Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 kpro1996

kpro1996

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 11 August 2012 - 04:04 PM

Hello people,
I have a short or maybe long question, I have exectly the same problem as this guy had: http://www.bleepingcomputer.com/forums/topic464630.html
I have followed that topic since it was created but have not done anything because I was not sure if it could harm my system.
Now my question: can I use the instructions given on that topic on my pc? Since AVG sais the same thing to me?
thanks in advance, me

(sorry for possible grammar mistakes, I'm dutch)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 12 August 2012 - 01:54 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 12 August 2012 - 03:43 AM

Security check:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (nl-NL)
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon!
````````````````````End of Log``````````````````````



DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Eigenaar at 10:34:07 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8161.5995 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
D:\Programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\Programma's\Hamachi\hamachi-2.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
D:\Programma's\Hamachi\hamachi-2-ui.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Programma's\HTC\htcUPCTLoader.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
D:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
D:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss&mntrId=5ad3bd790000000000008c89a552a616
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: MyTools Class: {c3a44133-7ead-434c-ac9e-7f1da176ba8c} - C:\Program Files (x86)\MyTools\MyTools.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HTC Sync Loader] "D:\Programma's\HTC\htcUPCTLoader.exe" -startup
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Malwarebytes' Anti-Malware] "D:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogMeIn Hamachi Ui] "D:\Programma's\Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{37FDD6B8-6829-4E46-AD31-495A925DF3CC} : DhcpNameServer = 192.168.2.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{87775fdb-6972-41f9-ae51-8326e38cb206}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
{87775fdb-6972-41f9-ae51-8326e38cb206}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
{8dcb7100-df86-4384-8842-8fa844297b3f}
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HTC Sync Loader] "D:\Programma's\HTC\htcUPCTLoader.exe" -startup
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [Malwarebytes' Anti-Malware] "D:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogMeIn Hamachi Ui] "D:\Programma's\Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Eigenaar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Programma's\Hamachi\hamachi-2.exe -s --> D:\Programma's\Hamachi\hamachi-2.exe -s [?]
R2 MBAMService;MBAMService;D:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-22 66560]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-6-13 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-23 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-25 1262400]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-20 250056]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-23 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-12 08:26:34 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{7C7161EC-0E3D-48CC-99B8-70BAB7BE2DFD}
2012-08-12 08:26:02 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{0D8D28A2-BD82-41AF-9A6D-380803D4CF2B}
2012-08-11 20:25:37 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{5C1C05FD-ABB8-4680-9AA0-843B11542DBD}
2012-08-11 20:25:04 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{6C4935A4-B90B-45DD-B5DE-8F358AF96CB1}
2012-08-11 15:46:12 -------- d-----w- C:\Users\Eigenaar\AppData\Local\SCE
2012-08-11 15:46:12 -------- d-----w- C:\Crash
2012-08-11 12:13:18 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\ParetoLogic
2012-08-11 12:13:18 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\DriverCure
2012-08-11 12:13:15 -------- d-----w- C:\ProgramData\ParetoLogic
2012-08-11 09:37:37 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\IObit
2012-08-11 09:17:09 -------- d-----w- C:\Program Files\CCleaner
2012-08-11 08:52:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-11 08:24:39 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{E76BA645-BB49-4BBD-BBB1-9A433C666216}
2012-08-11 08:24:05 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{9D176398-A6F1-4233-8C6A-F03D61A378DC}
2012-08-10 20:23:41 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{17B3C469-2CF5-40D7-9A0D-EAAF394676DB}
2012-08-10 20:23:07 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{33FF0F98-4224-4746-9D94-B56E91261031}
2012-08-10 08:22:43 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{AD98B28A-13F9-423D-8500-A19DF4EE12FC}
2012-08-10 08:22:09 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{ED62628A-33CC-4457-BDD9-3160715DC438}
2012-08-10 07:42:23 -------- d-----w- C:\ProgramData\Windows
2012-08-09 20:21:45 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{26EA4A04-252A-4BA7-948C-18A2F9CCC7BD}
2012-08-09 08:21:00 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{BE8219C1-6684-479C-853F-312CDB2C9337}
2012-08-09 08:20:25 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{562A3927-C0C9-4F53-8B5C-3989BC21DC81}
2012-08-08 20:20:01 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{E3ABB13B-426D-4412-9D71-D1011E4645D0}
2012-08-08 20:19:27 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{AAE93695-807C-4134-BC9C-ABC30305D8D4}
2012-08-08 18:14:04 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Ohar
2012-08-08 18:14:04 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Myleo
2012-08-08 18:14:04 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Iwkehu
2012-08-08 11:58:16 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-08-08 08:19:03 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{D10064C7-EE4E-408F-A443-5A42EE4EF486}
2012-08-08 08:18:29 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{B6906566-0437-4DF7-B313-4854E5AB6811}
2012-08-07 20:18:17 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{5D967782-77C2-4AF5-8710-C281EC309193}
2012-08-07 20:17:43 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{606DCA95-1005-4915-854E-E84655608A67}
2012-08-07 19:06:42 -------- d-----w- C:\Users\Eigenaar\AppData\Local\MadCompany
2012-08-07 09:39:59 8281168 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-07 08:17:19 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C67C774C-B478-47C4-B501-11D55482C79F}
2012-08-07 08:16:45 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{2E86FA80-DAE9-442C-B8C6-9C8731D97975}
2012-08-06 20:16:21 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{2E250028-70ED-46E0-BA8F-6504EF58ADFE}
2012-08-06 20:15:47 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{F66CFE3A-92B0-44FD-B0CD-139513681EAD}
2012-08-06 09:56:40 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{714323D0-AA2F-E9E6-8717-F8E265002932}
2012-08-06 08:15:34 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{F4B854C8-AAEB-4101-A62C-FDF6585B7875}
2012-08-06 08:15:24 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{EBB0246C-18B3-45D9-A98B-D04A71C56B0F}
2012-08-06 08:15:04 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C047C83C-E721-4FB3-B3E4-1D4D73421774}
2012-08-05 16:55:23 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Chromium
2012-08-05 16:20:27 -------- d-----w- C:\ProgramData\Rockstar Games
2012-08-05 15:57:53 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-08-05 08:32:23 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{2A5D2A3A-A165-4DF8-836A-3324243C9CAC}
2012-08-05 08:31:50 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{0D134654-828D-4831-9F3C-751DC0673366}
2012-08-04 20:31:25 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{69086B13-4657-4893-8828-17F012439B5A}
2012-08-04 20:30:50 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{9A9531CF-120C-4D45-8DAE-A0279EF68284}
2012-08-04 10:00:06 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Idake
2012-08-04 10:00:06 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Biqi
2012-08-04 10:00:06 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Abali
2012-08-04 08:30:25 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C2436105-D12B-4774-8D85-820B51801A78}
2012-08-04 08:30:07 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{2D3B8C46-B6B8-414E-BAC2-C600E5D2FB24}
2012-08-03 13:02:29 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{ACBD965D-EA5B-431C-9684-76ADD851081D}
2012-08-03 13:02:09 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{8728EDD0-5B1F-4937-82FC-DF8C0558DEA0}
2012-07-26 22:18:16 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{097DFFE2-4CFD-476C-8C8A-8348B10604BB}
2012-07-26 09:11:42 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C25F8478-5767-46BB-BAC4-B5412F9893B7}
2012-07-26 09:11:19 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{36554988-05AB-4035-882C-83BEF4BDA2BA}
2012-07-25 21:03:49 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{489C0EB6-59E1-4991-A2E4-9012DBE7419A}
2012-07-25 08:45:10 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{3307EA07-8944-4E21-8B26-E641AAAA4ED4}
2012-07-25 08:44:36 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{6F0FF256-FA38-4209-B7AB-089DF9C307B7}
2012-07-24 21:49:32 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\.minecraft
