Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with Sinowal, can't get rid of it


  • This topic is locked This topic is locked
12 replies to this topic

#1 SparkyPlug

SparkyPlug

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 12 July 2012 - 06:02 AM

Hi

I've got a problem, every time I open my Chrome, both avast and Security Essentials warns about some Sinowal Trojan found in a plugin.ddl in Windows' Temp-folder. They also say they fixed it. But it keeps happening every time I open Chrome. Scans find either nothing or some Temp-file that gets sorted out, but it changes nothing. Internet Explorer is lagging and working rather slow, but no warnings so maybe the malware isn't blocked there. Recently (today) I've also been getting warnings about some malfunction in explorer.exe, found by avast. It pops up at random times.

Also, about the logs, when I was doing the Gmer log, it wouldn't let me check all options, only Services, Registry, Files and ADS. I attach the log I got from that though.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Linus at 12:00:39 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8173.4560 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Emotum\Stay Connected\Service.exe
C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Linus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Linus\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75E7B172-2FCB-432C-BEC5-7816F7CBE306} : NameServer = 195.54.122.221 195.54.122.211
TCP: Interfaces\{DBB05EFD-B30C-41A9-A47D-C0B92DC537CD} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-7-9 23208]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-7-9 3069752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-9 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ESCSvc;Emotum Stay Connected Service;C:\Program Files (x86)\Emotum\Stay Connected\Service.exe [2010-8-25 659752]
R2 ESUSClient_B2;Telenor Sweden Software Update Service;C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [2011-3-7 358808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-31 2253120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-7-9 66320]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 afgqmiet;afgqmiet;\??\C:\Windows\system32\drivers\afgqmiet.sys --> C:\Windows\system32\drivers\afgqmiet.sys [?]
S1 bwwefwye;bwwefwye;\??\C:\Windows\system32\drivers\bwwefwye.sys --> C:\Windows\system32\drivers\bwwefwye.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\system32\DRIVERS\nordecr.sys --> C:\Windows\system32\DRIVERS\nordecr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown loaoaozj;loaoaozj; [x]
SUnknown oibsgaed;oibsgaed; [x]
.
=============== Created Last 30 ================
.
2012-07-12 08:55:32 50392 ----a-w- C:\Windows\System32\drivers\afgqmiet.sys
2012-07-12 08:33:57 50392 ----a-w- C:\Windows\System32\drivers\bwwefwye.sys
2012-07-12 08:33:36 -------- d-----w- C:\Users\Linus\AppData\Local\{DC423AE6-CF37-4E82-8C23-B5D8B44D6B78}
2012-07-12 08:33:25 -------- d-----w- C:\Users\Linus\AppData\Local\{A41254AC-753B-4919-A7EC-1867AE12DFF2}
2012-07-11 08:30:09 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{814C36CC-89EF-41C0-B396-B9C52D0CEEAC}\offreg.dll
2012-07-11 00:50:24 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-07-11 00:20:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29A30FA4-73B0-489E-AE64-773569BABAE3}\gapaengine.dll
2012-07-11 00:20:03 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{814C36CC-89EF-41C0-B396-B9C52D0CEEAC}\mpengine.dll
2012-07-10 11:49:48 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-10 11:48:50 -------- d-----w- C:\Users\Linus\AppData\Local\{15C804E5-AF11-41DC-A89B-F8B0D083C9B6}
2012-07-10 11:48:37 -------- d-----w- C:\Users\Linus\AppData\Local\{313682BE-A366-4306-AF04-47665F8FD203}
2012-07-09 23:23:02 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-09 23:23:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-09 19:10:12 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-09 18:51:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-09 18:51:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-09 18:46:38 -------- d-----w- C:\Users\Linus\AppData\Local\SpyZooka
2012-07-09 11:14:22 -------- d-----w- C:\Program Files (x86)\ReImageCompanion
2012-07-09 10:18:13 -------- d-----w- C:\Users\Linus\AppData\Local\{DBF68941-13D2-4435-A990-D80B76FECEDE}
2012-07-09 10:18:01 -------- d-----w- C:\Users\Linus\AppData\Local\{776AEAD8-26EC-4779-BE6F-532567DD28FE}
2012-07-08 09:01:15 -------- d-----w- C:\Users\Linus\AppData\Local\{2DC27ECF-AAD6-4381-AFEA-99CF99BAD426}
2012-07-08 09:01:03 -------- d-----w- C:\Users\Linus\AppData\Local\{3EDFFA84-17D9-4383-98F8-41E335B159D5}
2012-07-07 14:18:56 -------- d-----w- C:\Users\Linus\AppData\Local\{57D412B2-F50C-4044-AD42-F259DE54F879}
2012-07-07 14:18:44 -------- d-----w- C:\Users\Linus\AppData\Local\{AD9239E4-3D08-4E5C-9A03-C0196091EADC}
2012-07-07 02:18:30 -------- d-----w- C:\Users\Linus\AppData\Local\{A835CDBA-7E2D-476E-9EA9-74B911238E89}
2012-07-07 02:18:18 -------- d-----w- C:\Users\Linus\AppData\Local\{6C54B792-84D9-48FE-8E7C-C6924DEB974E}
2012-07-04 08:50:00 -------- d-----w- C:\Users\Linus\AppData\Local\{B4D6A547-C4B3-4991-B8B5-AC1CCA0454E7}
2012-07-04 08:49:48 -------- d-----w- C:\Users\Linus\AppData\Local\{BB65EB91-4B6C-4520-A74E-81FCED346D14}
2012-07-03 10:06:57 -------- d-----w- C:\Users\Linus\AppData\Local\{49E78F17-43FC-4A7A-AC4A-806980483C32}
2012-07-03 10:06:44 -------- d-----w- C:\Users\Linus\AppData\Local\{60B7A5DE-3E35-4895-BC42-5465F2C74BBA}
2012-07-02 19:56:42 -------- d-----w- C:\Users\Linus\AppData\Local\{039789DB-D060-49C3-BDFB-2BE96B58CFEE}
2012-07-02 19:56:30 -------- d-----w- C:\Users\Linus\AppData\Local\{798F12E9-9FD6-4A0B-9189-821008D63DC5}
2012-07-02 07:56:05 -------- d-----w- C:\Users\Linus\AppData\Local\{546F3CDB-B6DE-49DF-979E-1B957A3B2473}
2012-07-02 07:55:54 -------- d-----w- C:\Users\Linus\AppData\Local\{2935BB19-9AC9-498A-8749-65256B143C38}
2012-07-02 07:55:31 -------- d-----w- C:\Windows\sv
2012-07-02 07:53:22 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DSETUP.dll
2012-07-02 07:53:22 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DXSETUP.exe
2012-07-02 07:53:22 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\dsetup32.dll
2012-07-02 07:53:22 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0e09c851cd582704\MeshBetaRemover.exe
2012-07-02 07:39:49 -------- d-----w- C:\Users\Linus\AppData\Local\{34B8131C-2AA1-477D-8FCA-061DAF3842FD}
2012-07-02 07:39:38 -------- d-----w- C:\Users\Linus\AppData\Local\{159A0B7E-AE83-49EB-BA6D-6E3F8B4C2A10}
2012-07-01 09:21:38 -------- d-----w- C:\Users\Linus\AppData\Local\{7CB2F4FE-B2BF-417E-AC5E-129C4750B23A}
2012-07-01 09:21:20 -------- d-----w- C:\Users\Linus\AppData\Local\{93BB3BEF-FCDA-4DA6-80EE-51FCD2D8DED2}
2012-06-30 21:37:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-30 21:37:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-30 21:37:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-30 21:37:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 08:35:48 -------- d-----w- C:\Users\Linus\AppData\Local\{6B3D99E2-D21E-4FE5-9416-43E53D869750}
2012-06-14 08:35:37 -------- d-----w- C:\Users\Linus\AppData\Local\{73634317-1744-4A18-9862-FBFA6B609415}
2012-06-13 08:02:51 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 07:58:06 -------- d-----w- C:\Users\Linus\AppData\Local\{371726EB-4283-4019-89A3-C13BE4C273CF}
2012-06-13 07:57:53 -------- d-----w- C:\Users\Linus\AppData\Local\{60E3936B-4B6D-4D0E-B1A8-D32BD23D866C}
.
