f4c  RDPWD - ok
09:21:54.0390 0x0f4c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:21:54.0437 0x0f4c  RDSessMgr - ok
09:21:54.0500 0x0f4c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:21:54.0515 0x0f4c  redbook - ok
09:21:54.0562 0x0f4c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:21:54.0609 0x0f4c  RemoteAccess - ok
09:21:54.0656 0x0f4c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:21:54.0703 0x0f4c  RemoteRegistry - ok
09:21:54.0734 0x0f4c  [ 8B5B8A11306190C6963D3473F052D3C8, BEBCCA8109C742447C862907B7A3924548303AC720E3FB16563F24DF3238F82B ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
09:21:54.0750 0x0f4c  Revoflt - ok
09:21:54.0781 0x0f4c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:21:54.0812 0x0f4c  RpcLocator - ok
09:21:54.0843 0x0f4c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:21:54.0859 0x0f4c  RpcSs - ok
09:21:54.0906 0x0f4c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:21:54.0953 0x0f4c  RSVP - ok
09:21:54.0968 0x0f4c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:21:54.0968 0x0f4c  SamSs - ok
09:21:55.0015 0x0f4c  [ 1FD538C4FEB36B793D2121F20BBDC16F, 4785268D6116BD7363FD1802784D706A4392B3CCEBAE2840789A147903706BFB ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
09:21:55.0046 0x0f4c  SBRE - ok
09:21:55.0093 0x0f4c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:21:55.0125 0x0f4c  SCardSvr - ok
09:21:55.0171 0x0f4c  [ C23DBD9BFBA8B1170706E0896B3CF7DA, 3898674C961850581E20B65D96E651A45A23429AB5D11F712704E181B25B528B ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
09:21:55.0187 0x0f4c  SCDEmu - ok
09:21:55.0250 0x0f4c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:21:55.0281 0x0f4c  Schedule - ok
09:21:55.0312 0x0f4c  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:21:55.0359 0x0f4c  sdbus - ok
09:21:55.0406 0x0f4c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:21:55.0437 0x0f4c  Secdrv - ok
09:21:55.0453 0x0f4c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:21:55.0468 0x0f4c  seclogon - ok
09:21:55.0484 0x0f4c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:21:55.0515 0x0f4c  SENS - ok
09:21:55.0562 0x0f4c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:21:55.0593 0x0f4c  serenum - ok
09:21:55.0656 0x0f4c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:21:55.0656 0x0f4c  Serial - ok
09:21:55.0687 0x0f4c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:21:55.0718 0x0f4c  Sfloppy - ok
09:21:55.0750 0x0f4c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:21:55.0828 0x0f4c  SharedAccess - ok
09:21:55.0875 0x0f4c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:21:55.0875 0x0f4c  ShellHWDetection - ok
09:21:55.0875 0x0f4c  Simbad - ok
09:21:56.0015 0x0f4c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:21:56.0062 0x0f4c  SkypeUpdate - ok
09:21:56.0125 0x0f4c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:21:56.0140 0x0f4c  SLIP - ok
09:21:56.0187 0x0f4c  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:21:56.0187 0x0f4c  SONYPVU1 - ok
09:21:56.0203 0x0f4c  Sparrow - ok
09:21:56.0234 0x0f4c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:21:56.0250 0x0f4c  splitter - ok
09:21:56.0312 0x0f4c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:21:56.0328 0x0f4c  Spooler - ok
09:21:56.0406 0x0f4c  [ 71E276F6D189413266EA22171806597B, AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
09:21:56.0484 0x0f4c  sptd - ok
09:21:56.0531 0x0f4c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:21:56.0531 0x0f4c  sr - ok
09:21:56.0593 0x0f4c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:21:56.0609 0x0f4c  srservice - ok
09:21:56.0718 0x0f4c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:21:56.0718 0x0f4c  Srv - ok
09:21:56.0765 0x0f4c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:21:56.0843 0x0f4c  SSDPSRV - ok
09:21:56.0859 0x02c8  Object send P2P result: true
09:21:56.0859 0x02c8  Object required for P2P: [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ
09:21:56.0906 0x0f4c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:21:56.0921 0x0f4c  ssmdrv - ok
09:21:56.0968 0x0f4c  [ F92254B0BCFCD10CAAC7BCCC7CB7F467, A44B569F658BED53502C9155947759EE67FABEE306DA2A9ABE87141F99B251A3 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
09:21:56.0968 0x0f4c  StarOpen - ok
09:21:57.0031 0x0f4c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:21:57.0078 0x0f4c  stisvc - ok
09:21:57.0125 0x0f4c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:21:57.0156 0x0f4c  streamip - ok
09:21:57.0203 0x0f4c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:21:57.0218 0x0f4c  swenum - ok
09:21:57.0250 0x0f4c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:21:57.0281 0x0f4c  swmidi - ok
09:21:57.0281 0x0f4c  SwPrv - ok
09:21:57.0296 0x0f4c  symc810 - ok
09:21:57.0296 0x0f4c  symc8xx - ok
09:21:57.0312 0x0f4c  sym_hi - ok
09:21:57.0312 0x0f4c  sym_u3 - ok
09:21:57.0375 0x0f4c  [ 273AC5B332578D5AF84290DAA76E92B3, EED913C16A1B94EB15B9B4231EE18A1AA177DDBE682F70334655D93261D0441A ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:21:57.0406 0x0f4c  SynTP - ok
09:21:57.0468 0x0f4c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:21:57.0500 0x0f4c  sysaudio - ok
09:21:57.0531 0x0f4c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:21:57.0546 0x0f4c  SysmonLog - ok
09:21:57.0578 0x0f4c  [ DCCBDFD30BBECA6D74D9133981429B94, 1573010B36E5CE3D8B6CCC5C20FCDB7E38E42B8F7D67033D8262F945B38DA865 ] szkg5           C:\WINDOWS\system32\DRIVERS\szkg.sys
09:21:57.0593 0x0f4c  szkg5 - ok
09:21:57.0625 0x0f4c  [ C686E097A867FB950EBF8878E350D95B, 6D0706135BCD4AE4886FD85C63990B3C66E7F83EB621FDDAD16BFF029624A403 ] szkgfs          C:\WINDOWS\system32\drivers\szkgfs.sys
09:21:57.0625 0x0f4c  szkgfs - ok
09:21:57.0656 0x0f4c  szserver - ok
09:21:57.0687 0x0f4c  [ 8CF6E2AE1707D82E904ECCA68CEF8B87, 623765F0E5521B9EDDDEF3A3683C2E4A1FB6D96E80CC7CD22426066FE0D4843A ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
09:21:57.0703 0x0f4c  tap0901 - ok
09:21:57.0765 0x0f4c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:21:57.0796 0x0f4c  TapiSrv - ok
09:21:57.0875 0x0f4c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:21:57.0921 0x0f4c  Tcpip - ok
09:21:58.0000 0x0f4c  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
09:21:58.0031 0x0f4c  Tcpip6 - ok
09:21:58.0109 0x0f4c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:21:58.0109 0x0f4c  TDPIPE - ok
09:21:58.0125 0x0f4c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:21:58.0156 0x0f4c  TDTCP - ok
09:21:58.0171 0x0f4c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:21:58.0203 0x0f4c  TermDD - ok
09:21:58.0265 0x0f4c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:21:58.0296 0x0f4c  TermService - ok
09:21:58.0343 0x0f4c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:21:58.0359 0x0f4c  Themes - ok
09:21:58.0390 0x0f4c  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:21:58.0421 0x0f4c  TlntSvr - ok
09:21:58.0421 0x0f4c  TosIde - ok
09:21:58.0500 0x0f4c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:21:58.0531 0x0f4c  TrkWks - ok
09:21:58.0546 0x0f4c  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:21:58.0578 0x0f4c  tunmp - ok
09:21:58.0625 0x0f4c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:21:58.0656 0x0f4c  Udfs - ok
09:21:58.0656 0x0f4c  ultra - ok
09:21:58.0718 0x0f4c  [ B2AF2BA8A3205A8458B61F638FB431DD, 489402C773A1124917704C155D8E15B82490233E9E5135B62A88EFE73AA28C38 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
09:21:58.0718 0x0f4c  UnlockerDriver5 - ok
09:21:58.0765 0x0f4c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:21:58.0812 0x0f4c  Update - ok
09:21:58.0859 0x0f4c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:21:58.0906 0x0f4c  upnphost - ok
09:21:59.0031 0x0f4c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:21:59.0062 0x0f4c  UPS - ok
09:21:59.0109 0x0f4c  [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
09:21:59.0140 0x0f4c  USBAAPL - ok
09:21:59.0187 0x0f4c  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
09:21:59.0218 0x0f4c  usbaudio - ok
09:21:59.0250 0x0f4c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:21:59.0281 0x0f4c  usbccgp - ok
09:21:59.0281 0x0f4c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:21:59.0296 0x0f4c  usbehci - ok
09:21:59.0328 0x0f4c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:21:59.0343 0x0f4c  usbhub - ok
09:21:59.0390 0x0f4c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:21:59.0390 0x0f4c  usbprint - ok
