Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Patched_c.LXT


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gibblet

Gibblet

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 04 August 2012 - 02:22 PM

Yesterday AVG told me it had detected a threat at C:\Windows\system32\services.exe, and that thisthreat was a Trojan Horse Patched_c.LXT
Avg apperantly can't remove it itself because the location is on a white list.
This is seems to be a fairly serious issue, so any help in removing it is highly appreciated.
The DSS log is below. I'm running a 64-bit windows 7 operating system, so no GMER log

My DSS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Roel at 21:07:28 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8089.4816 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\MSI\KLM\KLM.exe
C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msi.msn.com
uDefault_Page_URL = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [S-Bar] %PROGRAMFILES%\S-Bar\S-Bar.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
mRun: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Roel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files (x86)\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3675EFAA-F5CB-4C35-867D-A48AAF280980} : DhcpNameServer = 10.101.0.108
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D223735383 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D223735383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D236165356 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D236165356 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2656C6B696E6534376 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\37167656D6D236461303 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\37167656D6D236461303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\75962756C6563737 : DhcpNameServer = 192.168.1.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1CA1377B-DC1D-4A52-9585-6E06050FAC53}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{326E768D-4182-46FD-9C16-1449A49795F4}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{95B7759C-8C7F-4BF1-B163-73684A933233}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [S-Bar] %PROGRAMFILES%\S-Bar\S-Bar.exe
mRun-x64: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun-x64: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
mRun-x64: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\windows\UpdReg.EXE
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun-x64: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roel\AppData\Roaming\Mozilla\Firefox\Profiles\6sv9oxin.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\drivers\iusb3hcs.sys --> C:\windows\system32\drivers\iusb3hcs.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\windows\system32\DRIVERS\bflwfx64.sys --> C:\windows\system32\DRIVERS\bflwfx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 tmevtmgr;tmevtmgr;C:\windows\system32\DRIVERS\tmevtmgr.sys --> C:\windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-3-15 275912]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-15 2429544]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-4 655944]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-11-3 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-17 12800]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-3-15 138768]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [?]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-3-8 492032]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys --> C:\windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys --> C:\windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\e22w7x64.sys --> C:\windows\system32\DRIVERS\e22w7x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-3-15 14136]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\system32\DRIVERS\RtsPStor.sys --> C:\windows\system32\DRIVERS\RtsPStor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-15 2458944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-16 250056]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 ibtfltcoex;ibtfltcoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-15 113120]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\windows\system32\DRIVERS\RsFx0103.sys --> C:\windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-04 15:55:08 -------- d-----w- C:\Users\Roel\AppData\Local\AVG Secure Search
2012-08-04 15:55:06 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-04 15:55:02 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2012-08-04 15:55:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-04 15:55:01 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-04 15:54:02 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-08-04 15:53:52 -------- d-----w- C:\windows\System32\drivers\AVG
2012-08-04 13:45:05 -------- d-----w- C:\Users\Roel\AppData\Roaming\Malwarebytes
2012-08-04 13:44:54 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-04 13:44:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-04 13:44:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 13:29:25 -------- d-----w- C:\ProgramData\BDJ
2012-07-31 13:28:58 1056 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-07-31 13:28:55 -------- d-----w- C:\Users\Roel\Corel
2012-07-31 09:43:57 -------- d-----w- C:\Users\Roel\AppData\Roaming\OpenOffice.org
2012-07-29 07:15:24 67297052 ----a-w- C:\windows\Pony Polka Audioless.scr
2012-07-29 07:15:24 -------- d-----w- C:\windows\Pony Polka Audioless Uninstaller
2012-07-24 19:35:42 -------- d-----w- C:\Program Files\DivX
2012-07-24 19:35:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-07-24 19:29:13 -------- d-----w- C:\Program Files (x86)\DivX
2012-07-24 19:26:33 -------- d-----w- C:\ProgramData\DivX
2012-07-22 11:32:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-07-18 20:00:46 -------- d-----w- C:\Users\Roel\AppData\Local\CyberLink
2012-07-17 11:37:56 -------- d-----w- C:\Users\Roel\AppData\Roaming\AVG2012
2012-07-17 11:37:04 -------- d--h--w- C:\$AVG
2012-07-17 11:37:03 -------- d-----w- C:\ProgramData\AVG2012
2012-07-17 11:36:46 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-17 11:32:08 -------- d--h--w- C:\ProgramData\Common Files
2012-07-17 11:32:08 -------- d-----w- C:\ProgramData\MFAData
2012-07-17 09:22:50 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-17 09:22:48 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FC0C6CA-079B-48B0-B61A-326962D74650}\mpengine.dll
2012-07-11 23:18:23 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 22:01:30 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 22:01:30 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-11 22:01:30 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 22:01:30 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 22:01:30 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 22:01:30 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-11 22:00:58 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-07-11 22:00:58 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-07-11 22:00:58 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-07-11 22:00:58 340992 ----a-w- C:\windows\System32\schannel.dll
2012-07-11 22:00:58 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-07-11 22:00:58 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-07-11 22:00:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-07-11 22:00:58 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-07-11 22:00:58 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-07-07 07:58:28 -------- d-----w- C:\Users\Roel\AppData\Local\PreEmptive Solutions
2012-07-06 22:57:45 78872 ----a-w- C:\windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-07-06 22:57:45 50200 ----a-w- C:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-07-06 22:57:43 79896 ----a-w- C:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-07-06 22:57:43 111640 ----a-w- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-07-06 22:57:19 -------- d-----w- C:\windows\System32\RsFx
2012-07-06 22:55:14 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-07-06 22:55:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-07-06 22:54:58 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-07-06 22:54:58 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-07-06 22:54:56 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-07-06 22:54:08 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-07-06 22:51:40 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-07-06 22:51:38 -------- d-----w- C:\Program Files\IIS
2012-07-06 22:51:38 -------- d-----w- C:\Program Files (x86)\IIS
2012-07-06 22:51:24 3640672 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-06 22:47:39 -------- d-----w- C:\windows\SysWow64\1033
2012-07-06 22:47:31 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-07-06 22:47:31 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-07-06 22:47:30 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-07-06 22:47:30 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-07-06 22:45:31 -------- d-----w- C:\windows\System32\1033
2012-07-06 22:45:31 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-07-06 22:45:31 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-07-06 14:27:06 -------- d-----w- C:\Users\Roel\AppData\Roaming\e-academy Inc
2012-07-06 14:27:06 -------- d-----w- C:\Users\Roel\AppData\Local\e-academy Inc
.
==================== Find3M ====================
.
2012-08-03 16:37:44 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 16:37:44 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:37:41 9827016 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-01 13:13:57 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-06-29 15:34:36 772592 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-06-15 12:05:28 6 ----a-w- C:\windows\silentOnce.tmp
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-31 10:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 21:07:46,24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 04:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 August 2012 - 05:58 AM

Hello Gringo, and thank you for wanting to use your time to help me.
I had a small problemon the first combofix scan because AVG reactivated itself. Tried again and no problems the second time.
Computer seems to be doing fine, then again the only thing that was noticible before was simply avg's warning popping up from time to time.
On starting my browser I did get a notification that firefox is not my default browser(it was before), and one that windows firewall had blocked µtorrent.
I assume this is because of combofix and just closed both notifications.