==================== Find3M ====================
.
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 08:28:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 12:01:37,01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 13 July 2012 - 12:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SparkyPlug

SparkyPlug
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 13 July 2012 - 07:27 PM

Hi Gringo

Here's the Security Check


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.0.1.152 Flash Player out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0
````````````````````End of Log``````````````````````


Here's the ComboFix log (it's in Swedish though)


ComboFix 12-07-13.02 - Linus 2012-07-14 1:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8173.6618 [GMT 2:00]
Körs från: c:\users\Linus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-13 till 2012-07-13 ))))))))))))))))))))))))))))))
.
.
2012-07-13 22:23 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C4CD4CE-1210-4170-9A94-00A851ED69E0}\mpengine.dll
2012-07-12 17:50 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 11:07 . 2012-07-12 11:07 -------- d-----w- c:\users\Linus\AppData\Roaming\Malwarebytes
2012-07-12 11:06 . 2012-07-12 11:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 11:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 11:06 . 2012-07-12 11:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 08:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:50 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-11 00:20 . 2012-07-11 00:11 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A30FA4-73B0-489E-AE64-773569BABAE3}\gapaengine.dll
2012-07-09 23:23 . 2012-07-09 23:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-09 23:23 . 2012-07-09 23:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 19:10 . 2012-07-12 13:29 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-09 18:51 . 2012-07-12 13:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-09 18:51 . 2012-07-09 18:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-09 18:46 . 2012-07-09 18:46 -------- d-----w- c:\users\Linus\AppData\Local\SpyZooka
2012-07-09 11:14 . 2012-07-09 11:18 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-07-02 07:55 . 2012-07-02 07:55 -------- d-----w- c:\windows\sv
2012-07-02 07:53 . 2012-07-02 07:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DSETUP.dll
2012-07-02 07:53 . 2012-07-02 07:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DXSETUP.exe
2012-07-02 07:53 . 2012-07-02 07:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\dsetup32.dll
2012-07-02 07:53 . 2012-07-02 07:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0e09c851cd582704\MeshBetaRemover.exe
2012-06-30 21:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 21:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 21:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 21:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 21:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 21:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 21:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 21:37 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 21:37 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-02-24 08:53 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-02-04 19:39 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-02-04 19:39 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-02-04 19:39 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-02-04 19:39 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-04 19:39 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-02-04 19:39 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-02-04 19:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-02-04 19:39 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-04 11:06 . 2012-06-13 08:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 08:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 08:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 08:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 08:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 08:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 08:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 08:28 . 2011-09-01 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-24 05:37 . 2012-06-13 08:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 08:02 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 08:02 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 08:02 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Linus\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\DRIVERS\nordecr.sys [2007-10-30 28672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 ESCSvc;Emotum Stay Connected Service;c:\program files (x86)\Emotum\Stay Connected\Service.exe [2010-08-25 659752]
R4 ESUSClient_B2;Telenor Sweden Software Update Service;c:\program files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [2011-03-07 358808]
R4 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R4 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-06-16 313136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 85504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:31]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:31]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224235285-2156453753-3930008483-1001Core.job
- c:\users\Linus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 10:05]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224235285-2156453753-3930008483-1001UA.job
- c:\users\Linus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 10:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75E7B172-2FCB-432C-BEC5-7816F7CBE306}: NameServer = 195.54.122.221 195.54.122.211
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-07-14 01:36:14 - datorn startades om.
ComboFix-quarantined-files.txt 2012-07-13 23:36
.
Före genomsökningen: 203 196 887 040 byte ledigt
Efter genomsökningen: 203 034 750 976 byte ledigt
.
- - End Of File - - 9CA4DF2FA763D2F9142F6ED865041DF0


I did the logs just now, haven't had the possibility to try how things work right now. Had some Internet Explorer crashes earlier today, but was working with approx 25 tabs.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 13 July 2012 - 07:54 PM

Greetings

25 tabs is allot you would need allot of ram to keep it from crashing on a clean system

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SparkyPlug

SparkyPlug
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 15 July 2012 - 05:30 AM

Hi again

Yea, but now Explorer has start to crash tabs when I just open a new one, making it from 2 to 3. Annoying. Going to install Firefox as my secondary browser instead.
I've done what you asked me, seems there was no problems in the process.