09:21:59.0421 0x0f4c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:21:59.0421 0x0f4c  usbscan - ok
09:21:59.0453 0x0f4c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:21:59.0484 0x0f4c  USBSTOR - ok
09:21:59.0484 0x0f4c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:21:59.0500 0x0f4c  usbuhci - ok
09:21:59.0531 0x0f4c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
09:21:59.0578 0x0f4c  usbvideo - ok
09:21:59.0640 0x0f4c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:21:59.0656 0x0f4c  VgaSave - ok
09:21:59.0656 0x0f4c  ViaIde - ok
09:21:59.0718 0x0f4c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:21:59.0718 0x0f4c  VolSnap - ok
09:21:59.0750 0x0f4c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:21:59.0828 0x0f4c  VSS - ok
09:21:59.0875 0x0f4c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:21:59.0890 0x0f4c  W32Time - ok
09:21:59.0953 0x0f4c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:21:59.0984 0x0f4c  Wanarp - ok
09:22:00.0046 0x0f4c  [ 4769596D7CC0F5FA447D2BABC239672A, 1E889FE9FDA0A23F07FD8BAE11204D739033F6795CE7F23FE3EF66A0B76958C8 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
09:22:00.0125 0x0f4c  Wdf01000 - ok
09:22:00.0140 0x0f4c  WDICA - ok
09:22:00.0203 0x0f4c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:22:00.0218 0x0f4c  wdmaud - ok
09:22:00.0234 0x02c8  Object send P2P result: true
09:22:00.0234 0x02c8  Object required for P2P: [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP
09:22:00.0265 0x0f4c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:22:00.0312 0x0f4c  WebClient - ok
09:22:00.0390 0x0f4c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:22:00.0421 0x0f4c  winmgmt - ok
09:22:00.0484 0x0f4c  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:22:00.0531 0x0f4c  WmdmPmSN - ok
09:22:00.0578 0x0f4c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:22:00.0609 0x0f4c  Wmi - ok
09:22:00.0656 0x0f4c  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:22:00.0687 0x0f4c  WmiAcpi - ok
09:22:00.0718 0x0f4c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:22:00.0765 0x0f4c  WmiApSrv - ok
09:22:00.0906 0x0f4c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:22:01.0000 0x0f4c  WPFFontCache_v0400 - ok
09:22:01.0062 0x0f4c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:22:01.0078 0x0f4c  WS2IFSL - ok
09:22:01.0140 0x0f4c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:22:01.0171 0x0f4c  wscsvc - ok
09:22:01.0234 0x0f4c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:22:01.0265 0x0f4c  WSTCODEC - ok
09:22:01.0312 0x0f4c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:22:01.0328 0x0f4c  wuauserv - ok
09:22:01.0375 0x0f4c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:22:01.0406 0x0f4c  WudfPf - ok
09:22:01.0437 0x0f4c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:22:01.0468 0x0f4c  WudfRd - ok
09:22:01.0515 0x0f4c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:22:01.0562 0x0f4c  WudfSvc - ok
09:22:01.0609 0x0f4c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:22:01.0671 0x0f4c  WZCSVC - ok
09:22:01.0718 0x0f4c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:22:01.0765 0x0f4c  xmlprov - ok
09:22:01.0781 0x0f4c  ================ Scan global ===============================
09:22:01.0828 0x0f4c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:22:01.0890 0x0f4c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:22:02.0000 0x0f4c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:22:02.0046 0x0f4c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:22:02.0062 0x0f4c  [ Global ] - ok
09:22:02.0062 0x0f4c  ================ Scan MBR ==================================
09:22:02.0093 0x0f4c  [ 2B7091CA91E2218C922AD5EFD64677B6 ] \Device\Harddisk0\DR0
09:22:02.0140 0x0f4c  \Device\Harddisk0\DR0 - ok
09:22:02.0140 0x0f4c  ================ Scan VBR ==================================
09:22:02.0156 0x0f4c  [ 6C8836EDE4D63FB321596B1EF3E7EEBC ] \Device\Harddisk0\DR0\Partition1
09:22:02.0187 0x0f4c  \Device\Harddisk0\DR0\Partition1 - ok
09:22:02.0187 0x0f4c  ================ Scan generic autorun ======================
09:22:02.0296 0x0f4c  [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
09:22:02.0328 0x0f4c  IMJPMIG8.1 - ok
09:22:02.0328 0x0f4c  MSPY2002 - ok
09:22:02.0375 0x0f4c  PHIME2002ASync - ok
09:22:02.0375 0x0f4c  PHIME2002A - ok
09:22:02.0421 0x0f4c  [ 018F8072ADC4CC1D658C85D6C186B453, EE0C9347198A47CCA0F99AD81E230BA05F3154C0EE8E2B9C20E6131F72444750 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
09:22:02.0453 0x0f4c  IAAnotif - ok
09:22:02.0593 0x0f4c  [ BA8C6F53DC5558961C95427F48125F9C, F932026A42FD2EC7FBEC0FAE9F5FAAD82A409611057953FFEEDEF4F840084533 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
09:22:02.0734 0x0f4c  SynTPEnh - ok
09:22:02.0828 0x0f4c  [ FFD2FD19CEFD6F0DB95D8153A6A70272, 70293631141CDAB5961A7FE27DD21266F5CF5BF2B65A79CE5A13B45DA4C17AF7 ] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
09:22:02.0859 0x0f4c  AzMixerSel - ok
09:22:02.0906 0x0f4c  [ 6E116332B4B2BFDF65561D636AD857A4, ED651F1B60A247075538D2D69ADE40D217CCD21CB68E1FC1B0FEB1A008F872F7 ] C:\WINDOWS\system32\igfxtray.exe
09:22:02.0937 0x0f4c  IgfxTray - ok
09:22:02.0937 0x0f4c  [ D54E6A3AEE262F4453E828865C455E89, 1747F5C2F20D0D6D3CCC8377DCE2607B4CCF939BEB8E49D6E562B581A34C83CA ] C:\WINDOWS\system32\hkcmd.exe
09:22:03.0031 0x0f4c  HotKeysCmds - ok
09:22:03.0046 0x0f4c  [ ED1D06D28D562399BD5DA1DA10A96C49, 5AACED11152BDC615C311367FF4821C776489F2E85E0E864EC8BC3621FCBECDD ] C:\WINDOWS\system32\igfxpers.exe
09:22:03.0078 0x0f4c  Persistence - ok
09:22:03.0625 0x02c8  Object send P2P result: true
09:22:03.0625 0x02c8  Object required for P2P: [ E5A0034847537EAEE3C00349D5C34C5F ] iastor78
09:22:03.0984 0x0f4c  [ 1469055288F582255E047E6CD86760BC, 0A03D7790D5C775A07486F22754DAD18C0956C897C7AE9F46E8ABFA20D5317C9 ] C:\WINDOWS\RTHDCPL.EXE
09:22:05.0671 0x0330  Object send P2P result: false
09:22:05.0968 0x0f4c  RTHDCPL - ok
09:22:06.0078 0x0f4c  [ EA31039E691C6F8F5469649526EEA5FB, 921910627814F3F237F59BBF5C97D383CF954DFF885F3A60475B9F76CD55461F ] C:\WINDOWS\ALCMTR.EXE
09:22:06.0093 0x0f4c  Alcmtr - ok
09:22:06.0218 0x0f4c  [ 88C889140951CCB2D45FF4E7AE8DA3B3, 48D8A959F17EAD42638F63C33208EFDB42A721705A4854E9C6A9836AFC82010A ] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
09:22:06.0312 0x0f4c  LManager - ok
09:22:06.0421 0x0f4c  [ D2DAD71C96C113ED07F7BB79AD831C28, 8EACE797C16663D58B8BA67C9BF135780D1676E16797A1E81706263238C7BC0B ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:22:06.0468 0x0f4c  APSDaemon - ok
09:22:06.0578 0x0f4c  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime\QTTask.exe
09:22:06.0671 0x0f4c  QuickTime Task - ok
09:22:06.0750 0x0f4c  [ ADDC85E83BE3CB8F317AD4B27AD5B755, C00860715774F26DD3B7F273388FFD043345368265D9FD6ED4CDAD713CDC5337 ] C:\Program Files\File Association Helper\FAHConsole.exe
09:22:06.0859 0x0f4c  FAHConsole - ok
09:22:06.0906 0x0e0c  Object send P2P result: false
09:22:06.0906 0x0e0c  Object required for P2P: [ 38D332A6D56AF32635675F132548343E ] Fastfat
09:22:07.0000 0x0f4c  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
09:22:07.0093 0x0f4c  avgnt - ok
09:22:07.0218 0x0f4c  [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
09:22:07.0234 0x0f4c  HP Software Update - ok
09:22:07.0281 0x0f4c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
09:22:07.0296 0x0f4c  ctfmon.exe - ok
09:22:07.0906 0x0f4c  [ 3FF4C756D98F973EED91A502BC7F9A55, 9F125EF9C7065EA5F7DF8D7343528C0C404950E25D764B39489731CCE2141EDD ] C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
09:22:08.0531 0x0f4c  TK8 StickyNotes - ok
09:22:08.0703 0x0f4c  [ 1D87E7DC8EF970EB4472477ED357A306, 82577233B058465D5C8AE8DF9A216D34BDDC2AD451BE6E770F7913DC224A496D ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
09:22:08.0781 0x0f4c  GarminExpressTrayApp - ok
09:22:08.0828 0x0f4c  Skype - ok
09:22:08.0828 0x0f4c  Waiting for KSN requests completion. In queue: 221
09:22:09.0828 0x0f4c  Waiting for KSN requests completion. In queue: 221
09:22:10.0828 0x0f4c  Waiting for KSN requests completion. In queue: 221
09:22:11.0828 0x0f4c  Waiting for KSN requests completion. In queue: 221
09:22:12.0109 0x0e0c  Object send P2P result: true
09:22:12.0828 0x0f4c  Waiting for KSN requests completion. In queue: 212
09:22:12.0859 0x0748  Object required for P2P: [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc
09:22:13.0828 0x0f4c  Waiting for KSN requests completion. In queue: 184
09:22:14.0828 0x0f4c  Waiting for KSN requests completion. In queue: 184
09:22:15.0828 0x0f4c  Waiting for KSN requests completion. In queue: 184
09:22:16.0265 0x0748  Object send P2P result: true
09:22:16.0265 0x0748  Object required for P2P: [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV
09:22:16.0828 0x0f4c  Waiting for KSN requests completion. In queue: 177
09:22:17.0828 0x0f4c  Waiting for KSN requests completion. In queue: 177
09:22:18.0828 0x0f4c  Waiting for KSN requests completion. In queue: 177
09:22:19.0640 0x0748  Object send P2P result: true
09:22:19.0640 0x0748  Object required for P2P: [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb
09:22:19.0828 0x0f4c  Waiting for KSN requests completion. In queue: 176
09:22:20.0828 0x0f4c  Waiting for KSN requests completion. In queue: 176
09:22:21.0828 0x0f4c  Waiting for KSN requests completion. In queue: 176
09:22:22.0828 0x0f4c  Waiting for KSN requests completion. In queue: 176
09:22:23.0640 0x02c8  Object send P2P result: false
09:22:23.0640 0x02c8  Object required for P2P: [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc
09:22:23.0828 0x0f4c  Waiting for KSN requests completion. In queue: 175
09:22:24.0828 0x0f4c  Waiting for KSN requests completion. In queue: 175
09:22:25.0281 0x0748  Object send P2P result: true
09:22:25.0281 0x0748  Object required for P2P: [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394
09:22:25.0828 0x0f4c  Waiting for KSN requests completion. In queue: 144
09:22:26.0828 0x0f4c  Waiting for KSN requests completion. In queue: 144
09:22:27.0078 0x02c8  Object send P2P result: false
09:22:27.0828 0x0f4c  Waiting for KSN requests completion. In queue: 142
09:22:28.0671 0x0748  Object send P2P result: true
09:22:28.0671 0x0748  Object required for P2P: [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs
09:22:28.0828 0x0f4c  Waiting for KSN requests completion. In queue: 137
09:22:29.0828 0x0f4c  Waiting for KSN requests completion. In queue: 137
09:22:30.0828 0x0f4c  Waiting for KSN requests completion. In queue: 137
09:22:31.0828 0x0f4c  Waiting for KSN requests completion. In queue: 137
09:22:32.0062 0x0748  Object send P2P result: true
09:22:32.0062 0x0748  Object required for P2P: [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv
09:22:32.0828 0x0f4c  Waiting for KSN requests completion. In queue: 132
09:22:33.0828 0x0f4c  Waiting for KSN requests completion. In queue: 132
09:22:34.0828 0x0f4c  Waiting for KSN requests completion. In queue: 132
09:22:35.0578 0x0748  Object send P2P result: true
09:22:35.0578 0x0748  Object required for P2P: [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp
09:22:35.0828 0x0f4c  Waiting for KSN requests completion. In queue: 114
09:22:36.0828 0x0f4c  Waiting for KSN requests completion. In queue: 114
09:22:37.0828 0x0f4c  Waiting for KSN requests completion. In queue: 114
09:22:38.0828 0x0f4c  Waiting for KSN requests completion. In queue: 114
09:22:38.0968 0x0748  Object send P2P result: true
09:22:38.0968 0x0748  Object required for P2P: [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan
09:22:39.0828 0x0f4c  Waiting for KSN requests completion. In queue: 113
09:22:40.0828 0x0f4c  Waiting for KSN requests completion. In queue: 113
09:22:41.0828 0x0f4c  Waiting for KSN requests completion. In queue: 113
09:22:42.0359 0x0748  Object send P2P result: true
09:22:42.0359 0x0748  Object required for P2P: [ 71E276F6D189413266EA22171806597B ] sptd
09:22:42.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:43.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:44.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:45.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:46.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:47.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:48.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:49.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:50.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:51.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:52.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:53.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:54.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:55.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:56.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:57.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:58.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:22:59.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:23:00.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:23:01.0828 0x0f4c  Waiting for KSN requests completion. In queue: 82
09:23:02.0375 0x0748  Object send P2P result: false
09:23:02.0375 0x0748  Object required for P2P: [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV
09:23:02.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:03.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:04.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:05.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:06.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:07.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:08.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:09.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:10.0828 0x0f4c  Waiting for KSN requests completion. In queue: 78
09:23:11.0796 0x0748  Object send P2P result: true
09:23:11.0796 0x0748  Object required for P2P: [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip
09:23:11.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:12.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:13.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:14.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:15.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:16.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:17.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:18.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:19.0828 0x0f4c  Waiting for KSN requests completion. In queue: 65
09:23:20.0296 0x0748  Object send P2P result: true
09:23:20.0296 0x0748  Object required for P2P: [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS
09:23:20.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:21.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:22.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:23.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:24.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:25.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:26.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:27.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:28.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:29.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:30.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:31.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:32.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:33.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:34.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:35.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:36.0828 0x0f4c  Waiting for KSN requests completion. In queue: 39
09:23:37.0625 0x0748  Object send P2P result: true
09:23:37.0625 0x0748  Object required for P2P: [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv
09:23:37.0828 0x0f4c  Waiting for KSN requests completion. In queue: 29
09:23:38.0828 0x0f4c  Waiting for KSN requests completion. In queue: 29
09:23:39.0828 0x0f4c  Waiting for KSN requests completion. In queue: 29
09:23:40.0828 0x0f4c  Waiting for KSN requests completion. In queue: 29
09:23:41.0015 0x0748  Object send P2P result: true
09:23:41.0015 0x0748  Object required for P2P: [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv
09:23:41.0828 0x0f4c  Waiting for KSN requests completion. In queue: 24
09:23:42.0828 0x0f4c  Waiting for KSN requests completion. In queue: 24
09:23:43.0828 0x0f4c  Waiting for KSN requests completion. In queue: 24
09:23:44.0375 0x0748  Object send P2P result: true
09:23:44.0937 0x0f4c  AV detected via SS1: Avira Desktop, 14.0.7.462, enabled, updated
09:23:44.0937 0x0f4c  Win FW state via NFM: enabled
09:23:47.0812 0x0f4c  ============================================================
09:23:47.0812 0x0f4c  Scan finished
09:23:47.0812 0x0f4c  ============================================================
09:23:47.0828 0x05c8  Detected object count: 0
09:23:47.0828 0x05c8  Actual detected object count: 0
 