2012-07-24 20:44:12 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{F1E8D177-5AE4-4929-BCCC-4F10F764A02F}
2012-07-24 08:43:38 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{185F6A98-4D73-4DA9-BABA-44BA94D693EE}
2012-07-23 08:47:37 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{8D36E5DF-C8E2-44AD-8B28-E0382E410A24}
2012-07-22 21:14:40 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{5AE665EA-1953-417D-8AC3-2507B9842AC1}
2012-07-22 09:14:17 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{31BAB19C-69DE-4BFC-8E03-93B3E91415D8}
2012-07-22 09:14:07 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{428E1EF7-02CB-4304-B4FA-83AB9EDEAB50}
2012-07-21 09:12:44 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{23E3DB1B-734B-4682-A4DB-3E85E515DB2C}
2012-07-21 09:12:34 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{F81C8C11-4D70-4573-A076-6FD27A0FE24A}
2012-07-20 19:49:14 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{D35112EB-7247-42A5-BCED-A4A1C7ABAB50}
2012-07-20 19:48:53 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C145AA8F-83F1-46C3-9C11-5F54346827AF}
2012-07-20 07:53:41 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Macromedia
2012-07-20 07:53:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-20 07:48:42 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{A07B1D0E-BAD3-4085-BCC7-92B658060978}
2012-07-20 07:48:33 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{57964F47-9AB7-44E4-8015-71DE3A8411D7}
2012-07-19 09:44:41 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{FC616905-2B94-4D34-A3D5-2FD3182A6F2C}
2012-07-19 09:44:31 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{9DFD5A4D-593E-4427-BCDA-9E7A28D55EDB}
2012-07-18 09:53:25 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{7A9F59E6-7905-4453-8B9A-5098AEC4962A}
2012-07-18 09:53:16 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{F0752745-137B-41B5-B815-4562E391EB1F}
2012-07-17 22:08:59 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-07-17 13:33:06 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{C06BD531-EABB-4937-B803-E7EE40AA2314}
2012-07-17 13:32:56 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{5A126551-C3F3-4F48-8AE5-90DF69915E3D}
2012-07-17 11:42:23 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{EA5292BF-B5AB-4BDA-A5DA-1316430A9F3D}
2012-07-17 11:24:46 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{CB1FC8D1-4481-462D-B27B-8CB312953C71}
2012-07-17 11:24:36 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{9BFFD859-7889-41F3-8897-FFF7A9783E25}
2012-07-17 11:14:34 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{67923165-8BCC-46BF-BCF9-61138DC1DCFC}
2012-07-17 10:26:45 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{EF1D24B0-8316-4BB5-A07D-90044459F988}
2012-07-17 10:21:12 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{B1C59B35-C5AF-443D-807B-CF0F3DCD0678}
2012-07-15 18:04:48 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Malwarebytes
2012-07-15 18:04:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 18:04:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 09:19:57 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{56A0B969-E685-4A22-B3D9-91C66D9B9738}
2012-07-15 09:19:47 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{92308503-3B59-490C-95A5-0BA95D24674B}
2012-07-14 20:56:08 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{55B1AD13-D722-4478-9060-C37BDE5045A6}
2012-07-14 20:55:35 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{75BA957A-5926-4005-BACD-A4869C0A03FF}
2012-07-14 08:55:24 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{90902408-F488-450B-98CB-F05D4630BD53}
2012-07-14 08:55:03 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{1C6235E4-DC53-4B3A-8075-66F118AB528C}
2012-07-13 20:54:40 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{1A382C60-E637-447D-A419-7C11243AE7EA}
2012-07-13 20:54:30 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{CE9EEC54-C64C-4263-9B7C-3B1DFA119B8C}
2012-07-13 08:54:19 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{1B1645CA-D64F-44AE-B37C-02698F0957FA}
2012-07-13 08:54:08 -------- d-----w- C:\Users\Eigenaar\AppData\Local\{BF724476-BBA0-4EC3-BBB0-8770A922BBFB}
.
==================== Find3M ====================
.
2012-08-11 17:37:16 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-11 17:37:16 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-11 15:50:59 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-11 15:45:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-08-03 14:02:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 15:06:53 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-09 15:06:53 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-09 15:06:53 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-09 15:06:53 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-29 15:28:08 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-05-29 15:27:54 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-05-29 15:27:54 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 00:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 10:34:20,20 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16-12-2011 12:54:23
System Uptime: 12-8-2012 10:23:10 (0 hours ago)
.
Motherboard: MSI | | Z68MA-ED55 (MS-7676)
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 37,681 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1557,249 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TuneUpUtilitiesDrv
Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Manufacturer:
Name: TuneUpUtilitiesDrv
PNP Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Service: TuneUpUtilitiesDrv
.
==== System Restore Points ===================
.
RP114: 8-8-2012 13:46:51 - Installed Call of Duty® - World at War™
RP115: 8-8-2012 14:44:24 - Installed Call of Duty® - World at War™ 1.1 Patch
RP116: 8-8-2012 14:58:53 - Installed Call of Duty® - World at War™ 1.2 Patch
RP117: 8-8-2012 16:05:05 - Installed Call of Duty® - World at War™ 1.4 Patch
RP118: 8-8-2012 16:07:53 - Installed Call of Duty® - World at War™ 1.5 Patch
RP119: 8-8-2012 17:03:25 - Installed Call of Duty® - World at War™ 1.6 Patch
RP120: 8-8-2012 17:06:12 - Installed Call of Duty® - World at War™ 1.7 Patch
.
==== Installed Programs ======================
.
.
1ClickDownload
1ClickDownloader
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader 9.5.1 - Nederlands
Advertising Center
Algodoo v2.0.0
Android SDK Tools
ArnA 2: Combined Operations
Babylon toolbar on IE
BabylonObjectInstaller
Battlefield 3™
Battlelog Web Plugins
Bing Bar
Bullet Run
Call of Duty® - World at War™
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.7 Patch
Call of Duty: Black Ops - Multiplayer
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5300 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Compatibiliteitspakket voor het 2007 Microsoft Office system
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiRT Showdown
DolbyFiles
ESN Sonar
Fences
Fraps
Gebruikersregistratie voor Canon MG5300 series
GhostMouse
Google Earth
Google Update Helper
Grand Theft Auto IV
GTA IV - Ultimate Vehicle Pack v8.0.0.0
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ImagXpress
ImTOO Video Editor 2
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.62.0.1300
Max Payne 3
Menu Templates - Starter Kit
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MiniTool Partition Wizard Home Edition 7.1
Monday Night Combat
Mouse Editor
Mozilla Firefox 14.0.1 (x86 nl)
Mozilla Maintenance Service
MSI Afterburner 2.2.1
MSI Kombustor 2.3.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyTools
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero Express Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OPERATION7
Origin
PDF Settings CS6
Perfect Resize 7
Pinnacle Game Profiler
Premiumplay Codec-C
PunkBuster Services
Rapture3D 2.4.11 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skype Click to Call
Skype™ 5.8
Sniper Elite V2
Steam
System Requirements Lab CYRI
TBM 1.0
Team Fortress 2
TuneUp Utilities 2012
TuneUp Utilities Language Pack (nl-NL)
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentBar_NL Toolbar
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR archiver
World of Tanks v.0.7.0
YourFileDownloader
.
==== End Of File ===========================


I hope you can do something with this!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 12 August 2012 - 03:51 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 12 August 2012 - 04:41 AM

combofix:

ComboFix 12-08-10.02 - Eigenaar 12-08-2012 11:25:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8161.6200 [GMT 2:00]
Gestart vanuit: d:\documents\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyTools\MyTOols.dll
c:\programdata\windows
c:\users\Eigenaar\AppData\Roaming\Abali
c:\users\Eigenaar\AppData\Roaming\Abali\mawa.tmp
c:\users\Eigenaar\AppData\Roaming\Biqi
c:\users\Eigenaar\AppData\Roaming\Biqi\oxtif.roe
c:\users\Eigenaar\AppData\Roaming\Iwkehu
c:\users\Eigenaar\AppData\Roaming\Iwkehu\nufau.den
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\L\00000004.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\L\201d3dde
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\00000004.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\00000008.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\000000cb.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\80000000.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\80000032.@
c:\windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\80000064.@
.
Besmet exemplaar van c:\windows\system32\services.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))
.
.