12:04:10.0009 4048 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
12:04:10.0259 4048 ============================================================
12:04:10.0259 4048 Current date / time: 2012/07/15 12:04:10.0259
12:04:10.0259 4048 SystemInfo:
12:04:10.0259 4048
12:04:10.0259 4048 OS Version: 6.1.7601 ServicePack: 1.0
12:04:10.0259 4048 Product type: Workstation
12:04:10.0259 4048 ComputerName: LUCRECIA
12:04:10.0259 4048 UserName: Linus
12:04:10.0259 4048 Windows directory: C:\Windows
12:04:10.0259 4048 System windows directory: C:\Windows
12:04:10.0259 4048 Running under WOW64
12:04:10.0259 4048 Processor architecture: Intel x64
12:04:10.0259 4048 Number of processors: 4
12:04:10.0259 4048 Page size: 0x1000
12:04:10.0259 4048 Boot type: Normal boot
12:04:10.0259 4048 ============================================================
12:04:11.0616 4048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:04:11.0632 4048 Drive \Device\Harddisk1\DR1 - Size: 0x1CDD7F000 (7.22 Gb), SectorSize: 0x200, Cylinders: 0x3AE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:04:11.0632 4048 ============================================================
12:04:11.0632 4048 \Device\Harddisk0\DR0:
12:04:11.0632 4048 MBR partitions:
12:04:11.0632 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:04:11.0632 4048 \Device\Harddisk1\DR1:
12:04:11.0632 4048 MBR partitions:
12:04:11.0632 4048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xE6E581
12:04:11.0632 4048 ============================================================
12:04:11.0647 4048 C: <-> \Device\Harddisk0\DR0\Partition0
12:04:11.0647 4048 ============================================================
12:04:11.0647 4048 Initialize success
12:04:11.0647 4048 ============================================================
12:05:01.0281 3152 ============================================================
12:05:01.0281 3152 Scan started
12:05:01.0281 3152 Mode: Manual;
12:05:01.0281 3152 ============================================================
12:05:02.0685 3152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:05:02.0763 3152 1394ohci - ok
12:05:02.0810 3152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:05:02.0810 3152 ACPI - ok
12:05:02.0841 3152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:05:02.0856 3152 AcpiPmi - ok
12:05:02.0919 3152 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:05:02.0934 3152 AdobeARMservice - ok
12:05:02.0981 3152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:05:03.0012 3152 adp94xx - ok
12:05:03.0044 3152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:05:03.0075 3152 adpahci - ok
12:05:03.0106 3152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:05:03.0122 3152 adpu320 - ok
12:05:03.0153 3152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:05:03.0153 3152 AeLookupSvc - ok
12:05:03.0231 3152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:05:03.0246 3152 AFD - ok
12:05:03.0278 3152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:05:03.0278 3152 agp440 - ok
12:05:03.0293 3152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:05:03.0293 3152 ALG - ok
12:05:03.0324 3152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:05:03.0324 3152 aliide - ok
12:05:03.0324 3152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:05:03.0324 3152 amdide - ok
12:05:03.0356 3152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:05:03.0356 3152 AmdK8 - ok
12:05:03.0371 3152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:05:03.0371 3152 AmdPPM - ok
12:05:03.0418 3152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:05:03.0418 3152 amdsata - ok
12:05:03.0449 3152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:05:03.0449 3152 amdsbs - ok
12:05:03.0465 3152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:05:03.0465 3152 amdxata - ok
12:05:03.0480 3152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:05:03.0480 3152 AppID - ok
12:05:03.0512 3152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:05:03.0512 3152 AppIDSvc - ok
12:05:03.0527 3152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:05:03.0527 3152 Appinfo - ok
12:05:03.0590 3152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:05:03.0590 3152 arc - ok
12:05:03.0605 3152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:05:03.0621 3152 arcsas - ok
12:05:03.0636 3152 asmthub3 (6d9c024aa8f24065a6dbeab1f431d854) C:\Windows\system32\DRIVERS\asmthub3.sys
12:05:03.0636 3152 asmthub3 - ok
12:05:03.0668 3152 asmtxhci (ecad22f15d8f17cc04f24e9a6fb00f2f) C:\Windows\system32\DRIVERS\asmtxhci.sys
12:05:03.0683 3152 asmtxhci - ok
12:05:03.0746 3152 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:05:03.0792 3152 aspnet_state - ok
12:05:03.0808 3152 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
12:05:03.0808 3152 aswFsBlk - ok
12:05:03.0855 3152 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
12:05:03.0855 3152 aswMonFlt - ok
12:05:03.0902 3152 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
12:05:03.0902 3152 aswRdr - ok
12:05:03.0948 3152 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
12:05:03.0964 3152 aswSnx - ok
12:05:03.0995 3152 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
12:05:03.0995 3152 aswSP - ok
12:05:04.0026 3152 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
12:05:04.0026 3152 aswTdi - ok
12:05:04.0058 3152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:05:04.0058 3152 AsyncMac - ok
12:05:04.0089 3152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:05:04.0104 3152 atapi - ok
12:05:04.0151 3152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:05:04.0182 3152 AudioEndpointBuilder - ok
12:05:04.0182 3152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:05:04.0198 3152 AudioSrv - ok
12:05:04.0307 3152 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:05:04.0307 3152 avast! Antivirus - ok
12:05:04.0370 3152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:05:04.0370 3152 AxInstSV - ok
12:05:04.0432 3152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:05:04.0448 3152 b06bdrv - ok
12:05:04.0494 3152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:05:04.0494 3152 b57nd60a - ok
12:05:04.0526 3152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:05:04.0541 3152 BDESVC - ok
12:05:04.0541 3152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:05:04.0541 3152 Beep - ok
12:05:04.0619 3152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:05:04.0635 3152 BFE - ok
12:05:04.0713 3152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:05:04.0744 3152 BITS - ok
12:05:04.0822 3152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:05:04.0822 3152 blbdrive - ok
12:05:04.0853 3152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:05:04.0853 3152 bowser - ok
12:05:04.0869 3152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:05:04.0884 3152 BrFiltLo - ok
12:05:04.0884 3152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:05:04.0884 3152 BrFiltUp - ok
12:05:04.0947 3152 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:05:04.0947 3152 BridgeMP - ok
12:05:04.0978 3152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:05:04.0994 3152 Browser - ok
12:05:05.0025 3152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:05:05.0040 3152 Brserid - ok
12:05:05.0056 3152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:05:05.0056 3152 BrSerWdm - ok
12:05:05.0072 3152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:05:05.0072 3152 BrUsbMdm - ok
12:05:05.0072 3152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:05:05.0072 3152 BrUsbSer - ok
12:05:05.0103 3152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:05:05.0103 3152 BTHMODEM - ok
12:05:05.0134 3152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:05:05.0134 3152 bthserv - ok
12:05:05.0150 3152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:05:05.0165 3152 cdfs - ok
12:05:05.0196 3152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:05:05.0196 3152 cdrom - ok
12:05:05.0243 3152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:05:05.0243 3152 CertPropSvc - ok
12:05:05.0274 3152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:05:05.0274 3152 circlass - ok
12:05:05.0321 3152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:05:05.0321 3152 CLFS - ok
12:05:05.0399 3152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:05.0399 3152 clr_optimization_v2.0.50727_32 - ok
12:05:05.0446 3152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:05:05.0462 3152 clr_optimization_v2.0.50727_64 - ok
12:05:05.0524 3152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:05:05.0586 3152 clr_optimization_v4.0.30319_32 - ok
12:05:05.0633 3152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:05:05.0696 3152 clr_optimization_v4.0.30319_64 - ok
12:05:05.0727 3152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:05:05.0727 3152 CmBatt - ok
12:05:05.0742 3152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:05:05.0742 3152 cmdide - ok
12:05:05.0820 3152 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:05:05.0820 3152 CNG - ok
12:05:05.0836 3152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:05:05.0836 3152 Compbatt - ok
12:05:05.0852 3152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:05:05.0852 3152 CompositeBus - ok
12:05:05.0867 3152 COMSysApp - ok
12:05:05.0945 3152 cpuz134 - ok
12:05:05.0961 3152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:05:05.0961 3152 crcdisk - ok
12:05:06.0023 3152 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:05:06.0023 3152 CryptSvc - ok