The Security check log:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Trend Micro Titanium Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


The Combofix log:
ComboFix 12-08-05.02 - Roel 06/08/2012 12:37:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8089.5976 [GMT 2:00]
Gestart vanuit: c:\users\Roel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\L\00000004.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\L\00000008.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\00000004.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\00000008.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\000000cb.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\80000000.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\80000032.@
c:\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\80000064.@
.
Besmet exemplaar van c:\windows\system32\services.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\32788r22fwjfw\HarddiskVolumeShadowCopy4_!Windows!System32!services.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\users\Roel\AppData\Local\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-04 15:54 . 2012-08-04 15:54 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-04 15:53 . 2012-08-06 09:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 13:45 . 2012-08-04 13:45 -------- d-----w- c:\users\Roel\AppData\Roaming\Malwarebytes
2012-08-04 13:44 . 2012-08-04 13:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 13:44 . 2012-08-04 13:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 13:44 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 13:29 . 2012-07-31 13:29 -------- d-----w- c:\programdata\BDJ
2012-07-31 13:28 . 2012-07-31 13:29 -------- d-----w- c:\users\Roel\AppData\Roaming\Corel
2012-07-31 13:28 . 2012-07-31 13:28 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-31 13:28 . 2012-07-31 13:28 -------- d-----w- c:\users\Roel\Corel
2012-07-31 09:43 . 2012-07-31 09:43 -------- d-----w- c:\users\Roel\AppData\Roaming\OpenOffice.org
2012-07-29 07:15 . 2012-07-29 07:15 -------- d-----w- c:\windows\Pony Polka Audioless Uninstaller
2012-07-29 07:15 . 2011-10-22 23:38 67297052 ----a-w- c:\windows\Pony Polka Audioless.scr
2012-07-24 19:35 . 2012-07-24 19:35 -------- d-----w- c:\program files\DivX
2012-07-24 19:35 . 2012-07-24 19:35 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-24 19:29 . 2012-07-24 19:35 -------- d-----w- c:\program files (x86)\DivX
2012-07-24 19:26 . 2012-07-24 19:35 -------- d-----w- c:\programdata\DivX
2012-07-22 11:32 . 2012-07-22 11:32 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-07-18 20:44 . 2012-07-18 20:44 -------- d-----w- c:\users\Public\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\programdata\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\users\Roel\AppData\Roaming\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\users\Roel\AppData\Local\CyberLink
2012-07-18 19:57 . 2012-07-18 20:51 -------- d-----w- c:\users\Roel\AppData\Roaming\Skype
2012-07-18 19:57 . 2012-07-18 20:51 -------- d-----w- c:\programdata\Skype
2012-07-17 11:37 . 2012-07-17 11:37 -------- d-----w- c:\users\Roel\AppData\Roaming\AVG2012
2012-07-17 11:37 . 2012-08-04 15:53 -------- d-----w- C:\$AVG
2012-07-17 11:37 . 2012-08-04 17:12 -------- d-----w- c:\programdata\AVG2012
2012-07-17 11:36 . 2012-07-17 11:36 -------- d-----w- c:\program files (x86)\AVG
2012-07-17 11:32 . 2012-08-06 09:17 -------- d-----w- c:\programdata\MFAData
2012-07-17 11:32 . 2012-07-17 11:32 -------- d--h--w- c:\programdata\Common Files
2012-07-17 09:22 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FC0C6CA-079B-48B0-B61A-326962D74650}\mpengine.dll
2012-07-11 23:18 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 22:01 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 22:01 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 22:01 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 22:01 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 22:01 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 22:01 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 22:00 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 22:00 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 22:00 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 22:00 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 22:00 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 22:00 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 22:00 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 22:00 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 22:00 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:37 . 2012-06-16 06:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:37 . 2012-03-15 01:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 16:37 . 2012-06-16 06:37 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 23:17 . 2012-06-16 10:49 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 23:00 . 2012-07-06 22:51 3640672 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-01 13:13 . 2012-07-01 13:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-01 09:18 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-29 15:34 . 2012-06-29 15:34 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 12:05 . 2012-06-15 12:05 6 ----a-w- c:\windows\silentOnce.tmp
2012-06-02 22:19 . 2012-06-23 07:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-04 15:55 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-04 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-02 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-11-03 5499392]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]
"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-04 1147488]
.
c:\users\Roel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe [2012-3-8 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-04 2458944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-16 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-04 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-02-04 28992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-04 31080]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-03-08 75880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-01 283200]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-12-06 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-11-03 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-01-03 138768]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-03-08 492032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-04 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-10-13 31216]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys [2012-03-08 161616]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 339048]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D223735383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D236165356: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2656C6B696E6534376: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\37167656D6D236461303: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Roel\AppData\Roaming\Mozilla\Firefox\Profiles\6sv9oxin.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-06 12:44:00 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-06 10:43
.
Pre-Run: 62.405.599.232 bytes beschikbaar
Post-Run: 62.324.178.944 bytes beschikbaar
.
- - End Of File - - E8CFF08941D3DC1713EFA13F26125D3A

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 12:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 August 2012 - 01:01 PM

Hello Gringo

Both scans ran without any trouble.
I also haven't had any more warnings from AVG so far.