2012-08-12 09:27 . 2012-08-12 09:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-12 09:27 . 2012-08-12 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 15:46 . 2012-08-11 15:46 -------- d-----w- c:\users\Eigenaar\AppData\Local\SCE
2012-08-11 15:46 . 2012-08-11 15:46 -------- d-----w- C:\Crash
2012-08-11 12:13 . 2012-08-11 12:13 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\ParetoLogic
2012-08-11 12:13 . 2012-08-11 12:13 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\DriverCure
2012-08-11 12:13 . 2012-08-11 12:16 -------- d-----w- c:\programdata\ParetoLogic
2012-08-11 09:37 . 2012-08-11 11:33 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\IObit
2012-08-11 09:17 . 2012-08-11 09:17 -------- d-----w- c:\program files\CCleaner
2012-08-11 08:52 . 2012-08-11 08:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 08:29 . 2012-08-11 08:29 -------- d-----w- c:\windows\Sun
2012-08-08 18:14 . 2012-08-08 18:28 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Myleo
2012-08-08 18:14 . 2012-08-08 18:14 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Ohar
2012-08-08 11:58 . 2012-08-08 11:58 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-08-07 19:06 . 2012-08-08 08:01 -------- d-----w- c:\users\Eigenaar\AppData\Local\MadCompany
2012-08-07 09:39 . 2012-08-07 09:40 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-07 09:29 . 2012-08-07 09:30 -------- d-----w- c:\users\empireviews
2012-08-05 16:55 . 2012-08-05 16:55 -------- d-----w- c:\users\Eigenaar\AppData\Local\Chromium
2012-08-05 16:20 . 2012-08-05 16:20 -------- d-----w- c:\programdata\Rockstar Games
2012-08-05 15:57 . 2012-08-05 15:57 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-08-04 10:00 . 2012-08-05 08:26 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Idake
2012-07-24 21:49 . 2012-08-11 18:42 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\.minecraft
2012-07-20 07:53 . 2012-07-20 07:53 -------- d-----w- c:\users\Eigenaar\AppData\Local\Macromedia
2012-07-20 07:53 . 2012-08-03 14:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 22:08 . 2012-07-17 22:08 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-15 18:04 . 2012-07-15 18:04 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2012-07-15 18:04 . 2012-07-15 18:04 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 18:04 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 17:37 . 2011-12-24 11:44 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-11 17:37 . 2011-12-24 10:03 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-11 15:50 . 2011-12-24 10:03 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-11 15:45 . 2011-12-24 10:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-03 14:02 . 2011-12-19 08:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 20:52 . 2011-12-19 12:31 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-09 15:06 . 2012-05-02 20:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-09 15:06 . 2012-05-02 20:17 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-09 15:06 . 2012-05-02 20:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-09 15:06 . 2012-05-02 20:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-19 20:54 . 2012-06-19 20:54 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 03:08 . 2012-07-11 20:53 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 20:46 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 20:46 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 20:46 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 20:46 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 20:46 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:46 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:46 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 06:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 20:51 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 20:51 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 20:51 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 20:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 20:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 20:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 20:51 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 20:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 20:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 20:51 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 20:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 20:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 20:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 20:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 20:51 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 20:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 20:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 20:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 20:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 20:46 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 20:46 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 20:46 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 20:46 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 20:46 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 20:46 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 20:46 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:46 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 20:46 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-29 15:28 . 2012-06-12 13:41 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 15:27 . 2012-06-12 13:41 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-05-29 15:27 . 2012-06-12 13:41 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-05-15 10:48 . 2012-06-08 17:17 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-08 17:17 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-08 17:17 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-08 17:17 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-08 17:17 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-08 17:17 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-08 17:17 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-08 17:17 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-08 17:17 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-08 17:17 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-08 17:17 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-08 17:17 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-08 17:17 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-08 17:17 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-08 17:17 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-08 17:17 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-08 17:17 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-06-08 17:17 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2011-12-25 15:11 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-12-25 15:11 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-12-25 15:11 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-12-25 15:11 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-12-25 15:11 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-12-25 15:11 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-12-25 15:11 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-25 15:11 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-25 15:11 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-12-25 15:12 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-12-25 15:12 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-12-25 15:12 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-12-25 15:12 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-08 17:17 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-12-25 15:12 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-12-25 15:12 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 17:37 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HTC Sync Loader"="d:\programma's\HTC\htcUPCTLoader.exe" [2012-04-01 634880]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Malwarebytes' Anti-Malware"="d:\programma's\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="d:\programma's\Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Super-Charger"=c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R2 MBAMService;MBAMService;d:\programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-01 283200]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programma's\Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-12-18 66560]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 14:02]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 06:48]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 06:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\programma's\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss&mntrId=5ad3bd790000000000008c89a552a616
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,28,9e,f4,65,11,24,87,ee,db,86,44,52,2f,f5,6d,e7,80,28,0c,78,6a,5b,
aa,90,79,e0,5c,e1,54,98,49,e9,d9,72,11,6b,54,35,4e,f2,ff,85,a0,e8,50,1f,7f,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,cd,16,f4,18,16,2b,86,00,e9,22,3d,b7,0d,86,98,1c,c6,c8,ce,85,
27,54,04,cd,69,6a,90,68,90,61,91,18,ee,b4,bc,47,8f,79,e3,17,6d,91,f8,f7,2a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\YourFileDownloader\YourFileUpdater.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-12 11:30:01 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-12 09:30
.
Pre-Run: 41.827.471.360 bytes beschikbaar
Post-Run: 41.958.551.552 bytes beschikbaar
.
- - End Of File - - 23A8219F1795AAE3A41D626DC9B400E2


I saw that there are some dutch sentences in this log, I can translate them if its needed.
After the restart from combofix I waited 5 minutes with AVG on and it detected nothing, I think this is a very good thing right?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 12 August 2012 - 11:39 AM

Greetings kpro1996

That looks like it removed most of the virus but I want to do some deeper checking to be sure so I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 12 August 2012 - 12:49 PM

TDSSkiller:

19:36:03.0204 4080 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:36:03.0256 4080 ============================================================