12:05:06.0148 3152 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:05:06.0148 3152 cvhsvc - ok
12:05:06.0195 3152 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:05:06.0195 3152 DAUpdaterSvc - ok
12:05:06.0273 3152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:05:06.0273 3152 DcomLaunch - ok
12:05:06.0320 3152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:05:06.0335 3152 defragsvc - ok
12:05:06.0398 3152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:05:06.0398 3152 DfsC - ok
12:05:06.0429 3152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:05:06.0460 3152 Dhcp - ok
12:05:06.0476 3152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:05:06.0476 3152 discache - ok
12:05:06.0507 3152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:05:06.0507 3152 Disk - ok
12:05:06.0538 3152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:05:06.0554 3152 Dnscache - ok
12:05:06.0585 3152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:05:06.0600 3152 dot3svc - ok
12:05:06.0616 3152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:05:06.0632 3152 DPS - ok
12:05:06.0663 3152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:05:06.0663 3152 drmkaud - ok
12:05:06.0725 3152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:05:06.0741 3152 DXGKrnl - ok
12:05:06.0741 3152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:05:06.0756 3152 EapHost - ok
12:05:06.0881 3152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:05:06.0928 3152 ebdrv - ok
12:05:07.0037 3152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:05:07.0037 3152 EFS - ok
12:05:07.0115 3152 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:05:07.0146 3152 ehRecvr - ok
12:05:07.0162 3152 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:05:07.0162 3152 ehSched - ok
12:05:07.0240 3152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:05:07.0271 3152 elxstor - ok
12:05:07.0302 3152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:05:07.0302 3152 ErrDev - ok
12:05:07.0427 3152 ESCSvc (b57f7a27ae5ea74720bac46c8de67fce) C:\Program Files (x86)\Emotum\Stay Connected\Service.exe
12:05:07.0568 3152 ESCSvc - ok
12:05:07.0614 3152 ESUSClient_B2 (91f6b313b7f93d2fe98948a56b5949e4) C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe
12:05:07.0692 3152 ESUSClient_B2 - ok
12:05:07.0739 3152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:05:07.0770 3152 EventSystem - ok
12:05:07.0833 3152 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
12:05:07.0848 3152 ewusbnet - ok
12:05:07.0895 3152 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:05:07.0895 3152 ew_hwusbdev - ok
12:05:07.0911 3152 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:05:07.0911 3152 ew_usbenumfilter - ok
12:05:07.0958 3152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:05:07.0958 3152 exfat - ok
12:05:07.0989 3152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:05:08.0004 3152 fastfat - ok
12:05:08.0067 3152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:05:08.0098 3152 Fax - ok
12:05:08.0145 3152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:05:08.0145 3152 fdc - ok
12:05:08.0160 3152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:05:08.0176 3152 fdPHost - ok
12:05:08.0176 3152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:05:08.0192 3152 FDResPub - ok
12:05:08.0207 3152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:05:08.0207 3152 FileInfo - ok
12:05:08.0223 3152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:05:08.0223 3152 Filetrace - ok
12:05:08.0238 3152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:05:08.0238 3152 flpydisk - ok
12:05:08.0285 3152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:05:08.0285 3152 FltMgr - ok
12:05:08.0363 3152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:05:08.0410 3152 FontCache - ok
12:05:08.0504 3152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:05:08.0504 3152 FontCache3.0.0.0 - ok
12:05:08.0550 3152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:05:08.0550 3152 FsDepends - ok
12:05:08.0597 3152 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:05:08.0597 3152 Fs_Rec - ok
12:05:08.0628 3152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:05:08.0644 3152 fvevol - ok
12:05:08.0691 3152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:05:08.0691 3152 gagp30kx - ok
12:05:08.0753 3152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:05:08.0784 3152 gpsvc - ok
12:05:08.0909 3152 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:08.0909 3152 gupdate - ok
12:05:08.0909 3152 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:08.0909 3152 gupdatem - ok
12:05:08.0925 3152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:05:08.0925 3152 hcw85cir - ok
12:05:08.0956 3152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:05:08.0972 3152 HdAudAddService - ok
12:05:09.0003 3152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:05:09.0003 3152 HDAudBus - ok
12:05:09.0018 3152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:05:09.0018 3152 HidBatt - ok
12:05:09.0034 3152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:05:09.0034 3152 HidBth - ok
12:05:09.0065 3152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:05:09.0065 3152 HidIr - ok
12:05:09.0081 3152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:05:09.0096 3152 hidserv - ok
12:05:09.0143 3152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:05:09.0143 3152 HidUsb - ok
12:05:09.0174 3152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:05:09.0174 3152 hkmsvc - ok
12:05:09.0206 3152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:05:09.0221 3152 HomeGroupListener - ok
12:05:09.0252 3152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:05:09.0268 3152 HomeGroupProvider - ok
12:05:09.0284 3152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:05:09.0284 3152 HpSAMD - ok
12:05:09.0346 3152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:05:09.0346 3152 HTTP - ok
12:05:09.0393 3152 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:05:09.0393 3152 huawei_enumerator - ok
12:05:09.0440 3152 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:05:09.0440 3152 hwdatacard - ok
12:05:09.0455 3152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:05:09.0455 3152 hwpolicy - ok
12:05:09.0471 3152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:05:09.0471 3152 i8042prt - ok
12:05:09.0533 3152 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
12:05:09.0533 3152 iaStor - ok
12:05:09.0564 3152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:05:09.0564 3152 iaStorV - ok
12:05:09.0674 3152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:05:09.0689 3152 idsvc - ok
12:05:09.0705 3152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:05:09.0705 3152 iirsp - ok
12:05:09.0767 3152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:05:09.0798 3152 IKEEXT - ok
12:05:09.0954 3152 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
12:05:09.0970 3152 IntcAzAudAddService - ok
12:05:10.0064 3152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:05:10.0064 3152 intelide - ok
12:05:10.0095 3152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:05:10.0095 3152 intelppm - ok
12:05:10.0157 3152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:05:10.0157 3152 IPBusEnum - ok
12:05:10.0188 3152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:05:10.0188 3152 IpFilterDriver - ok
12:05:10.0220 3152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:05:10.0235 3152 iphlpsvc - ok
12:05:10.0251 3152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:05:10.0266 3152 IPMIDRV - ok
12:05:10.0282 3152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:05:10.0282 3152 IPNAT - ok
12:05:10.0313 3152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:05:10.0313 3152 IRENUM - ok
12:05:10.0329 3152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:05:10.0329 3152 isapnp - ok
12:05:10.0344 3152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:05:10.0360 3152 iScsiPrt - ok
12:05:10.0376 3152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:05:10.0376 3152 kbdclass - ok
12:05:10.0407 3152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:05:10.0407 3152 kbdhid - ok
12:05:10.0454 3152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:10.0454 3152 KeyIso - ok
12:05:10.0500 3152 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:05:10.0500 3152 KSecDD - ok
12:05:10.0516 3152 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:05:10.0516 3152 KSecPkg - ok
12:05:10.0532 3152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:05:10.0532 3152 ksthunk - ok
12:05:10.0578 3152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:05:10.0594 3152 KtmRm - ok
12:05:10.0625 3152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:05:10.0641 3152 LanmanServer - ok
12:05:10.0672 3152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:05:10.0672 3152 LanmanWorkstation - ok
12:05:10.0703 3152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:05:10.0719 3152 lltdio - ok
12:05:10.0750 3152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:05:10.0750 3152 lltdsvc - ok
12:05:10.0781 3152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:05:10.0797 3152 lmhosts - ok
12:05:10.0828 3152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:05:10.0828 3152 LSI_FC - ok
12:05:10.0859 3152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:05:10.0859 3152 LSI_SAS - ok
12:05:10.0890 3152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:05:10.0890 3152 LSI_SAS2 - ok
12:05:10.0922 3152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:05:10.0922 3152 LSI_SCSI - ok