TDSSKiller log:
19:46:48.0352 9352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:46:48.0482 9352 ============================================================
19:46:48.0482 9352 Current date / time: 2012/08/06 19:46:48.0482
19:46:48.0482 9352 SystemInfo:
19:46:48.0482 9352
19:46:48.0482 9352 OS Version: 6.1.7601 ServicePack: 1.0
19:46:48.0482 9352 Product type: Workstation
19:46:48.0482 9352 ComputerName: MSI
19:46:48.0483 9352 UserName: Roel
19:46:48.0483 9352 Windows directory: C:\windows
19:46:48.0483 9352 System windows directory: C:\windows
19:46:48.0483 9352 Running under WOW64
19:46:48.0483 9352 Processor architecture: Intel x64
19:46:48.0483 9352 Number of processors: 8
19:46:48.0483 9352 Page size: 0x1000
19:46:48.0483 9352 Boot type: Normal boot
19:46:48.0483 9352 ============================================================
19:46:48.0652 9352 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:46:48.0653 9352 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:46:48.0656 9352 ============================================================
19:46:48.0656 9352 \Device\Harddisk0\DR0:
19:46:48.0656 9352 MBR partitions:
19:46:48.0657 9352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
19:46:48.0657 9352 \Device\Harddisk1\DR1:
19:46:48.0657 9352 MBR partitions:
19:46:48.0657 9352 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F54000, BlocksNum 0x555F1800
19:46:48.0657 9352 ============================================================
19:46:48.0660 9352 C: <-> \Device\Harddisk0\DR0\Partition0
19:46:48.0935 9352 D: <-> \Device\Harddisk1\DR1\Partition0
19:46:48.0935 9352 ============================================================
19:46:48.0935 9352 Initialize success
19:46:48.0935 9352 ============================================================
19:46:52.0007 9440 ============================================================
19:46:52.0007 9440 Scan started
19:46:52.0007 9440 Mode: Manual;
19:46:52.0007 9440 ============================================================
19:46:52.0142 9440 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:46:52.0146 9440 1394ohci - ok
19:46:52.0158 9440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:46:52.0162 9440 ACPI - ok
19:46:52.0165 9440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:46:52.0167 9440 AcpiPmi - ok
19:46:52.0176 9440 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:52.0177 9440 AdobeARMservice - ok
19:46:52.0219 9440 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:52.0223 9440 AdobeFlashPlayerUpdateSvc - ok
19:46:52.0238 9440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:46:52.0245 9440 adp94xx - ok
19:46:52.0257 9440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:46:52.0262 9440 adpahci - ok
19:46:52.0270 9440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:46:52.0274 9440 adpu320 - ok
19:46:52.0281 9440 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:46:52.0281 9440 AeLookupSvc - ok
19:46:52.0297 9440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:46:52.0302 9440 AFD - ok
19:46:52.0307 9440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:46:52.0309 9440 agp440 - ok
19:46:52.0314 9440 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:46:52.0315 9440 ALG - ok
19:46:52.0319 9440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:46:52.0320 9440 aliide - ok
19:46:52.0323 9440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:46:52.0325 9440 amdide - ok
19:46:52.0331 9440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:46:52.0333 9440 AmdK8 - ok
19:46:52.0338 9440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:46:52.0340 9440 AmdPPM - ok
19:46:52.0345 9440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:46:52.0347 9440 amdsata - ok
19:46:52.0355 9440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:46:52.0358 9440 amdsbs - ok
19:46:52.0361 9440 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:46:52.0362 9440 amdxata - ok
19:46:52.0375 9440 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:46:52.0377 9440 Amsp - ok
19:46:52.0387 9440 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:46:52.0390 9440 AppID - ok
19:46:52.0393 9440 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:46:52.0395 9440 AppIDSvc - ok
19:46:52.0399 9440 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:46:52.0404 9440 Appinfo - ok
19:46:52.0412 9440 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:46:52.0414 9440 arc - ok
19:46:52.0420 9440 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:46:52.0422 9440 arcsas - ok
19:46:52.0441 9440 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:46:52.0448 9440 aspnet_state - ok
19:46:52.0452 9440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:46:52.0453 9440 AsyncMac - ok
19:46:52.0457 9440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:46:52.0457 9440 atapi - ok
19:46:52.0497 9440 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
19:46:52.0512 9440 athr - ok
19:46:52.0575 9440 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:46:52.0583 9440 AudioEndpointBuilder - ok
19:46:52.0587 9440 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:46:52.0590 9440 AudioSrv - ok
19:46:52.0747 9440 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
19:46:52.0793 9440 AVGIDSAgent - ok
19:46:52.0850 9440 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
19:46:52.0851 9440 AVGIDSDriver - ok
19:46:52.0856 9440 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
19:46:52.0856 9440 AVGIDSFilter - ok
19:46:52.0859 9440 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
19:46:52.0859 9440 AVGIDSHA - ok
19:46:52.0869 9440 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
19:46:52.0871 9440 Avgldx64 - ok
19:46:52.0875 9440 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
19:46:52.0876 9440 Avgmfx64 - ok
19:46:52.0880 9440 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
19:46:52.0880 9440 Avgrkx64 - ok
19:46:52.0893 9440 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
19:46:52.0894 9440 Avgtdia - ok
19:46:52.0898 9440 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\windows\system32\drivers\avgtpx64.sys
19:46:52.0899 9440 avgtp - ok
19:46:52.0915 9440 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:46:52.0916 9440 avgwd - ok
19:46:52.0926 9440 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:46:52.0929 9440 AxInstSV - ok
19:46:52.0944 9440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:46:52.0951 9440 b06bdrv - ok
19:46:52.0962 9440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:46:52.0966 9440 b57nd60a - ok
19:46:52.0973 9440 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:46:52.0975 9440 BDESVC - ok
19:46:52.0978 9440 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:46:52.0979 9440 Beep - ok
19:46:53.0004 9440 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:46:53.0012 9440 BFE - ok
19:46:53.0018 9440 BfLwf (a547a67cd2e6e0354a2efdbe939c2e6c) C:\windows\system32\DRIVERS\bflwfx64.sys
19:46:53.0019 9440 BfLwf - ok
19:46:53.0024 9440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
19:46:53.0026 9440 blbdrive - ok
19:46:53.0092 9440 Bluetooth Device Monitor (05981c3e51d827ed6b8101a54b05e392) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:46:53.0097 9440 Bluetooth Device Monitor - ok
19:46:53.0133 9440 Bluetooth Media Service (bbfaf63bf768047fe2441b4139e803e3) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:46:53.0138 9440 Bluetooth Media Service - ok
19:46:53.0170 9440 Bluetooth OBEX Service (41d8f56e6bbe0111244d87be2fa90374) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:46:53.0174 9440 Bluetooth OBEX Service - ok
19:46:53.0230 9440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:46:53.0232 9440 bowser - ok
19:46:53.0235 9440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:46:53.0237 9440 BrFiltLo - ok
19:46:53.0240 9440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:46:53.0241 9440 BrFiltUp - ok
19:46:53.0248 9440 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:46:53.0250 9440 BridgeMP - ok
19:46:53.0257 9440 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:46:53.0260 9440 Browser - ok
19:46:53.0269 9440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:46:53.0274 9440 Brserid - ok
19:46:53.0279 9440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:46:53.0280 9440 BrSerWdm - ok
19:46:53.0283 9440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:46:53.0285 9440 BrUsbMdm - ok
19:46:53.0288 9440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:46:53.0289 9440 BrUsbSer - ok
19:46:53.0294 9440 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
19:46:53.0296 9440 BthEnum - ok
19:46:53.0301 9440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:46:53.0303 9440 BTHMODEM - ok
19:46:53.0310 9440 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:46:53.0312 9440 BthPan - ok
19:46:53.0329 9440 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
19:46:53.0336 9440 BTHPORT - ok
19:46:53.0342 9440 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:46:53.0344 9440 bthserv - ok
19:46:53.0352 9440 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
19:46:53.0353 9440 BTHUSB - ok
19:46:53.0359 9440 btmaux (988cc6cc49303665d3b2435c51505c3f) C:\windows\system32\DRIVERS\btmaux.sys
19:46:53.0361 9440 btmaux - ok
19:46:53.0385 9440 btmhsf (2b4b508afac2a563931af1fe875a5b16) C:\windows\system32\DRIVERS\btmhsf.sys
19:46:53.0394 9440 btmhsf - ok
19:46:53.0396 9440 catchme - ok
19:46:53.0403 9440 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:46:53.0405 9440 cdfs - ok
19:46:53.0414 9440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:46:53.0417 9440 cdrom - ok
19:46:53.0424 9440 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:46:53.0426 9440 CertPropSvc - ok
19:46:53.0431 9440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:46:53.0433 9440 circlass - ok
19:46:53.0445 9440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:46:53.0449 9440 CLFS - ok
19:46:53.0465 9440 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:53.0467 9440 clr_optimization_v2.0.50727_32 - ok
19:46:53.0479 9440 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:46:53.0482 9440 clr_optimization_v2.0.50727_64 - ok
19:46:53.0505 9440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:53.0523 9440 clr_optimization_v4.0.30319_32 - ok
19:46:53.0539 9440 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:46:53.0544 9440 clr_optimization_v4.0.30319_64 - ok
19:46:53.0548 9440 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
19:46:53.0549 9440 clwvd - ok
19:46:53.0552 9440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:46:53.0553 9440 CmBatt - ok
19:46:53.0556 9440 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:46:53.0558 9440 cmdide - ok
19:46:53.0573 9440 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:46:53.0578 9440 CNG - ok
19:46:53.0583 9440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:46:53.0583 9440 Compbatt - ok
19:46:53.0587 9440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:46:53.0589 9440 CompositeBus - ok
19:46:53.0590 9440 COMSysApp - ok
19:46:53.0630 9440 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\windows\SysWow64\IntelCpHeciSvc.exe
19:46:53.0634 9440 cphs - ok
19:46:53.0638 9440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:46:53.0640 9440 crcdisk - ok
19:46:53.0648 9440 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:46:53.0651 9440 CryptSvc - ok
19:46:53.0668 9440 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:46:53.0675 9440 DcomLaunch - ok
19:46:53.0686 9440 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:46:53.0691 9440 defragsvc - ok
19:46:53.0697 9440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:46:53.0699 9440 DfsC - ok
19:46:53.0712 9440 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:46:53.0717 9440 Dhcp - ok
19:46:53.0720 9440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:46:53.0721 9440 discache - ok
19:46:53.0726 9440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:46:53.0728 9440 Disk - ok
19:46:53.0736 9440 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:46:53.0739 9440 Dnscache - ok
19:46:53.0749 9440 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:46:53.0753 9440 dot3svc - ok
19:46:53.0760 9440 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:46:53.0764 9440 DPS - ok
19:46:53.0767 9440 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:46:53.0768 9440 drmkaud - ok
19:46:53.0778 9440 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