19:36:03.0256 4080 Current date / time: 2012/08/12 19:36:03.0256
19:36:03.0256 4080 SystemInfo:
19:36:03.0257 4080
19:36:03.0257 4080 OS Version: 6.1.7601 ServicePack: 1.0
19:36:03.0257 4080 Product type: Workstation
19:36:03.0257 4080 ComputerName: GAME-PC
19:36:03.0257 4080 UserName: Eigenaar
19:36:03.0257 4080 Windows directory: C:\Windows
19:36:03.0257 4080 System windows directory: C:\Windows
19:36:03.0257 4080 Running under WOW64
19:36:03.0257 4080 Processor architecture: Intel x64
19:36:03.0257 4080 Number of processors: 4
19:36:03.0257 4080 Page size: 0x1000
19:36:03.0257 4080 Boot type: Normal boot
19:36:03.0257 4080 ============================================================
19:36:03.0430 4080 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:36:03.0441 4080 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:36:03.0443 4080 ============================================================
19:36:03.0443 4080 \Device\Harddisk1\DR1:
19:36:03.0443 4080 MBR partitions:
19:36:03.0443 4080 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:36:03.0443 4080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:36:03.0443 4080 \Device\Harddisk0\DR0:
19:36:03.0443 4080 MBR partitions:
19:36:03.0443 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:36:03.0443 4080 ============================================================
19:36:03.0444 4080 C: <-> \Device\Harddisk1\DR1\Partition1
19:36:03.0465 4080 D: <-> \Device\Harddisk0\DR0\Partition0
19:36:03.0465 4080 ============================================================
19:36:03.0465 4080 Initialize success
19:36:03.0465 4080 ============================================================
19:36:29.0700 5468 ============================================================
19:36:29.0700 5468 Scan started
19:36:29.0700 5468 Mode: Manual;
19:36:29.0700 5468 ============================================================
19:36:30.0248 5468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
19:36:30.0251 5468 1394ohci - ok
19:36:30.0265 5468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:36:30.0268 5468 ACPI - ok
19:36:30.0271 5468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:36:30.0271 5468 AcpiPmi - ok
19:36:30.0298 5468 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:30.0301 5468 AdobeFlashPlayerUpdateSvc - ok
19:36:30.0317 5468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:36:30.0322 5468 adp94xx - ok
19:36:30.0335 5468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:36:30.0339 5468 adpahci - ok
19:36:30.0347 5468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:36:30.0351 5468 adpu320 - ok
19:36:30.0356 5468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:36:30.0357 5468 AeLookupSvc - ok
19:36:30.0372 5468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:36:30.0378 5468 AFD - ok
19:36:30.0383 5468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:36:30.0385 5468 agp440 - ok
19:36:30.0390 5468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:36:30.0391 5468 ALG - ok
19:36:30.0393 5468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:36:30.0394 5468 aliide - ok
19:36:30.0413 5468 ALSysIO - ok
19:36:30.0415 5468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:36:30.0416 5468 amdide - ok
19:36:30.0421 5468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:36:30.0422 5468 AmdK8 - ok
19:36:30.0426 5468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:36:30.0428 5468 AmdPPM - ok
19:36:30.0432 5468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:36:30.0433 5468 amdsata - ok
19:36:30.0442 5468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:36:30.0445 5468 amdsbs - ok
19:36:30.0448 5468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:36:30.0448 5468 amdxata - ok
19:36:30.0453 5468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:36:30.0455 5468 AppID - ok
19:36:30.0458 5468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:36:30.0459 5468 AppIDSvc - ok
19:36:30.0463 5468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:36:30.0465 5468 Appinfo - ok
19:36:30.0471 5468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:36:30.0473 5468 arc - ok
19:36:30.0477 5468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:36:30.0478 5468 arcsas - ok
19:36:30.0488 5468 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:36:30.0489 5468 aspnet_state - ok
19:36:30.0492 5468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:30.0493 5468 AsyncMac - ok
19:36:30.0495 5468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:36:30.0495 5468 atapi - ok
19:36:30.0518 5468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:36:30.0526 5468 AudioEndpointBuilder - ok
19:36:30.0530 5468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:36:30.0533 5468 AudioSrv - ok
19:36:30.0660 5468 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:36:30.0703 5468 AVGIDSAgent - ok
19:36:30.0735 5468 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:36:30.0737 5468 AVGIDSDriver - ok
19:36:30.0740 5468 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:36:30.0740 5468 AVGIDSFilter - ok
19:36:30.0744 5468 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
19:36:30.0745 5468 AVGIDSHA - ok
19:36:30.0754 5468 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
19:36:30.0757 5468 Avgldx64 - ok
19:36:30.0760 5468 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:36:30.0761 5468 Avgmfx64 - ok
19:36:30.0764 5468 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:36:30.0765 5468 Avgrkx64 - ok
19:36:30.0777 5468 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
19:36:30.0782 5468 Avgtdia - ok
19:36:30.0793 5468 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:36:30.0795 5468 avgwd - ok
19:36:30.0800 5468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:36:30.0802 5468 AxInstSV - ok
19:36:30.0819 5468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:36:30.0825 5468 b06bdrv - ok
19:36:30.0833 5468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:36:30.0837 5468 b57nd60a - ok
19:36:30.0846 5468 BBSvc (f48feb7da35821da15e0b006dcb9a169) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:36:30.0848 5468 BBSvc - ok
19:36:30.0857 5468 BBUpdate (8e16f7a85441986fd2b9ce6c879524e4) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:36:30.0859 5468 BBUpdate - ok
19:36:30.0866 5468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:36:30.0868 5468 BDESVC - ok
19:36:30.0870 5468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:36:30.0871 5468 Beep - ok
19:36:30.0893 5468 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:36:30.0900 5468 BFE - ok
19:36:30.0906 5468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:30.0907 5468 blbdrive - ok
19:36:30.0911 5468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:36:30.0913 5468 bowser - ok
19:36:30.0915 5468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:36:30.0917 5468 BrFiltLo - ok
19:36:30.0918 5468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:36:30.0919 5468 BrFiltUp - ok
19:36:30.0924 5468 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:36:30.0925 5468 BridgeMP - ok
19:36:30.0932 5468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:36:30.0934 5468 Browser - ok
19:36:30.0944 5468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:36:30.0948 5468 Brserid - ok
19:36:30.0951 5468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:30.0952 5468 BrSerWdm - ok
19:36:30.0954 5468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:30.0954 5468 BrUsbMdm - ok
19:36:30.0956 5468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:30.0957 5468 BrUsbSer - ok
19:36:30.0960 5468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:36:30.0962 5468 BTHMODEM - ok
19:36:30.0967 5468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:36:30.0968 5468 bthserv - ok
19:36:30.0969 5468 catchme - ok
19:36:30.0974 5468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:36:30.0975 5468 cdfs - ok
19:36:30.0982 5468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:36:30.0984 5468 cdrom - ok
19:36:30.0988 5468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:36:30.0990 5468 CertPropSvc - ok
19:36:30.0993 5468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:36:30.0994 5468 circlass - ok
19:36:31.0007 5468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:36:31.0011 5468 CLFS - ok
19:36:31.0018 5468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:31.0019 5468 clr_optimization_v2.0.50727_32 - ok
19:36:31.0025 5468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:36:31.0026 5468 clr_optimization_v2.0.50727_64 - ok
19:36:31.0036 5468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:31.0038 5468 clr_optimization_v4.0.30319_32 - ok
19:36:31.0047 5468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:36:31.0049 5468 clr_optimization_v4.0.30319_64 - ok
19:36:31.0052 5468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:36:31.0053 5468 CmBatt - ok
19:36:31.0055 5468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:36:31.0055 5468 cmdide - ok
19:36:31.0068 5468 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:36:31.0073 5468 CNG - ok
19:36:31.0075 5468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:36:31.0076 5468 Compbatt - ok
19:36:31.0078 5468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:36:31.0079 5468 CompositeBus - ok
19:36:31.0081 5468 COMSysApp - ok
19:36:31.0083 5468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:36:31.0084 5468 crcdisk - ok
19:36:31.0092 5468 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:36:31.0094 5468 CryptSvc - ok
19:36:31.0113 5468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:36:31.0120 5468 DcomLaunch - ok
19:36:31.0130 5468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:36:31.0134 5468 defragsvc - ok
19:36:31.0140 5468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:36:31.0142 5468 DfsC - ok
19:36:31.0154 5468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:36:31.0158 5468 Dhcp - ok
19:36:31.0161 5468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:36:31.0162 5468 discache - ok
19:36:31.0166 5468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:36:31.0168 5468 Disk - ok
19:36:31.0175 5468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:36:31.0177 5468 Dnscache - ok