 

My laptop seems to be free from TDSS if I understood this scan right.

Since we are working (with you) I had no redirects, but it happened before that I did not have them for a period of time, to see them re-appear after a while.

FYI: The laptop of my wife (Windows 7) is also free from redirects in this same period, coincidence?

(But at each start-up of her laptop malwarebytes quarentines three threats: trojanDNSchanger. I will need your help for her too, later :-) )

 

Best regards

 

Men

 

 

 



#12 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 09 February 2015 - 08:19 AM

Hello Men,
 

The Avira control panel tells me that I need to fix mail protection (it shows deactivated), but when I try it does not work. I had this before, month ago, and re-installing did not help. Avira helpdesk advised me to un-install manually all Avira files in the Program Files. They also let me download a avira-registry cleaner and I used it. Then installed AviraPro again and it worked until last week. Should I try this again? (If so, with or without the registry cleaner?)

If you want to keep Avira I would suggest that you should do the steps which you have performed the last time. Instead of doing this we could uninstall Avira and install a testversion of AVAST Internet Security 2015 which includes a scanner for bad DNS-entries in routers.

 

My laptop seems to be free from TDSS if I understood this scan right.

Yes this is correct.

You did the Step under Windows Control Panel (see link beneath) for both connections LAN and WLAN?

Step 1
Let us try another thing:
Regarding to my linked instruction:
http://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/
Please have a look at the instruction Windows Control Panel and perform following steps:

regards,

 

Sandra


#13 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 09 February 2015 - 10:52 PM

Hello Sandra,

 

 

If you want to keep Avira I would suggest that you should do the steps which you have performed the last time. Instead of doing this we could uninstall Avira and install a testversion of AVAST Internet Security 2015 which includes a scanner for bad DNS-entries in routers.

 

 

I uninstalled AviraPro and installed the trail version of AVAST. It made a scan and found this: ... program files\buffalo\device server\connect.exe (buffalo is my router). Threat: Win32:Evo-gen (Susp). I took no action after that, waiting for your advice. But then, after a restart AVAST decided to quarantine it :mellow:

 

 

You did the Step under Windows Control Panel (see link beneath) for both connections LAN and WLAN?

 

 

I checked for 91.212.124.159 LAN and WLAN.

 

re Step1 : All done as instructed

 

re Step 2: FRST scan text.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by mijnd (administrator) on ACER on 10-02-2015 10:38:12
Running from C:\Documents and Settings\mijnd\Desktop
Loaded Profiles: mijnd (Available profiles: mijnd)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\mijnd\LOCALS~1\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-06-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17530368 2009-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [715272 2007-08-13] (Dritek System Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-10] (AVAST Software)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10134360 2012-10-24] ()
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2aa-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2ab-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750dd-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750de-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1a-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1b-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\mijnd\Start Menu\Programs\Startup\Network-USB Navigator.lnk
ShortcutTarget: Network-USB Navigator.lnk -> C:\Program Files\BUFFALO\Device server\Connect.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * 猀瀀爀攀猀琀爀琀aswBoot.exe /M:b1c95210 /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?nord=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://192.168.1.250/IPCamPluginMJPEG.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
Tcpip\..\Interfaces\{4BE37950-E3C3-403B-969D-8B880C978D8B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C8D9EA60-488B-4D08-852F-735F871CE14E}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1450960922-1417001333-1004: @hola.org/vlc,version=1.6.520 -> C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\vlc ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\startpage-ssl.xml
FF Extension: British English Dictionary - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-12]
FF Extension: NoScript - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Web Developer - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-17]
FF Extension: Adblock Plus - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-20]
FF Extension: BetterPrivacy - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-22]
FF Extension: Adblock Edge - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{E5C20E23-9BBF-4a06-AC43-277382EF1B43}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6
FF Extension: VerificationEngine&#174; - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010-02-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]
FF HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-10] (AVAST Software)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-03] (Oracle Corporation)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 0187451260843226mcinstcleanup; C:\DOCUME~1\mijnd\LOCALS~1\Temp\018745~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 szserver; "C:\Program Files\STOPzilla!\SZServer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-10] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2015-02-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-10] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-02-10] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2015-02-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-02-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-02-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-10] ()
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66304 2007-01-31] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [45952 2007-01-31] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2007-01-31] (ENE Technology Inc.)
S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [133632 2008-09-29] (Microsoft Corporation) [File not signed]
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-05-08] (Intel Corporation)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R0 is3srv; C:\WINDOWS\System32\drivers\is3srv.sys [99728 2012-03-20] (iS3 Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2210816 2007-08-29] (Intel Corporation)
S3 PcaSp50; C:\WINDOWS\System32\DRIVERS\PcaSp50.sys [28160 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-11-26] (Duplex Secure Ltd.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 szkg5; C:\WINDOWS\System32\DRIVERS\szkg.sys [99728 2012-03-20] (iS3 Inc.)
R0 szkgfs; C:\WINDOWS\System32\drivers\szkgfs.sys [73008 2012-05-04] (iS3, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 10:38 - 2015-02-10 10:39 - 00025913 _____ () C:\Documents and Settings\mijnd\Desktop\FRST.txt
2015-02-10 09:35 - 2015-02-10 09:35 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-02-10 09:35 - 2015-02-10 09:35 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\AVAST Software
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-02-10 09:34 - 2015-02-10 10:37 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-10 09:34 - 2015-02-10 09:34 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-10 09:34 - 2015-02-10 09:34 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-10 09:34 - 2015-02-10 09:34 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-10 09:34 - 2015-02-10 09:33 - 00253640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-02-10 09:34 - 2015-02-10 09:33 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-02-10 09:33 - 2015-02-10 09:33 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-02-10 09:29 - 2015-02-10 09:29 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-10 09:28 - 2015-02-10 09:29 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-10 09:12 - 2015-02-10 09:14 - 00000000 ___DC () C:\OETemp
2015-02-10 08:42 - 2015-02-10 08:42 - 04978536 _____ (AVAST Software) C:\Documents and Settings\mijnd\Desktop\avast_internet_security_setup_online.exe
2015-02-09 15:01 - 2015-02-09 15:01 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\My Scans
2015-02-08 10:06 - 2015-02-10 10:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraantivirus_2
2015-02-06 10:10 - 2015-02-10 10:38 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\FRST-OlderVersion
2015-02-03 15:05 - 2015-02-03 15:05 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\trip mirjam_MH
2015-02-03 14:08 - 2015-02-06 10:07 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraanivirus
2015-02-01 17:05 - 2015-02-10 10:38 - 00000000 ___DC () C:\FRST
2015-02-01 17:04 - 2015-02-10 10:38 - 01124352 ____C (Farbar) C:\Documents and Settings\mijnd\Desktop\FRST.exe
2015-01-27 08:28 - 2015-01-27 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 11:02 - 2015-01-25 08:28 - 00000000 ____D () C:\Program Files\Hola
2015-01-23 08:37 - 2015-01-23 08:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola
2015-01-19 10:15 - 2015-02-08 10:59 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\antivirus
2015-01-16 17:18 - 2015-02-09 15:44 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Boekproject
2015-01-14 11:27 - 2015-01-15 07:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 10:38 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Temp
2015-02-10 10:35 - 2008-11-26 23:21 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\Skype
2015-02-10 10:33 - 2008-11-26 21:13 - 01954817 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 10:31 - 2010-01-03 10:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 10:31 - 2008-11-26 21:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-10 10:31 - 2008-11-26 21:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-10 10:30 - 2008-11-26 21:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-10 10:28 - 2008-11-26 21:24 - 00000178 ___SH () C:\Documents and Settings\mijnd\ntuser.ini
2015-02-10 10:28 - 2008-11-26 21:23 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-10 10:19 - 2015-01-09 11:33 - 00028305 _____ () C:\WINDOWS\setupapi.log
2015-02-10 10:11 - 2010-01-03 10:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 10:06 - 2014-02-08 07:01 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-10 09:58 - 2012-03-29 07:31 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 09:42 - 2009-07-09 20:22 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Temp
2015-02-10 09:21 - 2014-12-29 11:12 - 00000000 ____D () C:\ubuntu
2015-02-10 09:06 - 2014-08-14 14:35 - 00417178 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-10 08:47 - 2014-09-09 16:57 - 01152138 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-1450960922-1417001333-1004-0.dat
2015-02-10 08:46 - 2014-12-25 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-10 07:15 - 2010-01-05 09:33 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\vlc
2015-02-10 07:10 - 2014-08-15 10:08 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Attachments Thunderbird
2015-02-10 07:06 - 2014-02-08 07:01 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-02-10 07:02 - 2014-09-09 15:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-09 17:15 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd
2015-02-09 07:27 - 2014-09-10 07:32 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\temp docs
2015-02-08 22:02 - 2008-11-26 21:11 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-08 07:48 - 2001-08-23 04:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-06 13:12 - 2008-12-13 14:45 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-02-05 15:58 - 2012-03-29 07:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 15:58 - 2011-05-23 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:33 - 2014-11-27 10:10 - 00000000 ____D () C:\Program Files\IPVanish
2015-02-03 10:30 - 2008-12-13 14:45 - 00000000 ____D () C:\Program Files\Google
2015-02-03 10:30 - 2008-12-13 14:36 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Google
2015-02-03 09:05 - 2014-12-23 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:08 - 2014-08-13 09:54 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Video editing
2015-02-01 16:45 - 2011-08-31 13:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-29 13:24 - 2014-12-25 11:33 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 08:04 - 2012-06-26 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 07:51 - 2009-08-09 15:03 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Progrmms Shortcuts
2015-01-26 07:50 - 2008-11-28 18:24 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Software
2015-01-23 14:17 - 2014-11-27 10:11 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\IPVanish
2015-01-16 15:09 - 2008-12-06 21:24 - 00151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 13:06 - 2013-07-16 18:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 12:57 - 2008-11-26 23:26 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 07:29 - 2014-11-09 09:13 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Kenza