12:05:10.0937 3152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:05:10.0937 3152 luafv - ok
12:05:11.0000 3152 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
12:05:11.0000 3152 MBAMProtector - ok
12:05:11.0093 3152 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:05:11.0109 3152 MBAMService - ok
12:05:11.0140 3152 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:05:11.0156 3152 Mcx2Svc - ok
12:05:11.0156 3152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:05:11.0156 3152 megasas - ok
12:05:11.0202 3152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:05:11.0202 3152 MegaSR - ok
12:05:11.0249 3152 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:05:11.0249 3152 MEIx64 - ok
12:05:11.0265 3152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:05:11.0265 3152 MMCSS - ok
12:05:11.0280 3152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:05:11.0280 3152 Modem - ok
12:05:11.0312 3152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:05:11.0312 3152 monitor - ok
12:05:11.0327 3152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:05:11.0327 3152 mouclass - ok
12:05:11.0358 3152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:05:11.0358 3152 mouhid - ok
12:05:11.0390 3152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:05:11.0390 3152 mountmgr - ok
12:05:11.0452 3152 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:05:11.0452 3152 MpFilter - ok
12:05:11.0483 3152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:05:11.0483 3152 mpio - ok
12:05:11.0499 3152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:05:11.0499 3152 mpsdrv - ok
12:05:11.0561 3152 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:05:11.0577 3152 MpsSvc - ok
12:05:11.0608 3152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:05:11.0608 3152 MRxDAV - ok
12:05:11.0624 3152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:05:11.0639 3152 mrxsmb - ok
12:05:11.0655 3152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:05:11.0670 3152 mrxsmb10 - ok
12:05:11.0686 3152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:05:11.0686 3152 mrxsmb20 - ok
12:05:11.0702 3152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:05:11.0702 3152 msahci - ok
12:05:11.0717 3152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:05:11.0717 3152 msdsm - ok
12:05:11.0733 3152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:05:11.0748 3152 MSDTC - ok
12:05:11.0764 3152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:05:11.0764 3152 Msfs - ok
12:05:11.0780 3152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:05:11.0780 3152 mshidkmdf - ok
12:05:11.0795 3152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:05:11.0795 3152 msisadrv - ok
12:05:11.0842 3152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:05:11.0858 3152 MSiSCSI - ok
12:05:11.0858 3152 msiserver - ok
12:05:11.0873 3152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:05:11.0889 3152 MSKSSRV - ok
12:05:11.0967 3152 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:05:11.0967 3152 MsMpSvc - ok
12:05:11.0982 3152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:05:11.0982 3152 MSPCLOCK - ok
12:05:11.0998 3152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:05:11.0998 3152 MSPQM - ok
12:05:12.0029 3152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:05:12.0029 3152 MsRPC - ok
12:05:12.0045 3152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:05:12.0045 3152 mssmbios - ok
12:05:12.0076 3152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:05:12.0076 3152 MSTEE - ok
12:05:12.0092 3152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:05:12.0092 3152 MTConfig - ok
12:05:12.0107 3152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:05:12.0107 3152 Mup - ok
12:05:12.0138 3152 mv91xx (4fad606c7aeb336e5aa4a005de09ca80) C:\Windows\system32\DRIVERS\mv91xx.sys
12:05:12.0154 3152 mv91xx - ok
12:05:12.0201 3152 mvs91xx (a28a4b6387911a2077538f1cc7bc6def) C:\Windows\system32\DRIVERS\mvs91xx.sys
12:05:12.0201 3152 mvs91xx - ok
12:05:12.0248 3152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:05:12.0263 3152 napagent - ok
12:05:12.0310 3152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:05:12.0310 3152 NativeWifiP - ok
12:05:12.0388 3152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:05:12.0388 3152 NDIS - ok
12:05:12.0404 3152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:05:12.0404 3152 NdisCap - ok
12:05:12.0435 3152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:05:12.0435 3152 NdisTapi - ok
12:05:12.0450 3152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:05:12.0450 3152 Ndisuio - ok
12:05:12.0466 3152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:05:12.0482 3152 NdisWan - ok
12:05:12.0513 3152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:05:12.0513 3152 NDProxy - ok
12:05:12.0528 3152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:05:12.0528 3152 NetBIOS - ok
12:05:12.0560 3152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:05:12.0560 3152 NetBT - ok
12:05:12.0606 3152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:12.0606 3152 Netlogon - ok
12:05:12.0653 3152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:05:12.0669 3152 Netman - ok
12:05:12.0747 3152 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:12.0794 3152 NetMsmqActivator - ok
12:05:12.0794 3152 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:12.0809 3152 NetPipeActivator - ok
12:05:12.0856 3152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:05:12.0872 3152 netprofm - ok
12:05:12.0872 3152 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:12.0887 3152 NetTcpActivator - ok
12:05:12.0887 3152 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:12.0887 3152 NetTcpPortSharing - ok
12:05:12.0934 3152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:05:12.0934 3152 nfrd960 - ok
12:05:12.0996 3152 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:05:12.0996 3152 NisDrv - ok
12:05:13.0106 3152 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:05:13.0121 3152 NisSrv - ok
12:05:13.0152 3152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:05:13.0168 3152 NlaSvc - ok
12:05:13.0184 3152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:05:13.0184 3152 Npfs - ok
12:05:13.0184 3152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:05:13.0199 3152 nsi - ok
12:05:13.0199 3152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:05:13.0215 3152 nsiproxy - ok
12:05:13.0308 3152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:05:13.0340 3152 Ntfs - ok
12:05:13.0418 3152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:05:13.0418 3152 Null - ok
12:05:13.0464 3152 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
12:05:13.0464 3152 NVHDA - ok
12:05:13.0948 3152 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:05:13.0979 3152 nvlddmkm - ok
12:05:14.0104 3152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:05:14.0120 3152 nvraid - ok
12:05:14.0151 3152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:05:14.0151 3152 nvstor - ok
12:05:14.0244 3152 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
12:05:14.0291 3152 nvsvc - ok
12:05:14.0447 3152 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:05:14.0494 3152 nvUpdatusService - ok
12:05:14.0603 3152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:05:14.0603 3152 nv_agp - ok
12:05:14.0619 3152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:05:14.0634 3152 ohci1394 - ok
12:05:14.0712 3152 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:14.0712 3152 ose - ok
12:05:14.0978 3152 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:05:15.0040 3152 osppsvc - ok
12:05:15.0149 3152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:05:15.0165 3152 p2pimsvc - ok
12:05:15.0196 3152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:05:15.0212 3152 p2psvc - ok
12:05:15.0258 3152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:05:15.0258 3152 Parport - ok
12:05:15.0305 3152 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:05:15.0305 3152 partmgr - ok
12:05:15.0321 3152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:05:15.0336 3152 PcaSvc - ok
12:05:15.0352 3152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:05:15.0368 3152 pci - ok
12:05:15.0383 3152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:05:15.0383 3152 pciide - ok
12:05:15.0399 3152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:05:15.0414 3152 pcmcia - ok
12:05:15.0430 3152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:05:15.0430 3152 pcw - ok
12:05:15.0477 3152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:05:15.0492 3152 PEAUTH - ok
12:05:15.0586 3152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:05:15.0586 3152 PerfHost - ok
12:05:15.0664 3152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:05:15.0695 3152 pla - ok
12:05:15.0742 3152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:05:15.0758 3152 PlugPlay - ok
12:05:15.0773 3152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:05:15.0773 3152 PNRPAutoReg - ok
12:05:15.0820 3152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:05:15.0820 3152 PNRPsvc - ok
12:05:15.0882 3152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:05:15.0882 3152 PolicyAgent - ok
12:05:15.0914 3152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:05:15.0929 3152 Power - ok
12:05:15.0992 3152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:05:15.0992 3152 PptpMiniport - ok