19:36:31.0188 5468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:36:31.0191 5468 dot3svc - ok
19:36:31.0198 5468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:36:31.0200 5468 DPS - ok
19:36:31.0203 5468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:36:31.0203 5468 drmkaud - ok
19:36:31.0214 5468 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:36:31.0218 5468 dtsoftbus01 - ok
19:36:31.0250 5468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:36:31.0263 5468 DXGKrnl - ok
19:36:31.0269 5468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:36:31.0270 5468 EapHost - ok
19:36:31.0358 5468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:36:31.0396 5468 ebdrv - ok
19:36:31.0425 5468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:36:31.0426 5468 EFS - ok
19:36:31.0447 5468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:36:31.0453 5468 ehRecvr - ok
19:36:31.0458 5468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:36:31.0460 5468 ehSched - ok
19:36:31.0480 5468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:36:31.0485 5468 elxstor - ok
19:36:31.0487 5468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:36:31.0488 5468 ErrDev - ok
19:36:31.0505 5468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:36:31.0510 5468 EventSystem - ok
19:36:31.0519 5468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:36:31.0521 5468 exfat - ok
19:36:31.0529 5468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:36:31.0531 5468 fastfat - ok
19:36:31.0556 5468 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:36:31.0567 5468 Fax - ok
19:36:31.0571 5468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:36:31.0572 5468 fdc - ok
19:36:31.0575 5468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:36:31.0576 5468 fdPHost - ok
19:36:31.0579 5468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:36:31.0580 5468 FDResPub - ok
19:36:31.0584 5468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:36:31.0585 5468 FileInfo - ok
19:36:31.0588 5468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:36:31.0589 5468 Filetrace - ok
19:36:31.0591 5468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:36:31.0592 5468 flpydisk - ok
19:36:31.0604 5468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:36:31.0608 5468 FltMgr - ok
19:36:31.0645 5468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:36:31.0661 5468 FontCache - ok
19:36:31.0666 5468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:31.0668 5468 FontCache3.0.0.0 - ok
19:36:31.0676 5468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:36:31.0678 5468 FsDepends - ok
19:36:31.0680 5468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:31.0681 5468 Fs_Rec - ok
19:36:31.0692 5468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:31.0696 5468 fvevol - ok
19:36:31.0701 5468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:36:31.0703 5468 gagp30kx - ok
19:36:31.0731 5468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:36:31.0741 5468 gpsvc - ok
19:36:31.0751 5468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:31.0753 5468 gupdate - ok
19:36:31.0755 5468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:31.0756 5468 gupdatem - ok
19:36:31.0760 5468 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
19:36:31.0761 5468 hamachi - ok
19:36:31.0793 5468 Hamachi2Svc - ok
19:36:31.0798 5468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:36:31.0800 5468 hcw85cir - ok
19:36:31.0815 5468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:36:31.0821 5468 HdAudAddService - ok
19:36:31.0829 5468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:31.0831 5468 HDAudBus - ok
19:36:31.0835 5468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:36:31.0837 5468 HidBatt - ok
19:36:31.0844 5468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:36:31.0846 5468 HidBth - ok
19:36:31.0851 5468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:36:31.0853 5468 HidIr - ok
19:36:31.0857 5468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:36:31.0859 5468 hidserv - ok
19:36:31.0862 5468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:36:31.0863 5468 HidUsb - ok
19:36:31.0868 5468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:36:31.0870 5468 hkmsvc - ok
19:36:31.0879 5468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:36:31.0882 5468 HomeGroupListener - ok
19:36:31.0891 5468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:36:31.0894 5468 HomeGroupProvider - ok
19:36:31.0899 5468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:36:31.0900 5468 HpSAMD - ok
19:36:31.0904 5468 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:36:31.0904 5468 HTCAND64 - ok
19:36:31.0907 5468 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
19:36:31.0908 5468 htcnprot - ok
19:36:31.0933 5468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:36:31.0942 5468 HTTP - ok
19:36:31.0945 5468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:36:31.0945 5468 hwpolicy - ok
19:36:31.0950 5468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:36:31.0951 5468 i8042prt - ok
19:36:31.0964 5468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:36:31.0969 5468 iaStorV - ok
19:36:31.0975 5468 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:31.0977 5468 IDriverT - ok
19:36:32.0000 5468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:32.0009 5468 idsvc - ok
19:36:32.0037 5468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:36:32.0039 5468 iirsp - ok
19:36:32.0045 5468 IJPLMSVC (ce1ee31fff730ca975a5535d8a71af61) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
19:36:32.0047 5468 IJPLMSVC - ok
19:36:32.0073 5468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:36:32.0081 5468 IKEEXT - ok
19:36:32.0160 5468 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
19:36:32.0185 5468 IntcAzAudAddService - ok
19:36:32.0213 5468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:36:32.0213 5468 intelide - ok
19:36:32.0218 5468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:32.0218 5468 intelppm - ok
19:36:32.0223 5468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:36:32.0224 5468 IPBusEnum - ok
19:36:32.0228 5468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:32.0229 5468 IpFilterDriver - ok
19:36:32.0250 5468 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:36:32.0258 5468 iphlpsvc - ok
19:36:32.0263 5468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:32.0264 5468 IPMIDRV - ok
19:36:32.0269 5468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:36:32.0271 5468 IPNAT - ok
19:36:32.0273 5468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:36:32.0274 5468 IRENUM - ok
19:36:32.0277 5468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:36:32.0278 5468 isapnp - ok
19:36:32.0288 5468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:36:32.0291 5468 iScsiPrt - ok
19:36:32.0294 5468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:32.0295 5468 kbdclass - ok
19:36:32.0298 5468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:32.0300 5468 kbdhid - ok
19:36:32.0302 5468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:32.0303 5468 KeyIso - ok
19:36:32.0307 5468 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:36:32.0308 5468 KSecDD - ok
19:36:32.0314 5468 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:32.0316 5468 KSecPkg - ok
19:36:32.0318 5468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:36:32.0319 5468 ksthunk - ok
19:36:32.0331 5468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:36:32.0335 5468 KtmRm - ok
19:36:32.0346 5468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:36:32.0349 5468 LanmanServer - ok
19:36:32.0356 5468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:36:32.0358 5468 LanmanWorkstation - ok
19:36:32.0364 5468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:32.0365 5468 lltdio - ok
19:36:32.0377 5468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:36:32.0381 5468 lltdsvc - ok
19:36:32.0383 5468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:36:32.0385 5468 lmhosts - ok
19:36:32.0397 5468 LMS (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:36:32.0398 5468 LMS - ok
19:36:32.0406 5468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:36:32.0408 5468 LSI_FC - ok
19:36:32.0414 5468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:36:32.0415 5468 LSI_SAS - ok
19:36:32.0419 5468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:36:32.0421 5468 LSI_SAS2 - ok
19:36:32.0427 5468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:36:32.0429 5468 LSI_SCSI - ok
19:36:32.0435 5468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:36:32.0437 5468 luafv - ok
19:36:32.0440 5468 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
19:36:32.0441 5468 ManyCam - ok
19:36:32.0447 5468 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:36:32.0448 5468 MBAMProtector - ok
19:36:32.0486 5468 MBAMService (43683e970f008c93c9429ef428147a54) D:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:32.0492 5468 MBAMService - ok
19:36:32.0495 5468 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
19:36:32.0496 5468 MBfilt - ok
19:36:32.0501 5468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:36:32.0502 5468 Mcx2Svc - ok
19:36:32.0505 5468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:36:32.0506 5468 megasas - ok
19:36:32.0516 5468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:36:32.0519 5468 MegaSR - ok
19:36:32.0524 5468 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:36:32.0525 5468 MEIx64 - ok
19:36:32.0529 5468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:32.0531 5468 MMCSS - ok
19:36:32.0534 5468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:36:32.0535 5468 Modem - ok
19:36:32.0538 5468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:36:32.0538 5468 monitor - ok
19:36:32.0542 5468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:36:32.0543 5468 mouclass - ok
19:36:32.0546 5468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:32.0547 5468 mouhid - ok
19:36:32.0552 5468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:36:32.0553 5468 mountmgr - ok
19:36:32.0560 5468 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:36:32.0561 5468 MozillaMaintenance - ok
19:36:32.0569 5468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:36:32.0572 5468 mpio - ok