==================== Files in the root of some directories =======

2008-12-06 21:24 - 2015-01-16 15:09 - 0151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 09:55 - 2014-09-20 09:55 - 0000863 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\mijnd\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.390.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.434.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.449.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.463.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.467.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.485.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.520.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\mijnd\Local Settings\Temp\IPVanish-Setup-2.0.18.6.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl155.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl160.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\xuninst.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is144.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is58.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is59.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5A.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5B.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5C7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by mijnd at 2015-02-10 10:40:14
Running from C:\Documents and Settings\mijnd\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.11a - Acer Crystal Eye)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Alky for Applications (Windows XP) (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.1 - Alky Team)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline (Version: 1.01.00 - Articulate) Hidden
ASUS RT-N12B1 Wireless Router Utilities (HKLM\...\{23306E15-327A-496E-8AE1-9E62E63BF27D}) (Version: 4.1.9.0 - ASUS)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Babylon (HKLM\...\Babylon) (Version:  - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BUFFALO Network-USB Navigator (HKLM\...\BUFFALO Device server) (Version: 1.40 - BUFFALO INC.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.2.2140 - CDBurnerXP)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Dropbox) (Version: 0.7.110 - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elektronisch Groene Boekje (HKLM\...\{B8903E65-D802-4D34-A72D-101EBA881D90}) (Version: 3.0.1 - Sdu Uitgevers)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPubsoft Adobe PDF ePub DRM Removal 8.1.7 (HKLM\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 8.1.7 - EPUBSOFT)
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Gadget Installer (HKLM\...\{3F3733A5-8322-454D-A638-3B74E1C83752}) (Version: 1.0.2 - VistaExperience.org)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync V6 (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version:  - Siber Systems)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IconPackager (HKLM\...\IconPackager) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Kubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Kubuntu)
Launch Manager (HKLM\...\LManager) (Version:  - )
LClock (HKLM\...\LClock) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Recent Documents Gadget (HKLM\...\{90120000-008A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Photo to Cartoon (HKLM\...\{C7DE53DF-A820-431B-9A24-F558C374C500}) (Version: 4.0.0 - Caricature Software)
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.012 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5802 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version:  - NCH Software)
Resource Hacker 3.4.0 (HKLM\...\Resource Hacker 3.4.0) (Version:  - Resource Hacker 3.4.0)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigil 0.7.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.1.00.17290 - Sony Corporation)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
Styler (HKLM\...\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}) (Version: 1.4.0.1 - ta2027)
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version:  - )
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.19.4 - Synaptics)
TalkAndWrite (HKLM\...\TalkAndWrite_is1) (Version: 5.1.0.206 - TalkAndWrite)
Thai-English English-Thai Talking Dictionary v1.6 (HKLM\...\ThaiDict_is1) (Version:  - Paiboon Publishing Inc. and Word in the Hand Inc.)
TK8 StickyNotes 4.0 (HKLM\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.33 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\{B63F5DA2-FD25-4437-A60B-1E99029E99D5}) (Version: 2.1.2 - Van Dale Lexicografie)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSDC Free Video Editor version 2.1.8.149 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.149 - Flash-Integro LLC)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sidebar (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
xp-AntiSpy 3.96-8 (HKLM\...\xp-AntiSpy) (Version: 3.96-8 - Christian Taubenheim)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {589B7306-9468-D082-50E3-EAA985889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {45638ACD-9468-D082-9B1A-12B485889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-11-2014 08:51:20 System Checkpoint
13-11-2014 06:57:10 Software Distribution Service 3.0
15-11-2014 09:16:28 System Checkpoint
16-11-2014 09:23:31 System Checkpoint
17-11-2014 09:56:38 System Checkpoint
19-11-2014 08:54:59 System Checkpoint
20-11-2014 14:46:40 System Checkpoint
22-11-2014 07:34:23 System Checkpoint
23-11-2014 07:59:41 System Checkpoint
24-11-2014 08:50:13 System Checkpoint
25-11-2014 08:52:26 System Checkpoint
26-11-2014 10:18:43 Installed COMODO Unite
27-11-2014 10:03:25 IPVanish VPN
29-11-2014 12:33:32 System Checkpoint
01-12-2014 10:03:23 System Checkpoint
03-12-2014 08:50:10 System Checkpoint
05-12-2014 07:39:19 System Checkpoint
06-12-2014 09:07:43 System Checkpoint
10-12-2014 08:31:23 Software Distribution Service 3.0
12-12-2014 07:38:38 IPVanish VPN
12-12-2014 07:39:10 IPVanish VPN
13-12-2014 09:41:24 System Checkpoint
14-12-2014 11:36:55 System Checkpoint
17-12-2014 13:05:32 System Checkpoint
18-12-2014 10:02:12 Removed IIS 7.5 Express
20-12-2014 10:25:38 System Checkpoint
22-12-2014 09:01:05 System Checkpoint
23-12-2014 08:27:38 IPVanish VPN
23-12-2014 08:30:16 IPVanish VPN
23-12-2014 09:52:42 IPVanish VPN
23-12-2014 10:19:13 IPVanish VPN
23-12-2014 15:20:21 HP Update verwijderd.
23-12-2014 15:20:36 Removed Google+ Auto Backup
25-12-2014 08:29:04 System Checkpoint
27-12-2014 09:25:12 System Checkpoint
29-12-2014 08:26:41 System Checkpoint
30-12-2014 15:05:56 Software Distribution Service 3.0
01-01-2015 11:13:24 System Checkpoint
08-01-2015 08:28:16 System Checkpoint
09-01-2015 10:09:25 System Checkpoint
11-01-2015 08:15:51 System Checkpoint
15-01-2015 08:31:37 System Checkpoint
15-01-2015 12:57:35 Software Distribution Service 3.0
17-01-2015 09:24:36 System Checkpoint
19-01-2015 08:34:45 System Checkpoint
20-01-2015 09:02:55 System Checkpoint
23-01-2015 09:15:23 System Checkpoint
24-01-2015 14:25:19 System Checkpoint
26-01-2015 08:54:58 System Checkpoint
27-01-2015 08:59:15 System Checkpoint
29-01-2015 13:06:50 System Checkpoint
01-02-2015 17:24:49 System Checkpoint
03-02-2015 08:33:19 System Checkpoint
03-02-2015 10:32:34 IPVanish VPN
06-02-2015 11:04:50 System Checkpoint
08-02-2015 08:07:16 System Checkpoint
09-02-2015 08:37:09 System Checkpoint
10-02-2015 09:29:46 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 04:00 - 2012-02-10 12:32 - 00000758 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 NAS server


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnSevenDaysInit.job => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\DOCUME~1\mijnd\LOCALS~1\Temp\n1s.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\expressripShakeIcon.job => C:\Program Files\NCH Swift Sound\ExpressRip\expressrip.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\switchSevenDays.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\wavepadSevenDays.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-10 09:34 - 2015-02-10 09:34 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020901\algo.dll
2013-08-21 13:38 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-13 10:44 - 2001-03-15 05:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2010-06-25 15:09 - 2008-06-16 13:11 - 00081920 _____ () C:\WINDOWS\system32\emfxp.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 19:00 - 2011-11-03 22:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 19:00 - 2013-01-02 13:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2010-05-17 21:23 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2008-11-26 21:10 - 2007-09-21 00:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-10 09:34 - 2015-02-10 09:34 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-29 16:18 - 2012-10-24 16:08 - 10134360 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
2015-01-14 11:27 - 2015-01-14 11:27 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-27 08:28 - 2015-01-27 08:29 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 15:58 - 2015-02-05 15:58 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2011-10-05 03:52 - 2011-10-05 03:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2006-04-13 22:03 - 2006-04-13 22:03 - 00104000 _____ () C:\Program Files\Common Files\Microsoft Shared\PROOF\PASO\Polderland\PRCC.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\lang_0874.uni:index