12:05:16.0007 3152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:05:16.0007 3152 Processor - ok
12:05:16.0054 3152 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:05:16.0070 3152 ProfSvc - ok
12:05:16.0101 3152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:16.0101 3152 ProtectedStorage - ok
12:05:16.0132 3152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:05:16.0132 3152 Psched - ok
12:05:16.0241 3152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:05:16.0272 3152 ql2300 - ok
12:05:16.0366 3152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:05:16.0366 3152 ql40xx - ok
12:05:16.0397 3152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:05:16.0413 3152 QWAVE - ok
12:05:16.0428 3152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:05:16.0428 3152 QWAVEdrv - ok
12:05:16.0428 3152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:05:16.0428 3152 RasAcd - ok
12:05:16.0475 3152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:05:16.0475 3152 RasAgileVpn - ok
12:05:16.0491 3152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:05:16.0491 3152 RasAuto - ok
12:05:16.0522 3152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:05:16.0522 3152 Rasl2tp - ok
12:05:16.0553 3152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:05:16.0553 3152 RasMan - ok
12:05:16.0584 3152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:05:16.0584 3152 RasPppoe - ok
12:05:16.0600 3152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:05:16.0600 3152 RasSstp - ok
12:05:16.0631 3152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:05:16.0631 3152 rdbss - ok
12:05:16.0647 3152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:05:16.0647 3152 rdpbus - ok
12:05:16.0662 3152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:05:16.0662 3152 RDPCDD - ok
12:05:16.0662 3152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:05:16.0662 3152 RDPENCDD - ok
12:05:16.0678 3152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:05:16.0678 3152 RDPREFMP - ok
12:05:16.0725 3152 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:05:16.0725 3152 RDPWD - ok
12:05:16.0772 3152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:05:16.0787 3152 rdyboost - ok
12:05:16.0818 3152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:05:16.0818 3152 RemoteAccess - ok
12:05:16.0850 3152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:05:16.0850 3152 RemoteRegistry - ok
12:05:16.0865 3152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:05:16.0865 3152 RpcEptMapper - ok
12:05:16.0896 3152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:05:16.0896 3152 RpcLocator - ok
12:05:16.0943 3152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:05:16.0943 3152 RpcSs - ok
12:05:16.0974 3152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:05:16.0974 3152 rspndr - ok
12:05:17.0037 3152 RTL8169 (a6284c8c29ccccad9109c4da5cd916bd) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:05:17.0037 3152 RTL8169 - ok
12:05:17.0068 3152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:17.0068 3152 SamSs - ok
12:05:17.0099 3152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:05:17.0099 3152 sbp2port - ok
12:05:17.0115 3152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:05:17.0130 3152 SCardSvr - ok
12:05:17.0146 3152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:05:17.0146 3152 scfilter - ok
12:05:17.0193 3152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:05:17.0224 3152 Schedule - ok
12:05:17.0240 3152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:05:17.0240 3152 SCPolicySvc - ok
12:05:17.0271 3152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:05:17.0286 3152 SDRSVC - ok
12:05:17.0333 3152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:05:17.0333 3152 secdrv - ok
12:05:17.0349 3152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:05:17.0349 3152 seclogon - ok
12:05:17.0380 3152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:05:17.0380 3152 SENS - ok
12:05:17.0396 3152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:05:17.0411 3152 SensrSvc - ok
12:05:17.0427 3152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:05:17.0427 3152 Serenum - ok
12:05:17.0458 3152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:05:17.0458 3152 Serial - ok
12:05:17.0489 3152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:05:17.0489 3152 sermouse - ok
12:05:17.0505 3152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:05:17.0520 3152 SessionEnv - ok
12:05:17.0536 3152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:05:17.0536 3152 sffdisk - ok
12:05:17.0552 3152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:05:17.0552 3152 sffp_mmc - ok
12:05:17.0567 3152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:05:17.0567 3152 sffp_sd - ok
12:05:17.0583 3152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:05:17.0583 3152 sfloppy - ok
12:05:17.0661 3152 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:05:17.0661 3152 Sftfs - ok
12:05:17.0754 3152 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:05:17.0754 3152 sftlist - ok
12:05:17.0786 3152 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:05:17.0801 3152 Sftplay - ok
12:05:17.0801 3152 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:05:17.0801 3152 Sftredir - ok
12:05:17.0817 3152 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:05:17.0817 3152 Sftvol - ok
12:05:17.0848 3152 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:05:17.0864 3152 sftvsa - ok
12:05:17.0895 3152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:05:17.0910 3152 SharedAccess - ok
12:05:17.0957 3152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:05:17.0973 3152 ShellHWDetection - ok
12:05:18.0004 3152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:05:18.0004 3152 SiSRaid2 - ok
12:05:18.0020 3152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:05:18.0020 3152 SiSRaid4 - ok
12:05:18.0082 3152 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:05:18.0098 3152 SkypeUpdate - ok
12:05:18.0129 3152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:05:18.0129 3152 Smb - ok
12:05:18.0160 3152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:05:18.0176 3152 SNMPTRAP - ok
12:05:18.0176 3152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:05:18.0176 3152 spldr - ok
12:05:18.0222 3152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:05:18.0238 3152 Spooler - ok
12:05:18.0394 3152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:05:18.0456 3152 sppsvc - ok
12:05:18.0519 3152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:05:18.0519 3152 sppuinotify - ok
12:05:18.0581 3152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:05:18.0597 3152 srv - ok
12:05:18.0628 3152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:05:18.0644 3152 srv2 - ok
12:05:18.0659 3152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:05:18.0675 3152 srvnet - ok
12:05:18.0706 3152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:05:18.0722 3152 SSDPSRV - ok
12:05:18.0737 3152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:05:18.0753 3152 SstpSvc - ok
12:05:18.0815 3152 Steam Client Service - ok
12:05:18.0862 3152 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:05:18.0893 3152 Stereo Service - ok
12:05:18.0909 3152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:05:18.0909 3152 stexstor - ok
12:05:18.0956 3152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:05:18.0987 3152 stisvc - ok
12:05:19.0002 3152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:05:19.0002 3152 swenum - ok
12:05:19.0034 3152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:05:19.0049 3152 swprv - ok
12:05:19.0143 3152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:05:19.0174 3152 SysMain - ok
12:05:19.0252 3152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:05:19.0268 3152 TabletInputService - ok
12:05:19.0299 3152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:05:19.0314 3152 TapiSrv - ok
12:05:19.0330 3152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:05:19.0330 3152 TBS - ok
12:05:19.0470 3152 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:05:19.0502 3152 Tcpip - ok
12:05:19.0642 3152 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:05:19.0658 3152 TCPIP6 - ok
12:05:19.0720 3152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:05:19.0720 3152 tcpipreg - ok
12:05:19.0736 3152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:05:19.0736 3152 TDPIPE - ok
12:05:19.0798 3152 TdsNordecr (86d1b3662ec12f2fead9cc6f58ef36f6) C:\Windows\system32\DRIVERS\nordecr.sys
12:05:19.0798 3152 TdsNordecr - ok
12:05:19.0829 3152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:05:19.0829 3152 TDTCP - ok
12:05:19.0845 3152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:05:19.0845 3152 tdx - ok
12:05:19.0876 3152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:05:19.0876 3152 TermDD - ok
12:05:19.0938 3152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:05:19.0954 3152 TermService - ok
12:05:19.0970 3152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:05:19.0970 3152 Themes - ok
12:05:20.0001 3152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:05:20.0001 3152 THREADORDER - ok
12:05:20.0001 3152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:05:20.0016 3152 TrkWks - ok
12:05:20.0063 3152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:05:20.0079 3152 TrustedInstaller - ok
12:05:20.0094 3152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:05:20.0094 3152 tssecsrv - ok
12:05:20.0126 3152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:05:20.0126 3152 TsUsbFlt - ok