19:36:32.0575 5468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:36:32.0577 5468 mpsdrv - ok
19:36:32.0606 5468 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:36:32.0616 5468 MpsSvc - ok
19:36:32.0623 5468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:36:32.0625 5468 MRxDAV - ok
19:36:32.0632 5468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:32.0634 5468 mrxsmb - ok
19:36:32.0644 5468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:32.0648 5468 mrxsmb10 - ok
19:36:32.0654 5468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:32.0656 5468 mrxsmb20 - ok
19:36:32.0659 5468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:36:32.0660 5468 msahci - ok
19:36:32.0666 5468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:36:32.0668 5468 msdsm - ok
19:36:32.0674 5468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:36:32.0676 5468 MSDTC - ok
19:36:32.0681 5468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:36:32.0682 5468 Msfs - ok
19:36:32.0684 5468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:32.0685 5468 mshidkmdf - ok
19:36:32.0688 5468 MSICDSetup - ok
19:36:32.0690 5468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:36:32.0691 5468 msisadrv - ok
19:36:32.0698 5468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:36:32.0700 5468 MSiSCSI - ok
19:36:32.0702 5468 msiserver - ok
19:36:32.0705 5468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:32.0706 5468 MSKSSRV - ok
19:36:32.0708 5468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:32.0709 5468 MSPCLOCK - ok
19:36:32.0711 5468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:36:32.0711 5468 MSPQM - ok
19:36:32.0724 5468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:36:32.0728 5468 MsRPC - ok
19:36:32.0732 5468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:36:32.0733 5468 mssmbios - ok
19:36:32.0735 5468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:36:32.0735 5468 MSTEE - ok
19:36:32.0738 5468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:36:32.0738 5468 MTConfig - ok
19:36:32.0742 5468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:36:32.0743 5468 Mup - ok
19:36:32.0758 5468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:36:32.0763 5468 napagent - ok
19:36:32.0775 5468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:32.0778 5468 NativeWifiP - ok
19:36:32.0809 5468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:36:32.0819 5468 NDIS - ok
19:36:32.0822 5468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:32.0823 5468 NdisCap - ok
19:36:32.0826 5468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:32.0827 5468 NdisTapi - ok
19:36:32.0830 5468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:32.0832 5468 Ndisuio - ok
19:36:32.0840 5468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:32.0843 5468 NdisWan - ok
19:36:32.0847 5468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:36:32.0849 5468 NDProxy - ok
19:36:32.0874 5468 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:36:32.0882 5468 Nero BackItUp Scheduler 4.0 - ok
19:36:32.0886 5468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:36:32.0887 5468 NetBIOS - ok
19:36:32.0897 5468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:36:32.0901 5468 NetBT - ok
19:36:32.0905 5468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:32.0905 5468 Netlogon - ok
19:36:32.0918 5468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:36:32.0923 5468 Netman - ok
19:36:32.0934 5468 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:32.0936 5468 NetMsmqActivator - ok
19:36:32.0938 5468 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:32.0938 5468 NetPipeActivator - ok
19:36:32.0955 5468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:36:32.0960 5468 netprofm - ok
19:36:32.0963 5468 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:32.0963 5468 NetTcpActivator - ok
19:36:32.0965 5468 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:32.0966 5468 NetTcpPortSharing - ok
19:36:32.0973 5468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:36:32.0974 5468 nfrd960 - ok
19:36:32.0986 5468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:36:32.0991 5468 NlaSvc - ok
19:36:33.0013 5468 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
19:36:33.0015 5468 nlsX86cc - ok
19:36:33.0018 5468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:36:33.0020 5468 Npfs - ok
19:36:33.0022 5468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:36:33.0023 5468 nsi - ok
19:36:33.0026 5468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:36:33.0026 5468 nsiproxy - ok
19:36:33.0070 5468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:36:33.0084 5468 Ntfs - ok
19:36:33.0088 5468 NTIOLib_1_0_3 - ok
19:36:33.0116 5468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:36:33.0117 5468 Null - ok
19:36:33.0121 5468 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:36:33.0122 5468 nusb3hub - ok
19:36:33.0129 5468 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:36:33.0131 5468 nusb3xhc - ok
19:36:33.0139 5468 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
19:36:33.0141 5468 NVHDA - ok
19:36:33.0488 5468 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:33.0612 5468 nvlddmkm - ok
19:36:33.0643 5468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:36:33.0645 5468 nvraid - ok
19:36:33.0651 5468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:36:33.0653 5468 nvstor - ok
19:36:33.0679 5468 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:36:33.0689 5468 nvsvc - ok
19:36:33.0722 5468 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:36:33.0733 5468 nvUpdatusService - ok
19:36:33.0763 5468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:36:33.0765 5468 nv_agp - ok
19:36:33.0770 5468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:36:33.0771 5468 ohci1394 - ok
19:36:33.0779 5468 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:33.0781 5468 ose - ok
19:36:33.0907 5468 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:33.0951 5468 osppsvc - ok
19:36:33.0991 5468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:33.0996 5468 p2pimsvc - ok
19:36:34.0015 5468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:36:34.0022 5468 p2psvc - ok
19:36:34.0031 5468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:36:34.0032 5468 Parport - ok
19:36:34.0036 5468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:36:34.0037 5468 partmgr - ok
19:36:34.0042 5468 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
19:36:34.0043 5468 PassThru Service - ok
19:36:34.0051 5468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:36:34.0054 5468 PcaSvc - ok
19:36:34.0062 5468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:36:34.0065 5468 pci - ok
19:36:34.0067 5468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:36:34.0068 5468 pciide - ok
19:36:34.0076 5468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:36:34.0079 5468 pcmcia - ok
19:36:34.0083 5468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:36:34.0084 5468 pcw - ok
19:36:34.0106 5468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:36:34.0114 5468 PEAUTH - ok
19:36:34.0138 5468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:36:34.0139 5468 PerfHost - ok
19:36:34.0178 5468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:36:34.0191 5468 pla - ok
19:36:34.0205 5468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:36:34.0211 5468 PlugPlay - ok
19:36:34.0214 5468 PnkBstrA - ok
19:36:34.0216 5468 PnkBstrB - ok
19:36:34.0220 5468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:36:34.0221 5468 PNRPAutoReg - ok
19:36:34.0234 5468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:34.0236 5468 PNRPsvc - ok
19:36:34.0254 5468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:36:34.0260 5468 PolicyAgent - ok
19:36:34.0270 5468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:36:34.0273 5468 Power - ok
19:36:34.0282 5468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:34.0284 5468 PptpMiniport - ok
19:36:34.0289 5468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:36:34.0290 5468 Processor - ok
19:36:34.0298 5468 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:36:34.0301 5468 ProfSvc - ok
19:36:34.0304 5468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:34.0305 5468 ProtectedStorage - ok
19:36:34.0312 5468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:36:34.0314 5468 Psched - ok
19:36:34.0318 5468 pwdrvio (ff40216a382b30cc39372b889ae1f785) C:\Windows\system32\pwdrvio.sys
19:36:34.0320 5468 pwdrvio - ok
19:36:34.0323 5468 pwdspio (bd08a9cdf23502b1c141d52d9d6a6648) C:\Windows\system32\pwdspio.sys
19:36:34.0325 5468 pwdspio - ok
19:36:34.0374 5468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:36:34.0393 5468 ql2300 - ok
19:36:34.0428 5468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:36:34.0430 5468 ql40xx - ok
19:36:34.0440 5468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:36:34.0443 5468 QWAVE - ok
19:36:34.0447 5468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:36:34.0448 5468 QWAVEdrv - ok
19:36:34.0451 5468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:34.0452 5468 RasAcd - ok
19:36:34.0457 5468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:34.0459 5468 RasAgileVpn - ok
19:36:34.0464 5468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:36:34.0467 5468 RasAuto - ok
19:36:34.0474 5468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:34.0476 5468 Rasl2tp - ok
19:36:34.0489 5468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:36:34.0494 5468 RasMan - ok
19:36:34.0500 5468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:34.0502 5468 RasPppoe - ok
19:36:34.0509 5468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:34.0511 5468 RasSstp - ok
19:36:34.0524 5468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:34.0529 5468 rdbss - ok
19:36:34.0532 5468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:36:34.0533 5468 rdpbus - ok
19:36:34.0535 5468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:34.0536 5468 RDPCDD - ok
19:36:34.0540 5468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:36:34.0541 5468 RDPENCDD - ok
19:36:34.0544 5468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:36:34.0545 5468 RDPREFMP - ok