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\mijnd\My Documents\My Pictures\Picasa\Achtergronden\picasabackground-006.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk => C:\WINDOWS\pss\Mediacontrole Picture Motion Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Styler.lnk => C:\WINDOWS\pss\Styler.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon.exe -AutoStart
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LClock => C:\Program Files\LClock\LClock.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VEngine => C:\Program Files\Comodo\VEngine\VEngine.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1390067357-1450960922-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1390067357-1450960922-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1390067357-1450960922-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1450960922-1417001333-1000 - Limited - Disabled)
mijnd (S-1-5-21-1390067357-1450960922-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mijnd
SUPPORT_388945a0 (S-1-5-21-1390067357-1450960922-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor   
Description: Fingerprint Sensor   
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 #2
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:14:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/23/2015 09:18:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1972) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/25/2014 10:39:31 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/24/2014 00:28:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:57:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/23/2014 04:56:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (02/10/2015 10:32:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Web Deployment Agent Service service terminated with the following error:
%%2148734208

Error: (02/10/2015 10:32:42 AM) (Source: 0) (EventID: 15005) (User: )
Description: 0.0.0.0:80

Error: (02/10/2015 10:32:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/10/2015 10:32:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/10/2015 10:31:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/10/2015 10:31:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (02/10/2015 10:31:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (02/10/2015 10:30:42 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/10/2015 10:30:42 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (02/10/2015 09:26:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Web Deployment Agent Service service terminated with the following error:
%%2148734208


Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3781 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (10/31/2013 02:53:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 11:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/23/2012 11:55:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4704 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (03/02/2012 01:00:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14606 seconds with 7680 seconds of active time.  This session ended with a crash.

Error: (10/06/2010 09:05:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26582 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 07:26:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32797 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/11/2009 11:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5618 seconds with 2760 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 61%
Total physical RAM: 2038.36 MB
Available physical RAM: 788.82 MB
Total Pagefile: 3928.41 MB
Available Pagefile: 2807.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.48 GB) (Free:5.93 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 07540753)
Partition 1: (Active) - (Size=88.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=23.3 GB) - (Type=05)

==================== End Of Log ============================

 

Best regards

 

Men



#14 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:36 PM

Posted 11 February 2015 - 10:47 AM

Hello Men,

you are having a DNS-Hijacker in your router, it is neccesary to reset the router on factory settings, therefore you need your password given by your Internet Service Provider, your username and password for the interface of the router and your wifi name and password. Please have a look in the users manual of your router and follow the adviced steps in there.
Please read also this guide . Perhaps you can print it before you are going to reset your router.

When you have finished this procedere I need two new logs.

Step 1
Please download MiniToolBox and run it.

Checkmark following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List IP configuration
please post the result.txt here in your thread and perform a restart.

Step 2
Please restart FRST.
  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile FRST.txt will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

regards,

 

Sandra


#15 Men

Men
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tha Mai (New Port) Eastern Thailand
  • Local time:03:36 AM

Posted 11 February 2015 - 11:27 PM

Hello Sandra,

 

I have a DNS-hijacker in my router!....How did I dio that :)

 

I did reset the router (only needed the router username and password) and ran the scan Step1:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by mijnd (administrator) on 12-02-2015 at 11:09:25
Running from "C:\Documents and Settings\mijnd\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 4 (Disconnected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 7 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Local Area Connection" addr=8.8.4.4 index=2
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 7"

set address name="Local Area Connection 7" source=dhcp
set dns name="Local Area Connection 7" source=dhcp register=PRIMARY
set wins name="Local Area Connection 7" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : acer

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Mixed

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-1B-24-9E-ED-5B

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.7

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::21b:24ff:fe9e:ed5b%5

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 8.8.8.8

                                            8.8.4.4

                                            fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        Lease Obtained. . . . . . . . . . : donderdag 12 februari 2015 11:08:44

        Lease Expires . . . . . . . . . . : zondag 15 februari 2015 11:08:44



Ethernet adapter Local Area Connection 7:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : TAP-Win32 Adapter V9

        Physical Address. . . . . . . . . : 00-FF-7A-30-CD-5E



Tunnel adapter Teredo Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%7

        Default Gateway . . . . . . . . . :

        NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-01-07

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.7%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  1.179.251.25, 1.179.251.29, 1.179.251.44, 1.179.251.40
      1.179.251.20, 1.179.251.39, 1.179.251.59, 1.179.251.45, 1.179.251.54
      1.179.251.50, 1.179.251.24, 1.179.251.34, 1.179.251.55, 1.179.251.35
      1.179.251.49, 1.179.251.30



Pinging google.com [1.179.251.25] with 32 bytes of data:



Reply from 1.179.251.25: bytes=32 time=32ms TTL=58

Reply from 1.179.251.25: bytes=32 time=32ms TTL=58



Ping statistics for 1.179.251.25:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 32ms, Maximum = 32ms, Average = 32ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=282ms TTL=43

Reply from 206.190.36.45: bytes=32 time=283ms TTL=43



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 282ms, Maximum = 283ms, Average = 282ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 1b 24 9e ed 5b ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
0x4 ...00 ff 7a 30 cd 5e ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.7      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.7     192.168.1.7      20
      192.168.1.7  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.7     192.168.1.7      20
        224.0.0.0        240.0.0.0      192.168.1.7     192.168.1.7      20
  255.255.255.255  255.255.255.255      192.168.1.7     192.168.1.7      1
  255.255.255.255  255.255.255.255      192.168.1.7               4      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