19:46:53.0780 9440 dtsoftbus01 - ok
19:46:53.0810 9440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:46:53.0815 9440 DXGKrnl - ok
19:46:53.0821 9440 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:46:53.0823 9440 EapHost - ok
19:46:53.0910 9440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:46:53.0942 9440 ebdrv - ok
19:46:53.0986 9440 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:46:53.0987 9440 EFS - ok
19:46:54.0010 9440 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:46:54.0020 9440 ehRecvr - ok
19:46:54.0025 9440 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:46:54.0028 9440 ehSched - ok
19:46:54.0053 9440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:46:54.0060 9440 elxstor - ok
19:46:54.0062 9440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:46:54.0064 9440 ErrDev - ok
19:46:54.0079 9440 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:46:54.0084 9440 EventSystem - ok
19:46:54.0092 9440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:46:54.0095 9440 exfat - ok
19:46:54.0102 9440 Fabs - ok
19:46:54.0111 9440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:46:54.0114 9440 fastfat - ok
19:46:54.0137 9440 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:46:54.0146 9440 Fax - ok
19:46:54.0150 9440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:46:54.0151 9440 fdc - ok
19:46:54.0155 9440 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:46:54.0157 9440 fdPHost - ok
19:46:54.0160 9440 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:46:54.0162 9440 FDResPub - ok
19:46:54.0166 9440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:46:54.0167 9440 FileInfo - ok
19:46:54.0171 9440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:46:54.0172 9440 Filetrace - ok
19:46:54.0258 9440 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:46:54.0288 9440 FirebirdServerMAGIXInstance - ok
19:46:54.0346 9440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:46:54.0347 9440 flpydisk - ok
19:46:54.0358 9440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:46:54.0361 9440 FltMgr - ok
19:46:54.0392 9440 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:46:54.0403 9440 FontCache - ok
19:46:54.0411 9440 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:46:54.0413 9440 FontCache3.0.0.0 - ok
19:46:54.0425 9440 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:46:54.0427 9440 FsDepends - ok
19:46:54.0430 9440 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:46:54.0430 9440 Fs_Rec - ok
19:46:54.0440 9440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:46:54.0443 9440 fvevol - ok
19:46:54.0449 9440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:46:54.0451 9440 gagp30kx - ok
19:46:54.0473 9440 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:46:54.0482 9440 gpsvc - ok
19:46:54.0486 9440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:46:54.0488 9440 hcw85cir - ok
19:46:54.0501 9440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:46:54.0506 9440 HdAudAddService - ok
19:46:54.0514 9440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:46:54.0516 9440 HDAudBus - ok
19:46:54.0519 9440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:46:54.0520 9440 HidBatt - ok
19:46:54.0525 9440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:46:54.0527 9440 HidBth - ok
19:46:54.0531 9440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:46:54.0533 9440 HidIr - ok
19:46:54.0537 9440 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:46:54.0539 9440 hidserv - ok
19:46:54.0543 9440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:46:54.0545 9440 HidUsb - ok
19:46:54.0551 9440 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:46:54.0553 9440 hkmsvc - ok
19:46:54.0562 9440 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:46:54.0566 9440 HomeGroupListener - ok
19:46:54.0574 9440 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:46:54.0577 9440 HomeGroupProvider - ok
19:46:54.0583 9440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:46:54.0585 9440 HpSAMD - ok
19:46:54.0606 9440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:46:54.0615 9440 HTTP - ok
19:46:54.0618 9440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:46:54.0618 9440 hwpolicy - ok
19:46:54.0624 9440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:46:54.0626 9440 i8042prt - ok
19:46:54.0644 9440 iaStor (c224331a54571c8c9162f7714400bbbd) C:\windows\system32\drivers\iaStor.sys
19:46:54.0647 9440 iaStor - ok
19:46:54.0657 9440 IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:46:54.0658 9440 IAStorDataMgrSvc - ok
19:46:54.0673 9440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:46:54.0678 9440 iaStorV - ok
19:46:54.0683 9440 ibtfltcoex (9e3d44ce737388f6bbbb6dd4a1c1847c) C:\windows\system32\DRIVERS\iBtFltCoex.sys
19:46:54.0684 9440 ibtfltcoex - ok
19:46:54.0752 9440 IconMan_R (3cc7b3bb1a9ea201a040883edfaa67a0) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:46:54.0763 9440 IconMan_R - ok
19:46:54.0794 9440 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:46:54.0803 9440 idsvc - ok
19:46:55.0210 9440 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\windows\system32\DRIVERS\igdkmd64.sys
19:46:55.0354 9440 igfx - ok
19:46:55.0413 9440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:46:55.0415 9440 iirsp - ok
19:46:55.0442 9440 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:46:55.0452 9440 IKEEXT - ok
19:46:55.0580 9440 IntcAzAudAddService (bb0d3d57c25d6c5215077a8faa7ad4b3) C:\windows\system32\drivers\RTKVHD64.sys
19:46:55.0602 9440 IntcAzAudAddService - ok
19:46:55.0664 9440 IntcDAud (6c9fffeca9fed31347d211c5d1ffbd2d) C:\windows\system32\DRIVERS\IntcDAud.sys
19:46:55.0668 9440 IntcDAud - ok
19:46:55.0672 9440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:46:55.0673 9440 intelide - ok
19:46:55.0678 9440 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
19:46:55.0679 9440 intelppm - ok
19:46:55.0684 9440 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:46:55.0686 9440 IPBusEnum - ok
19:46:55.0691 9440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:46:55.0693 9440 IpFilterDriver - ok
19:46:55.0713 9440 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:46:55.0720 9440 iphlpsvc - ok
19:46:55.0725 9440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:46:55.0727 9440 IPMIDRV - ok
19:46:55.0735 9440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:46:55.0737 9440 IPNAT - ok
19:46:55.0740 9440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:46:55.0742 9440 IRENUM - ok
19:46:55.0746 9440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:46:55.0747 9440 isapnp - ok
19:46:55.0757 9440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:46:55.0761 9440 iScsiPrt - ok
19:46:55.0764 9440 iusb3hcs (8e4577c6e0d3114170509159de658907) C:\windows\system32\drivers\iusb3hcs.sys
19:46:55.0764 9440 iusb3hcs - ok
19:46:55.0776 9440 iusb3hub (fe76346e9b57da575bd1b3bd0ccad7ff) C:\windows\system32\DRIVERS\iusb3hub.sys
19:46:55.0778 9440 iusb3hub - ok
19:46:55.0801 9440 iusb3xhc (1008cd90da2198ffd250298deb9df160) C:\windows\system32\DRIVERS\iusb3xhc.sys
19:46:55.0805 9440 iusb3xhc - ok
19:46:55.0820 9440 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
19:46:55.0821 9440 IviRegMgr - ok
19:46:55.0825 9440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:46:55.0826 9440 kbdclass - ok
19:46:55.0829 9440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:46:55.0831 9440 kbdhid - ok
19:46:55.0834 9440 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:46:55.0835 9440 KeyIso - ok
19:46:55.0840 9440 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:46:55.0842 9440 KSecDD - ok
19:46:55.0848 9440 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:46:55.0850 9440 KSecPkg - ok
19:46:55.0853 9440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:46:55.0855 9440 ksthunk - ok
19:46:55.0867 9440 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:46:55.0872 9440 KtmRm - ok
19:46:55.0883 9440 L1C (19a1e658e858cb93cca526438086881e) C:\windows\system32\DRIVERS\e22w7x64.sys
19:46:55.0890 9440 L1C - ok
19:46:55.0900 9440 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:46:55.0904 9440 LanmanServer - ok
19:46:55.0911 9440 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:46:55.0914 9440 LanmanWorkstation - ok
19:46:55.0920 9440 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:46:55.0922 9440 lltdio - ok
19:46:55.0932 9440 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:46:55.0937 9440 lltdsvc - ok
19:46:55.0940 9440 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:46:55.0941 9440 lmhosts - ok
19:46:55.0948 9440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:46:55.0951 9440 LSI_FC - ok
19:46:55.0957 9440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:46:55.0959 9440 LSI_SAS - ok
19:46:55.0965 9440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:46:55.0968 9440 LSI_SAS2 - ok
19:46:55.0975 9440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:46:55.0977 9440 LSI_SCSI - ok
19:46:55.0984 9440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:46:55.0986 9440 luafv - ok
19:46:55.0989 9440 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
19:46:55.0990 9440 MBAMProtector - ok
19:46:56.0018 9440 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:46:56.0021 9440 MBAMService - ok
19:46:56.0026 9440 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys
19:46:56.0027 9440 MBfilt - ok
19:46:56.0032 9440 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:46:56.0035 9440 Mcx2Svc - ok
19:46:56.0038 9440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:46:56.0039 9440 megasas - ok
19:46:56.0049 9440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:46:56.0053 9440 MegaSR - ok
19:46:56.0059 9440 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\windows\system32\DRIVERS\HECIx64.sys
19:46:56.0060 9440 MEIx64 - ok
19:46:56.0069 9440 MGHwCtrl - ok
19:46:56.0079 9440 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\S-Bar\MSIService.exe
19:46:56.0081 9440 Micro Star SCM - ok
19:46:56.0086 9440 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:46:56.0088 9440 MMCSS - ok
19:46:56.0091 9440 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:46:56.0093 9440 Modem - ok
19:46:56.0097 9440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:46:56.0098 9440 monitor - ok
19:46:56.0102 9440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:46:56.0103 9440 mouclass - ok
19:46:56.0107 9440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:46:56.0108 9440 mouhid - ok
19:46:56.0114 9440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:46:56.0115 9440 mountmgr - ok
19:46:56.0122 9440 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:46:56.0123 9440 MozillaMaintenance - ok
19:46:56.0130 9440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:46:56.0132 9440 mpio - ok
19:46:56.0137 9440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:46:56.0138 9440 mpsdrv - ok
19:46:56.0167 9440 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:46:56.0177 9440 MpsSvc - ok
19:46:56.0184 9440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:46:56.0187 9440 MRxDAV - ok
19:46:56.0193 9440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:46:56.0196 9440 mrxsmb - ok
19:46:56.0207 9440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:46:56.0210 9440 mrxsmb10 - ok
19:46:56.0217 9440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:46:56.0219 9440 mrxsmb20 - ok
19:46:56.0222 9440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:46:56.0223 9440 msahci - ok
19:46:56.0229 9440 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:46:56.0232 9440 msdsm - ok
19:46:56.0240 9440 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:46:56.0245 9440 MSDTC - ok
19:46:56.0250 9440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:46:56.0252 9440 Msfs - ok
19:46:56.0255 9440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:46:56.0256 9440 mshidkmdf - ok
19:46:56.0266 9440 MSI Foundation Service (87b9daf6d123ec06c19b41d5295441ad) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
19:46:56.0267 9440 MSI Foundation Service - ok
19:46:56.0269 9440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:46:56.0270 9440 msisadrv - ok
19:46:56.0277 9440 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:46:56.0281 9440 MSiSCSI - ok
19:46:56.0283 9440 msiserver - ok
19:46:56.0292 9440 MSI_SuperCharger (c72adf8436182e12b1b7e04390ce4c5b) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
19:46:56.0292 9440 MSI_SuperCharger - ok