19:36:34.0554 5468 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:36:34.0557 5468 RDPWD - ok
19:36:34.0567 5468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:36:34.0569 5468 rdyboost - ok
19:36:34.0575 5468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:36:34.0577 5468 RemoteAccess - ok
19:36:34.0584 5468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:36:34.0587 5468 RemoteRegistry - ok
19:36:34.0591 5468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:36:34.0593 5468 RpcEptMapper - ok
19:36:34.0595 5468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:36:34.0597 5468 RpcLocator - ok
19:36:34.0616 5468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:36:34.0619 5468 RpcSs - ok
19:36:34.0624 5468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:34.0626 5468 rspndr - ok
19:36:34.0641 5468 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:36:34.0647 5468 RTL8167 - ok
19:36:34.0650 5468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:34.0651 5468 SamSs - ok
19:36:34.0656 5468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:36:34.0658 5468 sbp2port - ok
19:36:34.0667 5468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:36:34.0671 5468 SCardSvr - ok
19:36:34.0674 5468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:34.0675 5468 scfilter - ok
19:36:34.0713 5468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:36:34.0729 5468 Schedule - ok
19:36:34.0736 5468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:36:34.0737 5468 SCPolicySvc - ok
19:36:34.0747 5468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:36:34.0751 5468 SDRSVC - ok
19:36:34.0758 5468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:36:34.0759 5468 secdrv - ok
19:36:34.0763 5468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:36:34.0765 5468 seclogon - ok
19:36:34.0771 5468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:36:34.0774 5468 SENS - ok
19:36:34.0778 5468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:36:34.0780 5468 SensrSvc - ok
19:36:34.0784 5468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:36:34.0785 5468 Serenum - ok
19:36:34.0791 5468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:36:34.0793 5468 Serial - ok
19:36:34.0797 5468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:36:34.0798 5468 sermouse - ok
19:36:34.0806 5468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:36:34.0809 5468 SessionEnv - ok
19:36:34.0811 5468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:36:34.0811 5468 sffdisk - ok
19:36:34.0814 5468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:34.0814 5468 sffp_mmc - ok
19:36:34.0816 5468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:36:34.0817 5468 sffp_sd - ok
19:36:34.0819 5468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:36:34.0820 5468 sfloppy - ok
19:36:34.0832 5468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:36:34.0836 5468 SharedAccess - ok
19:36:34.0848 5468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:36:34.0853 5468 ShellHWDetection - ok
19:36:34.0857 5468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:36:34.0858 5468 SiSRaid2 - ok
19:36:34.0863 5468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:36:34.0865 5468 SiSRaid4 - ok
19:36:34.0875 5468 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:36:34.0877 5468 SkypeUpdate - ok
19:36:34.0881 5468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:36:34.0883 5468 Smb - ok
19:36:34.0887 5468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:36:34.0889 5468 SNMPTRAP - ok
19:36:34.0892 5468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:36:34.0893 5468 spldr - ok
19:36:34.0912 5468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:36:34.0919 5468 Spooler - ok
19:36:35.0034 5468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:36:35.0075 5468 sppsvc - ok
19:36:35.0103 5468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:36:35.0105 5468 sppuinotify - ok
19:36:35.0125 5468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:36:35.0132 5468 srv - ok
19:36:35.0146 5468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:36:35.0151 5468 srv2 - ok
19:36:35.0159 5468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:35.0161 5468 srvnet - ok
19:36:35.0170 5468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:36:35.0174 5468 SSDPSRV - ok
19:36:35.0179 5468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:36:35.0181 5468 SstpSvc - ok
19:36:35.0185 5468 Steam Client Service - ok
19:36:35.0197 5468 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:36:35.0201 5468 Stereo Service - ok
19:36:35.0204 5468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:36:35.0205 5468 stexstor - ok
19:36:35.0224 5468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:36:35.0232 5468 stisvc - ok
19:36:35.0235 5468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:36:35.0236 5468 swenum - ok
19:36:35.0252 5468 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:36:35.0255 5468 SwitchBoard - ok
19:36:35.0271 5468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:36:35.0277 5468 swprv - ok
19:36:35.0329 5468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:36:35.0347 5468 SysMain - ok
19:36:35.0374 5468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:36:35.0376 5468 TabletInputService - ok
19:36:35.0382 5468 taphss (b70df208e97536ca9f29289e609f5b16) C:\Windows\system32\DRIVERS\taphss.sys
19:36:35.0383 5468 taphss - ok
19:36:35.0394 5468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:36:35.0398 5468 TapiSrv - ok
19:36:35.0403 5468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:36:35.0405 5468 TBS - ok
19:36:35.0456 5468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:36:35.0472 5468 Tcpip - ok
19:36:35.0543 5468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:35.0550 5468 TCPIP6 - ok
19:36:35.0577 5468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:36:35.0578 5468 tcpipreg - ok
19:36:35.0581 5468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:36:35.0582 5468 TDPIPE - ok
19:36:35.0585 5468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:36:35.0586 5468 TDTCP - ok
19:36:35.0591 5468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:36:35.0593 5468 tdx - ok
19:36:35.0597 5468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:36:35.0598 5468 TermDD - ok
19:36:35.0617 5468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:36:35.0625 5468 TermService - ok
19:36:35.0628 5468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:36:35.0630 5468 Themes - ok
19:36:35.0634 5468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:35.0635 5468 THREADORDER - ok
19:36:35.0640 5468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:36:35.0643 5468 TrkWks - ok
19:36:35.0649 5468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:36:35.0652 5468 TrustedInstaller - ok
19:36:35.0657 5468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:35.0658 5468 tssecsrv - ok
19:36:35.0662 5468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:36:35.0663 5468 TsUsbFlt - ok
19:36:35.0666 5468 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:36:35.0667 5468 TsUsbGD - ok
19:36:35.0725 5468 TuneUp.UtilitiesSvc (cee920754f45d846082422cfd21c4c45) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:36:35.0744 5468 TuneUp.UtilitiesSvc - ok
19:36:35.0749 5468 TuneUpUtilitiesDrv - ok
19:36:35.0781 5468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:35.0782 5468 tunnel - ok
19:36:35.0786 5468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:36:35.0788 5468 uagp35 - ok
19:36:35.0798 5468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:36:35.0802 5468 udfs - ok
19:36:35.0807 5468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:36:35.0809 5468 UI0Detect - ok
19:36:35.0813 5468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:36:35.0814 5468 uliagpkx - ok
19:36:35.0817 5468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:36:35.0819 5468 umbus - ok
19:36:35.0821 5468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:36:35.0822 5468 UmPass - ok
19:36:35.0887 5468 UNS (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:36:35.0897 5468 UNS - ok
19:36:35.0932 5468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:36:35.0937 5468 upnphost - ok
19:36:35.0945 5468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:35.0946 5468 usbccgp - ok
19:36:35.0952 5468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:36:35.0954 5468 usbcir - ok
19:36:35.0958 5468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:36:35.0959 5468 usbehci - ok
19:36:35.0971 5468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:36:35.0975 5468 usbhub - ok
19:36:35.0978 5468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:36:35.0979 5468 usbohci - ok
19:36:35.0982 5468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:36:35.0983 5468 usbprint - ok
19:36:35.0987 5468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:35.0988 5468 USBSTOR - ok
19:36:35.0991 5468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:36:35.0992 5468 usbuhci - ok
19:36:35.0995 5468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:36:35.0997 5468 UxSms - ok
19:36:36.0000 5468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:36.0001 5468 VaultSvc - ok
19:36:36.0003 5468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:36:36.0004 5468 vdrvroot - ok
19:36:36.0021 5468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:36:36.0028 5468 vds - ok
19:36:36.0031 5468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:36.0032 5468 vga - ok
19:36:36.0035 5468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:36:36.0036 5468 VgaSave - ok
19:36:36.0045 5468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:36:36.0048 5468 vhdmp - ok
19:36:36.0051 5468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:36:36.0052 5468 viaide - ok
19:36:36.0056 5468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:36:36.0057 5468 volmgr - ok
19:36:36.0070 5468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:36:36.0074 5468 volmgrx - ok
19:36:36.0085 5468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:36:36.0090 5468 volsnap - ok
19:36:36.0097 5468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:36:36.0099 5468 vsmraid - ok