**** End of log ****
 

Here is step 2:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by mijnd (administrator) on ACER on 12-02-2015 11:20:55
Running from C:\Documents and Settings\mijnd\Desktop\FRST-OlderVersion
Loaded Profiles: mijnd (Available profiles: mijnd)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\mijnd\LOCALS~1\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-06-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17530368 2009-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [715272 2007-08-13] (Dritek System Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-10] (AVAST Software)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10134360 2012-10-24] ()
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2aa-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {17e7e2ab-458f-11de-a844-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750dd-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {dc8750de-4611-11de-a848-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1a-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\MountPoints2: {eee28b1b-44b9-11de-a841-0013e8957dd3} - F:\StartVMCLite.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * 猀瀀爀攀猀琀爀琀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?nord=1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://192.168.1.250/IPCamPluginMJPEG.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
Tcpip\..\Interfaces\{4BE37950-E3C3-403B-969D-8B880C978D8B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C8D9EA60-488B-4D08-852F-735F871CE14E}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1450960922-1417001333-1004: @hola.org/vlc,version=1.6.520 -> C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola\firefox\app\vlc ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\searchplugins\startpage-ssl.xml
FF Extension: British English Dictionary - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-12]
FF Extension: NoScript - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-20]
FF Extension: Web Developer - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-17]
FF Extension: Adblock Plus - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-20]
FF Extension: BetterPrivacy - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-22]
FF Extension: Adblock Edge - C:\Documents and Settings\mijnd\Application Data\Mozilla\Firefox\Profiles\k24ud7of.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{E5C20E23-9BBF-4a06-AC43-277382EF1B43}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6
FF Extension: VerificationEngine&#174; - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010-02-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]
FF HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-10] (AVAST Software)
R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-03] (Oracle Corporation)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 0187451260843226mcinstcleanup; C:\DOCUME~1\mijnd\LOCALS~1\Temp\018745~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 szserver; "C:\Program Files\STOPzilla!\SZServer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-10] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2015-02-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-10] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-02-10] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2015-02-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-02-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-02-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-10] ()
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66304 2007-01-31] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [45952 2007-01-31] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2007-01-31] (ENE Technology Inc.)
S4 exFat; C:\WINDOWS\system32\Drivers\exFat.sys [133632 2008-09-29] (Microsoft Corporation) [File not signed]
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-05-08] (Intel Corporation)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R0 is3srv; C:\WINDOWS\System32\drivers\is3srv.sys [99728 2012-03-20] (iS3 Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2210816 2007-08-29] (Intel Corporation)
S3 PcaSp50; C:\WINDOWS\System32\DRIVERS\PcaSp50.sys [28160 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-11-26] (Duplex Secure Ltd.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 szkg5; C:\WINDOWS\System32\DRIVERS\szkg.sys [99728 2012-03-20] (iS3 Inc.)
R0 szkgfs; C:\WINDOWS\System32\drivers\szkgfs.sys [73008 2012-05-04] (iS3, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 11:06 - 2015-02-12 11:09 - 00007523 _____ () C:\Documents and Settings\mijnd\Desktop\Result.txt
2015-02-12 11:03 - 2015-02-12 11:04 - 00401920 _____ (Farbar) C:\Documents and Settings\mijnd\Desktop\MiniToolBox(1).exe
2015-02-12 10:47 - 2015-02-12 10:47 - 00001348 _____ () C:\Documents and Settings\mijnd\Desktop\AirStationSettings.txt
2015-02-12 09:44 - 2015-02-12 09:44 - 00000000 _____ () C:\Documents and Settings\mijnd\AdobeWeb.log
2015-02-10 10:56 - 2015-02-12 11:19 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraantivirus3
2015-02-10 09:35 - 2015-02-10 09:35 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-02-10 09:35 - 2015-02-10 09:35 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\AVAST Software
2015-02-10 09:35 - 2015-02-10 09:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-02-10 09:34 - 2015-02-12 09:50 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-10 09:34 - 2015-02-10 09:34 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-10 09:34 - 2015-02-10 09:34 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-10 09:34 - 2015-02-10 09:34 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-10 09:34 - 2015-02-10 09:34 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-10 09:34 - 2015-02-10 09:33 - 00253640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-02-10 09:34 - 2015-02-10 09:33 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-02-10 09:33 - 2015-02-10 09:33 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-02-10 09:29 - 2015-02-10 09:29 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-10 09:28 - 2015-02-10 09:29 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-10 09:12 - 2015-02-10 09:14 - 00000000 ___DC () C:\OETemp
2015-02-09 15:01 - 2015-02-09 15:01 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\My Scans
2015-02-08 10:06 - 2015-02-10 10:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraantivirus_2
2015-02-06 10:10 - 2015-02-12 11:20 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\FRST-OlderVersion
2015-02-03 15:05 - 2015-02-03 15:05 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\trip mirjam_MH
2015-02-03 14:08 - 2015-02-06 10:07 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Sandraanivirus
2015-02-01 17:05 - 2015-02-12 11:21 - 00000000 ___DC () C:\FRST
2015-02-01 17:04 - 2015-02-12 11:19 - 00197632 ____C () C:\Documents and Settings\mijnd\Desktop\FRST.exe
2015-01-27 08:28 - 2015-01-27 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 11:02 - 2015-01-25 08:28 - 00000000 ____D () C:\Program Files\Hola
2015-01-23 08:37 - 2015-01-23 08:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Hola
2015-01-19 10:15 - 2015-02-08 10:59 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\antivirus
2015-01-16 17:18 - 2015-02-11 09:37 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Boekproject
2015-01-14 11:27 - 2015-01-15 07:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 11:21 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Temp
2015-02-12 11:11 - 2010-01-03 10:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 11:08 - 2008-11-26 23:21 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\Skype
2015-02-12 11:06 - 2014-02-08 07:01 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-02-12 10:58 - 2012-03-29 07:31 - 00000940 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 10:26 - 2015-01-09 11:33 - 00028624 _____ () C:\WINDOWS\setupapi.log
2015-02-12 09:45 - 2008-11-26 21:13 - 02022040 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 09:44 - 2010-01-03 10:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 09:44 - 2008-11-26 21:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-12 09:44 - 2008-11-26 21:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-12 09:44 - 2008-11-26 21:24 - 00000000 ____D () C:\Documents and Settings\mijnd
2015-02-12 09:43 - 2008-11-26 21:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 09:41 - 2008-11-26 21:24 - 00000178 ___SH () C:\Documents and Settings\mijnd\ntuser.ini
2015-02-12 09:41 - 2008-11-26 21:23 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-11 13:12 - 2008-12-13 14:45 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-02-11 09:37 - 2008-11-28 18:24 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Software
2015-02-11 07:33 - 2012-11-14 10:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-02-10 09:42 - 2009-07-09 20:22 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Temp
2015-02-10 09:21 - 2014-12-29 11:12 - 00000000 ____D () C:\ubuntu
2015-02-10 09:06 - 2014-08-14 14:35 - 00417178 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-10 08:47 - 2014-09-09 16:57 - 01152138 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-1450960922-1417001333-1004-0.dat
2015-02-10 08:46 - 2014-12-25 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-10 07:15 - 2010-01-05 09:33 - 00000000 ____D () C:\Documents and Settings\mijnd\Application Data\vlc
2015-02-10 07:10 - 2014-08-15 10:08 - 00000000 ____D () C:\Documents and Settings\mijnd\My Documents\Attachments Thunderbird
2015-02-10 07:06 - 2014-02-08 07:01 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-02-10 07:02 - 2014-09-09 15:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-09 07:27 - 2014-09-10 07:32 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\temp docs
2015-02-08 22:02 - 2008-11-26 21:11 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-08 07:48 - 2001-08-23 04:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-05 15:58 - 2012-03-29 07:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 15:58 - 2011-05-23 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:33 - 2014-11-27 10:10 - 00000000 ____D () C:\Program Files\IPVanish
2015-02-03 10:30 - 2008-12-13 14:45 - 00000000 ____D () C:\Program Files\Google
2015-02-03 10:30 - 2008-12-13 14:36 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\Google
2015-02-03 09:05 - 2014-12-23 15:34 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:08 - 2014-08-13 09:54 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Video editing
2015-02-01 16:45 - 2011-08-31 13:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-29 13:24 - 2014-12-25 11:33 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 08:04 - 2012-06-26 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 07:51 - 2009-08-09 15:03 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Progrmms Shortcuts
2015-01-23 14:17 - 2014-11-27 10:11 - 00000000 ____D () C:\Documents and Settings\mijnd\Local Settings\Application Data\IPVanish
2015-01-16 15:09 - 2008-12-06 21:24 - 00151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 13:06 - 2013-07-16 18:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 12:57 - 2008-11-26 23:26 - 110348472 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 07:29 - 2014-11-09 09:13 - 00000000 ____D () C:\Documents and Settings\mijnd\Desktop\Kenza