19:46:56.0296 9440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:46:56.0297 9440 MSKSSRV - ok
19:46:56.0301 9440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:46:56.0302 9440 MSPCLOCK - ok
19:46:56.0305 9440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:46:56.0306 9440 MSPQM - ok
19:46:56.0319 9440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:46:56.0323 9440 MsRPC - ok
19:46:56.0327 9440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:46:56.0328 9440 mssmbios - ok
19:46:56.0336 9440 MSSQL$SQLEXPRESS - ok
19:46:56.0343 9440 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:46:56.0345 9440 MSSQLServerADHelper100 - ok
19:46:56.0348 9440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:46:56.0350 9440 MSTEE - ok
19:46:56.0352 9440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:46:56.0354 9440 MTConfig - ok
19:46:56.0358 9440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:46:56.0359 9440 Mup - ok
19:46:56.0374 9440 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:46:56.0381 9440 napagent - ok
19:46:56.0393 9440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:46:56.0397 9440 NativeWifiP - ok
19:46:56.0427 9440 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:46:56.0437 9440 NDIS - ok
19:46:56.0441 9440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:46:56.0442 9440 NdisCap - ok
19:46:56.0446 9440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:46:56.0447 9440 NdisTapi - ok
19:46:56.0451 9440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:46:56.0453 9440 Ndisuio - ok
19:46:56.0460 9440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:46:56.0463 9440 NdisWan - ok
19:46:56.0467 9440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:46:56.0469 9440 NDProxy - ok
19:46:56.0473 9440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:46:56.0474 9440 NetBIOS - ok
19:46:56.0483 9440 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:46:56.0486 9440 NetBT - ok
19:46:56.0490 9440 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:46:56.0491 9440 Netlogon - ok
19:46:56.0506 9440 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:46:56.0512 9440 Netman - ok
19:46:56.0531 9440 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:56.0538 9440 NetMsmqActivator - ok
19:46:56.0540 9440 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:56.0541 9440 NetPipeActivator - ok
19:46:56.0555 9440 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:46:56.0563 9440 netprofm - ok
19:46:56.0565 9440 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:56.0566 9440 NetTcpActivator - ok
19:46:56.0568 9440 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:56.0568 9440 NetTcpPortSharing - ok
19:46:56.0881 9440 NETwNs64 (b51e9ad4f4e4f8dbe0ab882756bc5dab) C:\windows\system32\DRIVERS\NETwNs64.sys
19:46:56.0983 9440 NETwNs64 - ok
19:46:57.0041 9440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:46:57.0043 9440 nfrd960 - ok
19:46:57.0055 9440 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:46:57.0059 9440 NlaSvc - ok
19:46:57.0069 9440 NOBU - ok
19:46:57.0074 9440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:46:57.0076 9440 Npfs - ok
19:46:57.0080 9440 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:46:57.0082 9440 nsi - ok
19:46:57.0085 9440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:46:57.0086 9440 nsiproxy - ok
19:46:57.0133 9440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:46:57.0148 9440 Ntfs - ok
19:46:57.0156 9440 NTIOLib_1_0_3 (3f39f013168428c8e505a7b9e6cba8a2) C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
19:46:57.0157 9440 NTIOLib_1_0_3 - ok
19:46:57.0208 9440 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:46:57.0209 9440 Null - ok
19:46:57.0602 9440 nvlddmkm (67428bb28210d22743cc5b3c032cbc57) C:\windows\system32\DRIVERS\nvlddmkm.sys
19:46:57.0666 9440 nvlddmkm - ok
19:46:57.0726 9440 nvpciflt (2afe430c06494691dd97cbb20a982544) C:\windows\system32\DRIVERS\nvpciflt.sys
19:46:57.0727 9440 nvpciflt - ok
19:46:57.0734 9440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:46:57.0736 9440 nvraid - ok
19:46:57.0745 9440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:46:57.0748 9440 nvstor - ok
19:46:57.0773 9440 nvsvc (d594841129e5902a67430c01f59eb20c) C:\windows\system32\nvvsvc.exe
19:46:57.0777 9440 nvsvc - ok
19:46:57.0855 9440 nvUpdatusService (cfe798f2095d6f23f9127cded4547814) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:46:57.0878 9440 nvUpdatusService - ok
19:46:57.0942 9440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:46:57.0945 9440 nv_agp - ok
19:46:57.0950 9440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:46:57.0951 9440 ohci1394 - ok
19:46:57.0963 9440 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:46:57.0968 9440 p2pimsvc - ok
19:46:57.0983 9440 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:46:57.0990 9440 p2psvc - ok
19:46:57.0995 9440 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:46:57.0998 9440 Parport - ok
19:46:58.0003 9440 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:46:58.0005 9440 partmgr - ok
19:46:58.0015 9440 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:46:58.0019 9440 PcaSvc - ok
19:46:58.0028 9440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:46:58.0030 9440 pci - ok
19:46:58.0033 9440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:46:58.0034 9440 pciide - ok
19:46:58.0043 9440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:46:58.0047 9440 pcmcia - ok
19:46:58.0051 9440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:46:58.0052 9440 pcw - ok
19:46:58.0070 9440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:46:58.0078 9440 PEAUTH - ok
19:46:58.0112 9440 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:46:58.0114 9440 PerfHost - ok
19:46:58.0196 9440 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:46:58.0211 9440 pla - ok
19:46:58.0226 9440 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:46:58.0232 9440 PlugPlay - ok
19:46:58.0237 9440 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:46:58.0239 9440 PNRPAutoReg - ok
19:46:58.0251 9440 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:46:58.0253 9440 PNRPsvc - ok
19:46:58.0269 9440 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:46:58.0275 9440 PolicyAgent - ok
19:46:58.0282 9440 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:46:58.0286 9440 Power - ok
19:46:58.0301 9440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:46:58.0303 9440 PptpMiniport - ok
19:46:58.0307 9440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:46:58.0308 9440 Processor - ok
19:46:58.0316 9440 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:46:58.0320 9440 ProfSvc - ok
19:46:58.0323 9440 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:46:58.0324 9440 ProtectedStorage - ok
19:46:58.0332 9440 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:46:58.0333 9440 Psched - ok
19:46:58.0350 9440 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:46:58.0351 9440 PSI_SVC_2 - ok
19:46:58.0393 9440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:46:58.0409 9440 ql2300 - ok
19:46:58.0464 9440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:46:58.0466 9440 ql40xx - ok
19:46:58.0482 9440 Qualcomm Atheros Killer Service (165bf7e379faa483e0185b2a0b0970d8) C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
19:46:58.0485 9440 Qualcomm Atheros Killer Service - ok
19:46:58.0495 9440 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:46:58.0500 9440 QWAVE - ok
19:46:58.0504 9440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:46:58.0506 9440 QWAVEdrv - ok
19:46:58.0509 9440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:46:58.0510 9440 RasAcd - ok
19:46:58.0516 9440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:46:58.0517 9440 RasAgileVpn - ok
19:46:58.0523 9440 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:46:58.0525 9440 RasAuto - ok
19:46:58.0531 9440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:46:58.0533 9440 Rasl2tp - ok
19:46:58.0546 9440 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:46:58.0550 9440 RasMan - ok
19:46:58.0557 9440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:46:58.0559 9440 RasPppoe - ok
19:46:58.0565 9440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:46:58.0567 9440 RasSstp - ok
19:46:58.0577 9440 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:46:58.0581 9440 rdbss - ok
19:46:58.0585 9440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:46:58.0586 9440 rdpbus - ok
19:46:58.0589 9440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:46:58.0589 9440 RDPCDD - ok
19:46:58.0594 9440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:46:58.0595 9440 RDPENCDD - ok
19:46:58.0598 9440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:46:58.0599 9440 RDPREFMP - ok
19:46:58.0607 9440 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:46:58.0611 9440 RDPWD - ok
19:46:58.0621 9440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:46:58.0624 9440 rdyboost - ok
19:46:58.0627 9440 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
19:46:58.0628 9440 regi - ok
19:46:58.0634 9440 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:46:58.0637 9440 RemoteAccess - ok
19:46:58.0644 9440 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:46:58.0647 9440 RemoteRegistry - ok
19:46:58.0656 9440 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:46:58.0659 9440 RFCOMM - ok
19:46:58.0664 9440 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:46:58.0666 9440 RpcEptMapper - ok
19:46:58.0669 9440 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:46:58.0671 9440 RpcLocator - ok
19:46:58.0688 9440 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:46:58.0691 9440 RpcSs - ok
19:46:58.0702 9440 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\windows\system32\DRIVERS\RsFx0103.sys
19:46:58.0707 9440 RsFx0103 - ok
19:46:58.0721 9440 RSPCIESTOR (33404b769915388be7162d9ed58422ac) C:\windows\system32\DRIVERS\RtsPStor.sys
19:46:58.0723 9440 RSPCIESTOR - ok
19:46:58.0729 9440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:46:58.0730 9440 rspndr - ok
19:46:58.0734 9440 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:46:58.0736 9440 SamSs - ok
19:46:58.0741 9440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:46:58.0743 9440 sbp2port - ok
19:46:58.0751 9440 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:46:58.0755 9440 SCardSvr - ok
19:46:58.0759 9440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:46:58.0761 9440 scfilter - ok
19:46:58.0792 9440 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:46:58.0804 9440 Schedule - ok
19:46:58.0810 9440 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:46:58.0811 9440 SCPolicySvc - ok
19:46:58.0816 9440 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
19:46:58.0818 9440 sdbus - ok
19:46:58.0826 9440 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:46:58.0830 9440 SDRSVC - ok
19:46:58.0834 9440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:46:58.0835 9440 secdrv - ok
19:46:58.0839 9440 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:46:58.0841 9440 seclogon - ok
19:46:58.0846 9440 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:46:58.0848 9440 SENS - ok
19:46:58.0852 9440 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:46:58.0855 9440 SensrSvc - ok
19:46:58.0859 9440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:46:58.0861 9440 Serenum - ok
19:46:58.0866 9440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:46:58.0868 9440 Serial - ok
19:46:58.0872 9440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:46:58.0874 9440 sermouse - ok
19:46:58.0885 9440 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:46:58.0888 9440 SessionEnv - ok
19:46:58.0891 9440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:46:58.0892 9440 sffdisk - ok
19:46:58.0895 9440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:46:58.0897 9440 sffp_mmc - ok
19:46:58.0900 9440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:46:58.0901 9440 sffp_sd - ok
19:46:58.0906 9440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:46:58.0907 9440 sfloppy - ok
19:46:58.0924 9440 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:46:58.0929 9440 SharedAccess - ok
19:46:58.0942 9440 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:46:58.0947 9440 ShellHWDetection - ok
19:46:58.0952 9440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:46:58.0954 9440 SiSRaid2 - ok