12:05:20.0141 3152 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:05:20.0141 3152 TsUsbGD - ok
12:05:20.0172 3152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:05:20.0172 3152 tunnel - ok
12:05:20.0188 3152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:05:20.0204 3152 uagp35 - ok
12:05:20.0235 3152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:05:20.0250 3152 udfs - ok
12:05:20.0282 3152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:05:20.0282 3152 UI0Detect - ok
12:05:20.0297 3152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:05:20.0297 3152 uliagpkx - ok
12:05:20.0313 3152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:05:20.0313 3152 umbus - ok
12:05:20.0344 3152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:05:20.0344 3152 UmPass - ok
12:05:20.0375 3152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:05:20.0391 3152 upnphost - ok
12:05:20.0422 3152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:05:20.0422 3152 usbccgp - ok
12:05:20.0438 3152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:05:20.0438 3152 usbcir - ok
12:05:20.0453 3152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:05:20.0469 3152 usbehci - ok
12:05:20.0500 3152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:05:20.0516 3152 usbhub - ok
12:05:20.0531 3152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:05:20.0531 3152 usbohci - ok
12:05:20.0547 3152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:05:20.0547 3152 usbprint - ok
12:05:20.0562 3152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:05:20.0562 3152 USBSTOR - ok
12:05:20.0578 3152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:05:20.0578 3152 usbuhci - ok
12:05:20.0594 3152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:05:20.0609 3152 UxSms - ok
12:05:20.0640 3152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:05:20.0640 3152 VaultSvc - ok
12:05:20.0672 3152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:05:20.0672 3152 vdrvroot - ok
12:05:20.0703 3152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:05:20.0718 3152 vds - ok
12:05:20.0734 3152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:05:20.0734 3152 vga - ok
12:05:20.0765 3152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:05:20.0765 3152 VgaSave - ok
12:05:20.0781 3152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:05:20.0796 3152 vhdmp - ok
12:05:20.0796 3152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:05:20.0796 3152 viaide - ok
12:05:20.0828 3152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:05:20.0828 3152 volmgr - ok
12:05:20.0843 3152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:05:20.0859 3152 volmgrx - ok
12:05:20.0890 3152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:05:20.0890 3152 volsnap - ok
12:05:20.0921 3152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:05:20.0937 3152 vsmraid - ok
12:05:21.0108 3152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:05:21.0140 3152 VSS - ok
12:05:21.0296 3152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:05:21.0296 3152 vwifibus - ok
12:05:21.0389 3152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:05:21.0405 3152 W32Time - ok
12:05:21.0420 3152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:05:21.0420 3152 WacomPen - ok
12:05:21.0452 3152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:21.0452 3152 WANARP - ok
12:05:21.0452 3152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:21.0452 3152 Wanarpv6 - ok
12:05:21.0545 3152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:05:21.0561 3152 WatAdminSvc - ok
12:05:21.0670 3152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:05:21.0701 3152 wbengine - ok
12:05:21.0779 3152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:05:21.0795 3152 WbioSrvc - ok
12:05:21.0826 3152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:05:21.0842 3152 wcncsvc - ok
12:05:21.0857 3152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:05:21.0857 3152 WcsPlugInService - ok
12:05:21.0904 3152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:05:21.0904 3152 Wd - ok
12:05:21.0935 3152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:05:21.0951 3152 Wdf01000 - ok
12:05:21.0966 3152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:21.0982 3152 WdiServiceHost - ok
12:05:21.0982 3152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:21.0982 3152 WdiSystemHost - ok
12:05:22.0013 3152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:05:22.0029 3152 WebClient - ok
12:05:22.0060 3152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:05:22.0076 3152 Wecsvc - ok
12:05:22.0091 3152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:05:22.0091 3152 wercplsupport - ok
12:05:22.0122 3152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:05:22.0122 3152 WerSvc - ok
12:05:22.0200 3152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:05:22.0200 3152 WfpLwf - ok
12:05:22.0216 3152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:05:22.0216 3152 WIMMount - ok
12:05:22.0247 3152 WinDefend - ok
12:05:22.0263 3152 WinHttpAutoProxySvc - ok
12:05:22.0325 3152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:05:22.0341 3152 Winmgmt - ok
12:05:22.0450 3152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:05:22.0497 3152 WinRM - ok
12:05:22.0622 3152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:05:22.0637 3152 Wlansvc - ok
12:05:22.0700 3152 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:05:22.0715 3152 wlcrasvc - ok
12:05:22.0856 3152 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:05:22.0887 3152 wlidsvc - ok
12:05:23.0090 3152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:05:23.0105 3152 WmiAcpi - ok
12:05:23.0261 3152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:05:23.0261 3152 wmiApSrv - ok
12:05:23.0433 3152 WMPNetworkSvc - ok
12:05:23.0542 3152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:05:23.0558 3152 WPCSvc - ok
12:05:23.0729 3152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:05:23.0745 3152 WPDBusEnum - ok
12:05:23.0776 3152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:05:23.0776 3152 ws2ifsl - ok
12:05:23.0838 3152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:05:23.0838 3152 wscsvc - ok
12:05:23.0854 3152 WSearch - ok
12:05:24.0182 3152 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:05:24.0228 3152 wuauserv - ok
12:05:24.0431 3152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:05:24.0431 3152 WudfPf - ok
12:05:24.0478 3152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:05:24.0478 3152 WUDFRd - ok
12:05:24.0509 3152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:05:24.0509 3152 wudfsvc - ok
12:05:24.0540 3152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:05:24.0572 3152 WwanSvc - ok
12:05:24.0618 3152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:05:24.0868 3152 \Device\Harddisk0\DR0 - ok
12:05:24.0868 3152 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
12:05:24.0884 3152 \Device\Harddisk1\DR1 - ok
12:05:24.0884 3152 Boot (0x1200) (e916656721db27c5657ff284e2d81156) \Device\Harddisk0\DR0\Partition0
12:05:24.0899 3152 \Device\Harddisk0\DR0\Partition0 - ok
12:05:24.0899 3152 Boot (0x1200) (95de3fae68921b544c7a92473fada806) \Device\Harddisk1\DR1\Partition0
12:05:24.0899 3152 \Device\Harddisk1\DR1\Partition0 - ok
12:05:24.0899 3152 ============================================================
12:05:24.0899 3152 Scan finished
12:05:24.0899 3152 ============================================================
12:05:24.0915 3400 Detected object count: 0
12:05:24.0915 3400 Actual detected object count: 0
12:06:33.0106 4036 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 12:06:48
-----------------------------
12:06:48.577 OS Version: Windows x64 6.1.7601 Service Pack 1
12:06:48.577 Number of processors: 4 586 0x2A07
12:06:48.577 ComputerName: LUCRECIA UserName: Linus
12:06:49.263 Initialize success
12:06:50.708 AVAST engine defs: 12071200
12:07:12.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:07:12.971 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
12:07:12.980 Disk 0 MBR read successfully
12:07:12.983 Disk 0 MBR scan
12:07:13.241 Disk 0 Windows 7 default MBR code
12:07:13.261 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:07:13.698 Disk 0 scanning C:\Windows\system32\drivers
12:07:23.159 Service scanning
12:07:37.428 Modules scanning
12:07:37.436 Disk 0 trace - called modules:
12:07:37.445 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:07:37.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ac0e060]
12:07:37.454 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071a3050]
12:07:37.996 AVAST engine scan C:\Windows
12:07:39.979 AVAST engine scan C:\Windows\system32
12:10:25.255 AVAST engine scan C:\Windows\system32\drivers
12:10:39.222 AVAST engine scan C:\Users\Linus
12:19:43.317 AVAST engine scan C:\ProgramData
12:20:25.698 Scan finished successfully
12:28:44.897 Disk 0 MBR has been saved successfully to "C:\Users\Linus\Desktop\MBR.dat"
12:28:44.900 The log file has been saved successfully to "C:\Users\Linus\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 15 July 2012 - 11:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SparkyPlug

SparkyPlug
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 15 July 2012 - 10:12 PM

Hey man
I did what you said, and don't know if I have any problems so far. I don't use my avast anymore so don't get avast warnings. Security Essentials blocks some stuff every now and then but don't if that's normal.