==================== Files in the root of some directories =======

2008-12-06 21:24 - 2015-01-16 15:09 - 0151552 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 09:55 - 2014-09-20 09:55 - 0000863 _____ () C:\Documents and Settings\mijnd\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\mijnd\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.390.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.434.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.449.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.463.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.467.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.485.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Hola-Setup-Plugin-1.6.520.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\mijnd\Local Settings\Temp\IPVanish-Setup-2.0.18.6.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl155.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\pyl160.tmp.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\mijnd\Local Settings\Temp\xuninst.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is144.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is58.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is59.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5A.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5B.exe
C:\Documents and Settings\mijnd\Local Settings\Temp\_is5C7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2015 02
Ran by mijnd at 2015-02-12 11:22:53
Running from C:\Documents and Settings\mijnd\Desktop\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Crystal Eye (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.11a - Acer Crystal Eye)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Adobe Connect 9 Add-in) (Version: 11.2.247.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Alky for Applications (Windows XP) (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.1 - Alky Team)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline (Version: 1.01.00 - Articulate) Hidden
ASUS RT-N12B1 Wireless Router Utilities (HKLM\...\{23306E15-327A-496E-8AE1-9E62E63BF27D}) (Version: 4.1.9.0 - ASUS)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Babylon (HKLM\...\Babylon) (Version:  - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BUFFALO Network-USB Navigator (HKLM\...\BUFFALO Device server) (Version: 1.40 - BUFFALO INC.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.2.2140 - CDBurnerXP)
Combined Community Codec Pack 2006-12-15 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2006-12-15 02:32 - CCCP Project)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\...\Dropbox) (Version: 0.7.110 - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elektronisch Groene Boekje (HKLM\...\{B8903E65-D802-4D34-A72D-101EBA881D90}) (Version: 3.0.1 - Sdu Uitgevers)
Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPubsoft Adobe PDF ePub DRM Removal 8.1.7 (HKLM\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 8.1.7 - EPUBSOFT)
Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
Express Rip (HKLM\...\ExpressRip) (Version:  - NCH Software)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version:  - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Gadget Installer (HKLM\...\{3F3733A5-8322-454D-A638-3B74E1C83752}) (Version: 1.0.2 - VistaExperience.org)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync V6 (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version:  - Siber Systems)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IconPackager (HKLM\...\IconPackager) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
K209a-z (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Kubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Kubuntu)
Launch Manager (HKLM\...\LManager) (Version:  - )
LClock (HKLM\...\LClock) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Recent Documents Gadget (HKLM\...\{90120000-008A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Photo to Cartoon (HKLM\...\{C7DE53DF-A820-431B-9A24-F558C374C500}) (Version: 4.0.0 - Caricature Software)
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.012 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5802 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version:  - NCH Software)
Resource Hacker 3.4.0 (HKLM\...\Resource Hacker 3.4.0) (Version:  - Resource Hacker 3.4.0)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigil 0.7.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.1.00.17290 - Sony Corporation)
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
Styler (HKLM\...\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}) (Version: 1.4.0.1 - ta2027)
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version:  - )
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.19.4 - Synaptics)
TalkAndWrite (HKLM\...\TalkAndWrite_is1) (Version: 5.1.0.206 - TalkAndWrite)
Thai-English English-Thai Talking Dictionary v1.6 (HKLM\...\ThaiDict_is1) (Version:  - Paiboon Publishing Inc. and Word in the Hand Inc.)
TK8 StickyNotes 4.0 (HKLM\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.33 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Van Dale Groot woordenboek van de Nederlandse taal 14 (HKLM\...\vdegwn.exe) (Version:  - )
Van Dale Grote woordenboeken Engels (HKLM\...\{B63F5DA2-FD25-4437-A60B-1E99029E99D5}) (Version: 2.1.2 - Van Dale Lexicografie)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSDC Free Video Editor version 2.1.8.149 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.149 - Flash-Integro LLC)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Sidebar (HKLM\...\Windows Sidebar) (Version: 6.0.6001.18000 - Microsoft Corporation)
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
xp-AntiSpy 3.96-8 (HKLM\...\xp-AntiSpy) (Version: 3.96-8 - Christian Taubenheim)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{71748560-AA80-4469-9C1D-29A66233974C}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {589B7306-9468-D082-50E3-EAA985889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{D66AFFF1-8FE8-48f0-A2D7-D231D926E751}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\webnavi\nvi.dll No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {45638ACD-9468-D082-9B1A-12B485889A47} No File
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-1450960922-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\mijnd\Application Data\Dropbox\bin\DropboxExt.13.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-11-2014 09:16:28 System Checkpoint
16-11-2014 09:23:31 System Checkpoint
17-11-2014 09:56:38 System Checkpoint
19-11-2014 08:54:59 System Checkpoint
20-11-2014 14:46:40 System Checkpoint
22-11-2014 07:34:23 System Checkpoint
23-11-2014 07:59:41 System Checkpoint
24-11-2014 08:50:13 System Checkpoint
25-11-2014 08:52:26 System Checkpoint
26-11-2014 10:18:43 Installed COMODO Unite
27-11-2014 10:03:25 IPVanish VPN
29-11-2014 12:33:32 System Checkpoint
01-12-2014 10:03:23 System Checkpoint
03-12-2014 08:50:10 System Checkpoint
05-12-2014 07:39:19 System Checkpoint
06-12-2014 09:07:43 System Checkpoint
10-12-2014 08:31:23 Software Distribution Service 3.0
12-12-2014 07:38:38 IPVanish VPN
12-12-2014 07:39:10 IPVanish VPN
13-12-2014 09:41:24 System Checkpoint
14-12-2014 11:36:55 System Checkpoint
17-12-2014 13:05:32 System Checkpoint
18-12-2014 10:02:12 Removed IIS 7.5 Express
20-12-2014 10:25:38 System Checkpoint
22-12-2014 09:01:05 System Checkpoint
23-12-2014 08:27:38 IPVanish VPN
23-12-2014 08:30:16 IPVanish VPN
23-12-2014 09:52:42 IPVanish VPN
23-12-2014 10:19:13 IPVanish VPN
23-12-2014 15:20:21 HP Update verwijderd.
23-12-2014 15:20:36 Removed Google+ Auto Backup
25-12-2014 08:29:04 System Checkpoint
27-12-2014 09:25:12 System Checkpoint
29-12-2014 08:26:41 System Checkpoint
30-12-2014 15:05:56 Software Distribution Service 3.0
01-01-2015 11:13:24 System Checkpoint
08-01-2015 08:28:16 System Checkpoint
09-01-2015 10:09:25 System Checkpoint
11-01-2015 08:15:51 System Checkpoint
15-01-2015 08:31:37 System Checkpoint
15-01-2015 12:57:35 Software Distribution Service 3.0
17-01-2015 09:24:36 System Checkpoint
19-01-2015 08:34:45 System Checkpoint
20-01-2015 09:02:55 System Checkpoint
23-01-2015 09:15:23 System Checkpoint
24-01-2015 14:25:19 System Checkpoint
26-01-2015 08:54:58 System Checkpoint
27-01-2015 08:59:15 System Checkpoint
29-01-2015 13:06:50 System Checkpoint
01-02-2015 17:24:49 System Checkpoint
03-02-2015 08:33:19 System Checkpoint
03-02-2015 10:32:34 IPVanish VPN
06-02-2015 11:04:50 System Checkpoint
08-02-2015 08:07:16 System Checkpoint
09-02-2015 08:37:09 System Checkpoint
10-02-2015 09:29:46 avast! antivirus system restore point
11-02-2015 13:40:57 Software Distribution Service 3.0
12-02-2015 08:05:57 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 04:00 - 2012-02-10 12:32 - 00000758 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.1.253 NAS server


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnSevenDaysInit.job => C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\DOCUME~1\mijnd\LOCALS~1\Temp\n1s.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\expressripShakeIcon.job => C:\Program Files\NCH Swift Sound\ExpressRip\expressrip.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\switchSevenDays.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\wavepadSevenDays.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-12 07:42 - 2015-02-12 07:42 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021101\algo.dll
2013-08-21 13:38 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-13 10:44 - 2001-03-15 05:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2010-06-25 15:09 - 2008-06-16 13:11 - 00081920 _____ () C:\WINDOWS\system32\emfxp.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 19:00 - 2008-04-14 19:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2008-04-14 19:00 - 2011-11-03 22:28 - 00386048 _____ () C:\WINDOWS\system32\qdvd.dll
2008-04-14 19:00 - 2013-01-02 13:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-05-17 21:23 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2008-11-26 21:10 - 2007-09-21 00:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-11-26 21:10 - 2006-09-07 23:19 - 00008704 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2001-08-23 04:00 - 2008-04-23 21:29 - 00061440 _____ () C:\WINDOWS\system32\CopyToSendTo.dll
2008-03-23 06:01 - 2008-03-23 06:01 - 00039424 _____ () C:\Program Files\Alky for Applications\vshellext.dll
2015-02-10 09:34 - 2015-02-10 09:34 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-29 16:18 - 2012-10-24 16:08 - 10134360 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
2015-01-14 11:27 - 2015-01-14 11:27 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 11:27 - 2015-01-14 11:27 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-27 08:28 - 2015-01-27 08:29 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 15:58 - 2015-02-05 15:58 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\lang_0874.uni:index

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1390067357-1450960922-1417001333-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\mijnd\My Documents\My Pictures\Picasa\Achtergronden\picasabackground-006.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 5.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk => C:\WINDOWS\pss\Mediacontrole Picture Motion Browser.lnk.Startup
MSCONFIG\startupfolder: C:^Documents and Settings^mijnd^Start Menu^Programs^Startup^Styler.lnk => C:\WINDOWS\pss\Styler.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon.exe -AutoStart
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LClock => C:\Program Files\LClock\LClock.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: VEngine => C:\Program Files\Comodo\VEngine\VEngine.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1390067357-1450960922-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1390067357-1450960922-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1390067357-1450960922-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1450960922-1417001333-1000 - Limited - Disabled)
mijnd (S-1-5-21-1390067357-1450960922-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\mijnd
SUPPORT_388945a0 (S-1-5-21-1390067357-1450960922-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor   
Description: Fingerprint Sensor   
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Wireless WiFi Link 4965AGN
Description: Intel® Wireless WiFi Link 4965AGN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 #2
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 11:21:22 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:22 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:20 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:20 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:16 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:16 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:15 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2015 11:21:15 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (02/12/2015 09:45:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Web Deployment Agent Service service terminated with the following error:
%%2148734208

Error: (02/12/2015 09:45:45 AM) (Source: 0) (EventID: 15005) (User: )
Description: 0.0.0.0:80

Error: (02/12/2015 09:45:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd
szkg5

Error: (02/12/2015 09:45:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (02/12/2015 09:44:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (02/12/2015 09:44:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.

Error: (02/12/2015 09:44:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (02/12/2015 09:44:09 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (02/12/2015 09:40:38 AM) (Source: DCOM) (EventID: 10010) (User: ACER)
Description: The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register with DCOM within the required timeout.

Error: (02/12/2015 09:33:51 AM) (Source: 0) (EventID: 4199) (User: )
Description: 192.168.1.488:30:8A:5E:F0:45


Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3781 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (10/31/2013 02:53:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 542 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 11:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/23/2012 11:55:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4704 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (03/02/2012 01:00:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14606 seconds with 7680 seconds of active time.  This session ended with a crash.

Error: (10/06/2010 09:05:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26582 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 07:26:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32797 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (05/11/2009 11:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5618 seconds with 2760 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 62%
Total physical RAM: 2038.36 MB
Available physical RAM: 770.5 MB
Total Pagefile: 3928.41 MB
Available Pagefile: 2781.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.48 GB) (Free:5.63 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 07540753)
Partition 1: (Active) - (Size=88.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=23.3 GB) - (Type=05)

==================== End Of Log ============================

 

Thanks again sofar.

 

Best regards

 

Men

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users