19:46:58.0960 9440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:46:58.0962 9440 SiSRaid4 - ok
19:46:58.0968 9440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:46:58.0970 9440 Smb - ok
19:46:58.0976 9440 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:46:58.0977 9440 SNMPTRAP - ok
19:46:58.0980 9440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:46:58.0981 9440 spldr - ok
19:46:58.0999 9440 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:46:59.0003 9440 Spooler - ok
19:46:59.0096 9440 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:46:59.0113 9440 sppsvc - ok
19:46:59.0158 9440 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:46:59.0161 9440 sppuinotify - ok
19:46:59.0182 9440 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:46:59.0187 9440 SQLAgent$SQLEXPRESS - ok
19:46:59.0202 9440 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:46:59.0207 9440 SQLBrowser - ok
19:46:59.0215 9440 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:46:59.0216 9440 SQLWriter - ok
19:46:59.0244 9440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:46:59.0249 9440 srv - ok
19:46:59.0263 9440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:46:59.0268 9440 srv2 - ok
19:46:59.0277 9440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:46:59.0279 9440 srvnet - ok
19:46:59.0288 9440 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:46:59.0292 9440 SSDPSRV - ok
19:46:59.0298 9440 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:46:59.0300 9440 SstpSvc - ok
19:46:59.0304 9440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:46:59.0305 9440 stexstor - ok
19:46:59.0323 9440 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:46:59.0331 9440 stisvc - ok
19:46:59.0334 9440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:46:59.0335 9440 swenum - ok
19:46:59.0352 9440 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:46:59.0359 9440 swprv - ok
19:46:59.0402 9440 SynTP (f4db1d9e6a42d491f0f8e21854301c0b) C:\windows\system32\drivers\SynTP.sys
19:46:59.0417 9440 SynTP - ok
19:46:59.0504 9440 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:46:59.0522 9440 SysMain - ok
19:46:59.0570 9440 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:46:59.0573 9440 TabletInputService - ok
19:46:59.0585 9440 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:46:59.0589 9440 TapiSrv - ok
19:46:59.0595 9440 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:46:59.0597 9440 TBS - ok
19:46:59.0666 9440 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:46:59.0685 9440 Tcpip - ok
19:46:59.0796 9440 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:46:59.0805 9440 TCPIP6 - ok
19:46:59.0866 9440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:46:59.0867 9440 tcpipreg - ok
19:46:59.0872 9440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:46:59.0873 9440 TDPIPE - ok
19:46:59.0877 9440 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:46:59.0878 9440 TDTCP - ok
19:46:59.0884 9440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:46:59.0887 9440 tdx - ok
19:46:59.0892 9440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:46:59.0893 9440 TermDD - ok
19:46:59.0916 9440 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:46:59.0925 9440 TermService - ok
19:46:59.0930 9440 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:46:59.0932 9440 Themes - ok
19:46:59.0937 9440 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:46:59.0938 9440 THREADORDER - ok
19:46:59.0944 9440 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\windows\system32\DRIVERS\tmactmon.sys
19:46:59.0945 9440 tmactmon - ok
19:46:59.0953 9440 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\windows\system32\DRIVERS\tmcomm.sys
19:46:59.0955 9440 tmcomm - ok
19:46:59.0960 9440 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\windows\system32\DRIVERS\tmevtmgr.sys
19:46:59.0961 9440 tmevtmgr - ok
19:46:59.0968 9440 tmtdi (48951fbfffcae52fadfcdfb76ed19749) C:\windows\system32\DRIVERS\tmtdi.sys
19:46:59.0970 9440 tmtdi - ok
19:46:59.0977 9440 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:46:59.0979 9440 TrkWks - ok
19:46:59.0989 9440 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:46:59.0990 9440 TrustedInstaller - ok
19:46:59.0995 9440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:46:59.0997 9440 tssecsrv - ok
19:47:00.0002 9440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:47:00.0003 9440 TsUsbFlt - ok
19:47:00.0008 9440 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:47:00.0010 9440 TsUsbGD - ok
19:47:00.0017 9440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:47:00.0018 9440 tunnel - ok
19:47:00.0023 9440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:47:00.0025 9440 uagp35 - ok
19:47:00.0036 9440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:47:00.0041 9440 udfs - ok
19:47:00.0048 9440 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:47:00.0050 9440 UI0Detect - ok
19:47:00.0055 9440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:47:00.0057 9440 uliagpkx - ok
19:47:00.0061 9440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:47:00.0063 9440 umbus - ok
19:47:00.0066 9440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:47:00.0068 9440 UmPass - ok
19:47:00.0084 9440 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:47:00.0090 9440 upnphost - ok
19:47:00.0096 9440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:47:00.0098 9440 usbccgp - ok
19:47:00.0105 9440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:47:00.0107 9440 usbcir - ok
19:47:00.0112 9440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:47:00.0114 9440 usbehci - ok
19:47:00.0125 9440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:47:00.0130 9440 usbhub - ok
19:47:00.0134 9440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:47:00.0136 9440 usbohci - ok
19:47:00.0140 9440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:47:00.0142 9440 usbprint - ok
19:47:00.0146 9440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:47:00.0148 9440 usbscan - ok
19:47:00.0154 9440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:47:00.0157 9440 USBSTOR - ok
19:47:00.0160 9440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:47:00.0162 9440 usbuhci - ok
19:47:00.0169 9440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:47:00.0173 9440 usbvideo - ok
19:47:00.0178 9440 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:47:00.0180 9440 UxSms - ok
19:47:00.0184 9440 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:47:00.0185 9440 VaultSvc - ok
19:47:00.0188 9440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:47:00.0189 9440 vdrvroot - ok
19:47:00.0206 9440 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:47:00.0213 9440 vds - ok
19:47:00.0217 9440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:47:00.0218 9440 vga - ok
19:47:00.0222 9440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:47:00.0223 9440 VgaSave - ok
19:47:00.0232 9440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:47:00.0235 9440 vhdmp - ok
19:47:00.0239 9440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:47:00.0241 9440 viaide - ok
19:47:00.0247 9440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:47:00.0248 9440 volmgr - ok
19:47:00.0261 9440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:47:00.0266 9440 volmgrx - ok
19:47:00.0277 9440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:47:00.0280 9440 volsnap - ok
19:47:00.0288 9440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:47:00.0291 9440 vsmraid - ok
19:47:00.0336 9440 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:47:00.0354 9440 VSS - ok
19:47:00.0384 9440 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
19:47:00.0388 9440 vToolbarUpdater12.1.5 - ok
19:47:00.0439 9440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:47:00.0441 9440 vwifibus - ok
19:47:00.0447 9440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:47:00.0448 9440 vwififlt - ok
19:47:00.0462 9440 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:47:00.0468 9440 W32Time - ok
19:47:00.0473 9440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:47:00.0475 9440 WacomPen - ok
19:47:00.0482 9440 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:47:00.0484 9440 WANARP - ok
19:47:00.0486 9440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:47:00.0487 9440 Wanarpv6 - ok
19:47:00.0526 9440 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:47:00.0538 9440 WatAdminSvc - ok
19:47:00.0581 9440 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:47:00.0597 9440 wbengine - ok
19:47:00.0643 9440 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:47:00.0647 9440 WbioSrvc - ok
19:47:00.0661 9440 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:47:00.0666 9440 wcncsvc - ok
19:47:00.0671 9440 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:47:00.0673 9440 WcsPlugInService - ok
19:47:00.0684 9440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:47:00.0686 9440 Wd - ok
19:47:00.0706 9440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:47:00.0712 9440 Wdf01000 - ok
19:47:00.0718 9440 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:47:00.0721 9440 WdiServiceHost - ok
19:47:00.0723 9440 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:47:00.0724 9440 WdiSystemHost - ok
19:47:00.0734 9440 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:47:00.0739 9440 WebClient - ok
19:47:00.0749 9440 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:47:00.0753 9440 Wecsvc - ok
19:47:00.0759 9440 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:47:00.0761 9440 wercplsupport - ok
19:47:00.0767 9440 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:47:00.0769 9440 WerSvc - ok
19:47:00.0781 9440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:47:00.0783 9440 WfpLwf - ok
19:47:00.0787 9440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:47:00.0788 9440 WIMMount - ok
19:47:00.0799 9440 WinDefend - ok
19:47:00.0803 9440 WinHttpAutoProxySvc - ok
19:47:00.0827 9440 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:47:00.0831 9440 Winmgmt - ok
19:47:00.0888 9440 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:47:00.0910 9440 WinRM - ok
19:47:00.0980 9440 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:47:00.0990 9440 Wlansvc - ok
19:47:00.0998 9440 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:47:01.0001 9440 wlcrasvc - ok
19:47:01.0066 9440 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:47:01.0077 9440 wlidsvc - ok
19:47:01.0135 9440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:47:01.0137 9440 WmiAcpi - ok
19:47:01.0159 9440 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:47:01.0162 9440 wmiApSrv - ok
19:47:01.0168 9440 WMPNetworkSvc - ok
19:47:01.0172 9440 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:47:01.0175 9440 WPCSvc - ok
19:47:01.0181 9440 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:47:01.0184 9440 WPDBusEnum - ok
19:47:01.0188 9440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:47:01.0190 9440 ws2ifsl - ok
19:47:01.0197 9440 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:47:01.0200 9440 wscsvc - ok
19:47:01.0202 9440 WSearch - ok
19:47:01.0273 9440 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:47:01.0295 9440 wuauserv - ok
19:47:01.0352 9440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:47:01.0354 9440 WudfPf - ok
19:47:01.0364 9440 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:47:01.0367 9440 WUDFRd - ok
19:47:01.0373 9440 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:47:01.0375 9440 wudfsvc - ok
19:47:01.0385 9440 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:47:01.0389 9440 WwanSvc - ok
19:47:01.0401 9440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:47:01.0487 9440 \Device\Harddisk0\DR0 - ok
19:47:01.0489 9440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:47:01.0491 9440 \Device\Harddisk1\DR1 - ok
19:47:01.0492 9440 Boot (0x1200) (5c55676e9e52f9863a6870404adb5cac) \Device\Harddisk0\DR0\Partition0
19:47:01.0494 9440 \Device\Harddisk0\DR0\Partition0 - ok
19:47:01.0496 9440 Boot (0x1200) (e6471d4af685acc08350c040f735c31c) \Device\Harddisk1\DR1\Partition0
19:47:01.0496 9440 \Device\Harddisk1\DR1\Partition0 - ok
19:47:01.0497 9440 ============================================================
19:47:01.0497 9440 Scan finished
19:47:01.0497 9440 ============================================================
19:47:01.0502 9432 Detected object count: 0
19:47:01.0502 9432 Actual detected object count: 0


aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 19:49:28
-----------------------------
19:49:28.810 OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:28.810 Number of processors: 8 586 0x3A09
19:49:28.810 ComputerName: MSI UserName:
19:49:28.980 Initialize success
19:54:04.889 AVAST engine defs: 12080600
19:54:20.895 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:54:20.896 Disk 0 Vendor: TS128GSS 1105 Size: 122104MB BusType: 3
19:54:20.898 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:54:20.899 Disk 1 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
19:54:20.901 Disk 0 MBR read successfully
19:54:20.903 Disk 0 MBR scan
19:54:20.906 Disk 0 Windows 7 default MBR code
19:54:20.908 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 2048
19:54:20.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
19:54:20.918 Disk 0 scanning C:\windows\system32\drivers
19:54:23.929 Service scanning
19:54:34.010 Modules scanning
19:54:34.016 Disk 0 trace - called modules:
19:54:34.019 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:54:34.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a17790]
19:54:34.027 3 CLASSPNP.SYS[fffff88001d7443f] -> nt!IofCallDriver -> [0xfffffa80071cc950]
19:54:34.030 5 ACPI.sys[fffff88000f907a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80072e6050]
19:54:34.201 AVAST engine scan C:\windows
19:54:35.338 AVAST engine scan C:\windows\system32
19:56:03.728 AVAST engine scan C:\windows\system32\drivers
19:56:07.235 AVAST engine scan C:\Users\Roel
19:56:55.505 AVAST engine scan C:\ProgramData
19:57:33.623 Scan finished successfully
19:57:47.100 Disk 0 MBR has been saved successfully to "C:\Users\Roel\Desktop\MBR.dat"
19:57:47.103 The log file has been saved successfully to "C:\Users\Roel\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 01:18 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 August 2012 - 01:34 PM