I can use avast some more to see if it gives me warnings.
Here's the log



ComboFix 12-07-14.01 - Linus 2012-07-16 4:57.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8173.6637 [GMT 2:00]
Körs från: c:\users\Linus\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Linus\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.
.
(((((((((((((((((((((((( Filer skapade från 2012-06-16 till 2012-07-16 ))))))))))))))))))))))))))))))
.
.
2012-07-16 03:02 . 2012-07-16 03:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-16 03:02 . 2012-07-16 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 10:16 . 2012-07-15 10:16 -------- d-----w- c:\users\Linus\AppData\Local\Mozilla
2012-07-15 10:16 . 2012-07-15 10:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-15 00:03 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92FF29FC-8401-4B4C-A32F-125C2BA7CC62}\mpengine.dll
2012-07-13 23:53 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 11:07 . 2012-07-12 11:07 -------- d-----w- c:\users\Linus\AppData\Roaming\Malwarebytes
2012-07-12 11:06 . 2012-07-12 11:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 11:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 11:06 . 2012-07-12 11:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 08:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:50 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-11 00:20 . 2012-07-11 00:11 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A30FA4-73B0-489E-AE64-773569BABAE3}\gapaengine.dll
2012-07-09 23:23 . 2012-07-09 23:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-09 23:23 . 2012-07-09 23:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 19:10 . 2012-07-12 13:29 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-09 18:51 . 2012-07-12 13:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-09 18:51 . 2012-07-09 18:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-09 18:46 . 2012-07-09 18:46 -------- d-----w- c:\users\Linus\AppData\Local\SpyZooka
2012-07-09 11:14 . 2012-07-09 11:18 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-07-02 07:55 . 2012-07-02 07:55 -------- d-----w- c:\windows\sv
2012-07-02 07:53 . 2012-07-02 07:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DSETUP.dll
2012-07-02 07:53 . 2012-07-02 07:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\DXSETUP.exe
2012-07-02 07:53 . 2012-07-02 07:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0c069dd1cd582703\dsetup32.dll
2012-07-02 07:53 . 2012-07-02 07:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0e09c851cd582704\MeshBetaRemover.exe
2012-06-30 21:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 21:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 21:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 21:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 21:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 21:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 21:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 21:37 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 21:37 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-02-24 08:53 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-02-04 19:39 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-02-04 19:39 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-02-04 19:39 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-02-04 19:39 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-04 19:39 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-02-04 19:39 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-02-04 19:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-02-04 19:39 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-04 11:06 . 2012-06-13 08:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 08:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 08:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 08:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 08:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 08:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 08:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 08:28 . 2011-09-01 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-24 05:37 . 2012-06-13 08:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 08:02 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 08:02 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 08:02 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_23.33.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-13 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-16 02:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-16 02:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 22:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-16 02:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-15 16:49 40998 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 18:34 38420 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-06 10:03 . 2012-07-15 18:34 10524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-224235285-2156453753-3930008483-1001_UserData.bin
- 2012-07-13 23:32 . 2012-07-13 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-16 03:03 . 2012-07-16 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-16 03:03 . 2012-07-16 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-13 23:32 . 2012-07-13 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-29 16:51 . 2012-07-15 02:31 235456 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-07-16 03:02 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 23:31 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-06 23:29 . 2012-07-16 03:02 9175688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-224235285-2156453753-3930008483-1001-8192.dat
+ 2011-11-06 23:29 . 2012-07-15 13:59 47548980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-224235285-2156453753-3930008483-1001-4096.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Linus\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\DRIVERS\nordecr.sys [2007-10-30 28672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 ESCSvc;Emotum Stay Connected Service;c:\program files (x86)\Emotum\Stay Connected\Service.exe [2010-08-25 659752]
R4 ESUSClient_B2;Telenor Sweden Software Update Service;c:\program files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [2011-03-07 358808]
R4 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R4 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-06-16 313136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 85504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:31]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:31]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224235285-2156453753-3930008483-1001Core.job
- c:\users\Linus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 10:05]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224235285-2156453753-3930008483-1001UA.job
- c:\users\Linus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 10:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Linus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75E7B172-2FCB-432C-BEC5-7816F7CBE306}: NameServer = 195.54.122.221 195.54.122.211
FF - ProfilePath - c:\users\Linus\AppData\Roaming\Mozilla\Firefox\Profiles\kdxqjf1s.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-07-16 05:07:13 - datorn startades om.
ComboFix-quarantined-files.txt 2012-07-16 03:07
ComboFix2.txt 2012-07-13 23:36
.
Före genomsökningen: 203 699 331 072 byte ledigt
Efter genomsökningen: 203 492 372 480 byte ledigt
.
- - End Of File - - 28F3CE76A95176C89327A9B9BF21CB6D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 15 July 2012 - 10:22 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SparkyPlug

SparkyPlug
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 17 July 2012 - 06:11 AM

Hey man
Nice to know that logs seems to be better. To be honest, I don't have the slightest idea what I am doing, but it's good to know someone else does.

No problems running the things you asked for, and no real issues happening right afterwards. Computer's running pretty smooth.
Here are the logs:



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Linus :: LUCRECIA [administrator]

Protection: Enabled

2012-07-17 13:07:44
mbam-log-2012-07-17 (13-07-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230890
Time elapsed: 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:09:43, on 2012-07-17
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linus\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E7B172-2FCB-432C-BEC5-7816F7CBE306}: NameServer = 195.54.122.221 195.54.122.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{75E7B172-2FCB-432C-BEC5-7816F7CBE306}: NameServer = 195.54.122.221 195.54.122.211
O17 - HKLM\System\CS2\Services\Tcpip\..\{75E7B172-2FCB-432C-BEC5-7816F7CBE306}: NameServer = 195.54.122.221 195.54.122.211
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8419 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 17 July 2012 - 10:44 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SparkyPlug

SparkyPlug
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 18 July 2012 - 08:59 AM

Alright, removed the Java thing from startup.

And the scan found nothing. :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 18 July 2012 - 01:01 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 20 July 2012 - 11:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users