Hello Gringo

The script ran without any trouble and the computer is doing fine

log:
ComboFix 12-08-05.02 - Roel 06/08/2012 20:23:20.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8089.5807 [GMT 2:00]
Gestart vanuit: c:\users\Roel\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Roel\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 18:26 . 2012-08-06 18:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 18:26 . 2012-08-06 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\users\Roel\AppData\Local\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-04 15:55 . 2012-08-04 15:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-04 15:54 . 2012-08-04 15:54 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-04 15:53 . 2012-08-06 09:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 13:45 . 2012-08-04 13:45 -------- d-----w- c:\users\Roel\AppData\Roaming\Malwarebytes
2012-08-04 13:44 . 2012-08-04 13:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 13:44 . 2012-08-04 13:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 13:44 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 13:29 . 2012-07-31 13:29 -------- d-----w- c:\programdata\BDJ
2012-07-31 13:28 . 2012-07-31 13:29 -------- d-----w- c:\users\Roel\AppData\Roaming\Corel
2012-07-31 13:28 . 2012-07-31 13:28 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-31 13:28 . 2012-07-31 13:28 -------- d-----w- c:\users\Roel\Corel
2012-07-31 09:43 . 2012-07-31 09:43 -------- d-----w- c:\users\Roel\AppData\Roaming\OpenOffice.org
2012-07-29 07:15 . 2012-07-29 07:15 -------- d-----w- c:\windows\Pony Polka Audioless Uninstaller
2012-07-29 07:15 . 2011-10-22 23:38 67297052 ----a-w- c:\windows\Pony Polka Audioless.scr
2012-07-24 19:35 . 2012-07-24 19:35 -------- d-----w- c:\program files\DivX
2012-07-24 19:35 . 2012-07-24 19:35 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-24 19:29 . 2012-07-24 19:35 -------- d-----w- c:\program files (x86)\DivX
2012-07-24 19:26 . 2012-07-24 19:35 -------- d-----w- c:\programdata\DivX
2012-07-22 11:32 . 2012-07-22 11:32 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-07-18 20:44 . 2012-07-18 20:44 -------- d-----w- c:\users\Public\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\programdata\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\users\Roel\AppData\Roaming\CyberLink
2012-07-18 20:00 . 2012-07-18 20:00 -------- d-----w- c:\users\Roel\AppData\Local\CyberLink
2012-07-18 19:57 . 2012-07-18 20:51 -------- d-----w- c:\users\Roel\AppData\Roaming\Skype
2012-07-18 19:57 . 2012-07-18 20:51 -------- d-----w- c:\programdata\Skype
2012-07-17 11:37 . 2012-07-17 11:37 -------- d-----w- c:\users\Roel\AppData\Roaming\AVG2012
2012-07-17 11:37 . 2012-08-04 15:53 -------- d-----w- C:\$AVG
2012-07-17 11:37 . 2012-08-04 17:12 -------- d-----w- c:\programdata\AVG2012
2012-07-17 11:36 . 2012-07-17 11:36 -------- d-----w- c:\program files (x86)\AVG
2012-07-17 11:32 . 2012-08-06 09:17 -------- d-----w- c:\programdata\MFAData
2012-07-17 11:32 . 2012-07-17 11:32 -------- d--h--w- c:\programdata\Common Files
2012-07-17 09:22 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FC0C6CA-079B-48B0-B61A-326962D74650}\mpengine.dll
2012-07-11 23:18 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 22:01 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 22:01 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 22:01 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 22:01 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 22:01 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 22:01 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 22:00 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 22:00 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 22:00 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 22:00 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 22:00 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 22:00 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 22:00 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 22:00 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 22:00 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:37 . 2012-06-16 06:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:37 . 2012-03-15 01:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 16:37 . 2012-06-16 06:37 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 23:17 . 2012-06-16 10:49 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 23:00 . 2012-07-06 22:51 3640672 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-01 13:13 . 2012-07-01 13:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-01 09:18 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-29 15:34 . 2012-06-29 15:34 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 12:05 . 2012-06-15 12:05 6 ----a-w- c:\windows\silentOnce.tmp
2012-06-02 22:19 . 2012-06-23 07:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_10.41.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-06 10:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-06 10:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-06 10:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-06 10:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 10:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-06 10:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-06 10:47 60696 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 10:47 41542 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-15 12:04 . 2012-08-06 10:47 8164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2766141649-2141959704-117785998-1001_UserData.bin
+ 2012-08-06 10:45 . 2012-08-06 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 10:41 . 2012-08-06 10:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-06 10:45 . 2012-08-06 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-14 22:17 . 2012-08-06 10:39 820364 c:\windows\system32\perfh013.dat
+ 2012-03-14 22:17 . 2012-08-06 10:49 820364 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2012-08-06 10:49 729170 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-06 10:39 729170 c:\windows\system32\perfh009.dat
+ 2012-03-14 22:17 . 2012-08-06 10:49 180878 c:\windows\system32\perfc013.dat
- 2012-03-14 22:17 . 2012-08-06 10:39 180878 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2012-08-06 10:49 149532 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-06 10:39 149532 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-06 10:41 299656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-06 10:45 299656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-04 15:55 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-04 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-02 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-11-03 5499392]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]
"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-04 1147488]
.
c:\users\Roel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe [2012-3-8 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-04 2458944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-16 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-04 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-02-04 28992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-04 31080]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-03-08 75880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-01 283200]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-12-06 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-11-03 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-01-03 138768]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-03-08 492032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-04 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-10-13 31216]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys [2012-03-08 161616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 339048]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 01982410
*NewlyCreated* - ASWMBR
*NewlyCreated* - NTIOLIB_1_0_3
*Deregistered* - 01982410
*Deregistered* - aswMBR
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Roel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D223735383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2626F68723D236165356: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\2656C6B696E6534376: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{479EAFC1-E483-4EC8-9519-041C9324F99C}\37167656D6D236461303: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Roel\AppData\Roaming\Mozilla\Firefox\Profiles\6sv9oxin.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-08-06 20:27:21
ComboFix-quarantined-files.txt 2012-08-06 18:27
.
Pre-Run: 62.264.373.248 bytes beschikbaar
Post-Run: 62.158.921.728 bytes beschikbaar
.
- - End Of File - - 433CBD8410CEAD6081259F0B6E692B89

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 01:48 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 August 2012 - 02:17 PM

Hello Gringo

Had no trouble whatsoever, although I did get abit click-happy with installing CCleaner and forgot to uncheck the yahoo toolbar option.
The HijackThis link you gave did not make me download an installer, but the actual HijackThis program. I was able to use this to complete the rest of the steps you provided.
Computer is still doing fine and I haven't experienced anything out of the ordinary.

MBAM log:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
www.malwarebytes.org

Databaseversie: v2012.08.06.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Roel :: MSI [administrator]

Realtime bescherming: Uitgeschakeld

6/08/2012 21:02:44
mbam-log-2012-08-06 (21-02-44).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 214588
Verstreken tijd: 49 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)


HijackThis report:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:49, on 6/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\KLM\KLM.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Roel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [S-Bar] %PROGRAMFILES%\S-Bar\S-Bar.exe
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
O4 - HKLM\..\Run: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Dropbox.lnk = C:\Users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Qualcomm Atheros Killer Network Manager.lnk = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{479EAFC1-E483-4EC8-9519-041C9324F99C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\S-Bar\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Qualcomm Atheros Killer Service - Unknown owner - C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13453 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 03:05 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
      O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
      O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - Startup: Dropbox.lnk = C:\Users\Roel\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 August 2012 - 03:36 PM

Hello Gringo

Looks like the ESET scan found some more threats

ESET report:
C:\Qoobox\Quarantine\C\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\windows\Installer\{8d6e4e1e-321e-064c-7385-60c9728d942d}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\Roel\Downloads\cnet2_DTLite4454-0315_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Roel\Downloads\DTLite4454-0315.exe Win32/OpenCandy application

Edited by Gibblet, 06 August 2012 - 03:37 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 06 August 2012 - 06:28 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Roel\Downloads\cnet2_DTLite4454-0315_exe.exe"
    del /f /s /q "C:\Users\Roel\Downloads\DTLite4454-0315.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Gibblet

Gibblet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 August 2012 - 06:05 AM

Hello Gringo

I can not find any more problems so I think the thread can be closed.
Thank you once again for your help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 07 August 2012 - 04:39 PM

You are more than welcome, glad I was able to help and Thank you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 10 August 2012 - 07:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users