19:36:36.0148 5468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:36:36.0164 5468 VSS - ok
19:36:36.0191 5468 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
19:36:36.0199 5468 vToolbarUpdater11.2.0 - ok
19:36:36.0228 5468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:36:36.0229 5468 vwifibus - ok
19:36:36.0242 5468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:36:36.0247 5468 W32Time - ok
19:36:36.0251 5468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:36:36.0252 5468 WacomPen - ok
19:36:36.0257 5468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:36.0259 5468 WANARP - ok
19:36:36.0261 5468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:36.0261 5468 Wanarpv6 - ok
19:36:36.0297 5468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:36.0308 5468 WatAdminSvc - ok
19:36:36.0359 5468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:36:36.0379 5468 wbengine - ok
19:36:36.0409 5468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:36:36.0413 5468 WbioSrvc - ok
19:36:36.0427 5468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:36:36.0433 5468 wcncsvc - ok
19:36:36.0437 5468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:36:36.0438 5468 WcsPlugInService - ok
19:36:36.0445 5468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:36:36.0446 5468 Wd - ok
19:36:36.0467 5468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:36:36.0475 5468 Wdf01000 - ok
19:36:36.0481 5468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:36.0483 5468 WdiServiceHost - ok
19:36:36.0485 5468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:36.0486 5468 WdiSystemHost - ok
19:36:36.0495 5468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:36:36.0499 5468 WebClient - ok
19:36:36.0508 5468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:36:36.0512 5468 Wecsvc - ok
19:36:36.0518 5468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:36:36.0521 5468 wercplsupport - ok
19:36:36.0527 5468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:36:36.0529 5468 WerSvc - ok
19:36:36.0535 5468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:36.0535 5468 WfpLwf - ok
19:36:36.0538 5468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:36:36.0539 5468 WIMMount - ok
19:36:36.0542 5468 WinDefend - ok
19:36:36.0546 5468 WinHttpAutoProxySvc - ok
19:36:36.0560 5468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:36:36.0563 5468 Winmgmt - ok
19:36:36.0625 5468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:36:36.0649 5468 WinRM - ok
19:36:36.0687 5468 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:36.0688 5468 WinUsb - ok
19:36:36.0721 5468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:36:36.0734 5468 Wlansvc - ok
19:36:36.0804 5468 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:36.0830 5468 wlidsvc - ok
19:36:36.0863 5468 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
19:36:36.0864 5468 WmBEnum - ok
19:36:36.0870 5468 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
19:36:36.0871 5468 WmFilter - ok
19:36:36.0875 5468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:36:36.0876 5468 WmiAcpi - ok
19:36:36.0892 5468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:36.0897 5468 wmiApSrv - ok
19:36:36.0901 5468 WMPNetworkSvc - ok
19:36:36.0907 5468 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
19:36:36.0908 5468 WmVirHid - ok
19:36:36.0914 5468 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
19:36:36.0916 5468 WmXlCore - ok
19:36:36.0919 5468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:36:36.0922 5468 WPCSvc - ok
19:36:36.0929 5468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:36:36.0932 5468 WPDBusEnum - ok
19:36:36.0935 5468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:36.0936 5468 ws2ifsl - ok
19:36:36.0942 5468 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:36:36.0944 5468 wscsvc - ok
19:36:36.0946 5468 WSearch - ok
19:36:37.0007 5468 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:36:37.0029 5468 wuauserv - ok
19:36:37.0063 5468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:36:37.0064 5468 WudfPf - ok
19:36:37.0071 5468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:37.0073 5468 WUDFRd - ok
19:36:37.0078 5468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:36:37.0080 5468 wudfsvc - ok
19:36:37.0089 5468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:36:37.0092 5468 WwanSvc - ok
19:36:37.0098 5468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:36:37.0174 5468 \Device\Harddisk1\DR1 - ok
19:36:37.0187 5468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:36:37.0188 5468 \Device\Harddisk0\DR0 - ok
19:36:37.0190 5468 Boot (0x1200) (489b16995979e36f33d41814aa55afdf) \Device\Harddisk1\DR1\Partition0
19:36:37.0191 5468 \Device\Harddisk1\DR1\Partition0 - ok
19:36:37.0194 5468 Boot (0x1200) (4541d4dfc15600735267a88fe982808a) \Device\Harddisk1\DR1\Partition1
19:36:37.0195 5468 \Device\Harddisk1\DR1\Partition1 - ok
19:36:37.0204 5468 Boot (0x1200) (625be4946e07e76032951d1c382e21d2) \Device\Harddisk0\DR0\Partition0
19:36:37.0205 5468 \Device\Harddisk0\DR0\Partition0 - ok
19:36:37.0205 5468 ============================================================
19:36:37.0205 5468 Scan finished
19:36:37.0205 5468 ============================================================
19:36:37.0210 1468 Detected object count: 0
19:36:37.0210 1468 Actual detected object count: 0


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 19:42:47
-----------------------------
19:42:47.286 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:47.286 Number of processors: 4 586 0x2A07
19:42:47.287 ComputerName: GAME-PC UserName:
19:42:47.513 Initialize success
19:42:50.608 AVAST engine defs: 12081200
19:42:55.784 The log file has been saved successfully to "d:\Documents\Desktop\aswMBR.txt"
19:43:08.757 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:43:08.758 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
19:43:08.761 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-7
19:43:08.762 Disk 1 Vendor: OCZ-AGILITY3 2.15 Size: 114473MB BusType: 3
19:43:08.767 Disk 1 MBR read successfully
19:43:08.768 Disk 1 MBR scan
19:43:08.771 Disk 1 Windows 7 default MBR code
19:43:08.773 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:08.776 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
19:43:08.782 Disk 1 scanning C:\Windows\system32\drivers
19:43:11.599 Service scanning
19:43:18.206 Modules scanning
19:43:18.534 Disk 1 trace - called modules:
19:43:18.540 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:43:18.543 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80074f0060]
19:43:18.546 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80072eda20]
19:43:18.549 5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-7[0xfffffa80072ec680]
19:43:18.737 AVAST engine scan C:\Windows
19:43:19.643 AVAST engine scan C:\Windows\system32
19:44:15.946 AVAST engine scan C:\Windows\system32\drivers
19:44:18.452 AVAST engine scan C:\Users\Eigenaar
19:45:17.329 AVAST engine scan C:\ProgramData
19:45:26.823 Scan finished successfully
19:46:49.510 Disk 1 MBR has been saved successfully to "d:\Documents\Desktop\MBR.dat"
19:46:49.513 The log file has been saved successfully to "d:\Documents\Desktop\aswMBR.txt"

anything else?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 12 August 2012 - 01:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Eigenaar\AppData\Roaming\ParetoLogic
c:\users\Eigenaar\AppData\Roaming\DriverCure
c:\programdata\ParetoLogic
c:\users\Eigenaar\AppData\Roaming\Myleo
c:\users\Eigenaar\AppData\Roaming\Ohar
c:\program files (x86)\uTorrentBar_NL

DDS::
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=060612_8_&babsrc=HP_ss&mntrId=5ad3bd790000000000008c89a552a616
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851

FireFox::
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 12 August 2012 - 02:38 PM

ComboFix 12-08-10.02 - Eigenaar 12-08-2012 21:26:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8161.5707 [GMT 2:00]
Gestart vanuit: d:\documents\Desktop\ComboFix.exe
gebruikte Opdracht switches :: d:\documents\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentBar_NL
c:\program files (x86)\uTorrentBar_NL\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar_NL\ldrtbuTor.dll
c:\program files (x86)\uTorrentBar_NL\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
c:\program files (x86)\uTorrentBar_NL\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar_NL\tbuTor.dll
c:\program files (x86)\uTorrentBar_NL\toolbar.cfg
c:\program files (x86)\uTorrentBar_NL\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar_NL\uninstall.exe
c:\program files (x86)\uTorrentBar_NL\uTorrentBar_NLToolbarHelper.exe
c:\programdata\ParetoLogic
c:\programdata\windows
c:\programdata\Windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
c:\users\Eigenaar\AppData\Roaming\DriverCure
c:\users\Eigenaar\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Eigenaar\AppData\Roaming\Myleo
c:\users\Eigenaar\AppData\Roaming\Ohar
c:\users\Eigenaar\AppData\Roaming\Ohar\echi.hez
c:\users\Eigenaar\AppData\Roaming\ParetoLogic
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))
.
.
2012-08-12 19:29 . 2012-08-12 19:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-12 19:29 . 2012-08-12 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 14:57 . 2012-08-12 15:00 -------- d-----w- c:\program files\Core Temp
2012-08-12 14:57 . 2012-08-12 14:57 -------- d-----w- c:\program files (x86)\Ask.com
2012-08-11 15:46 . 2012-08-11 15:46 -------- d-----w- c:\users\Eigenaar\AppData\Local\SCE
2012-08-11 15:46 . 2012-08-11 15:46 -------- d-----w- C:\Crash
2012-08-11 09:37 . 2012-08-11 11:33 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\IObit
2012-08-11 09:17 . 2012-08-11 09:17 -------- d-----w- c:\program files\CCleaner
2012-08-11 08:52 . 2012-08-11 08:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-11 08:29 . 2012-08-11 08:29 -------- d-----w- c:\windows\Sun
2012-08-08 11:58 . 2012-08-08 11:58 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-08-07 19:06 . 2012-08-08 08:01 -------- d-----w- c:\users\Eigenaar\AppData\Local\MadCompany
2012-08-07 09:39 . 2012-08-07 09:40 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-07 09:29 . 2012-08-07 09:30 -------- d-----w- c:\users\empireviews
2012-08-05 16:55 . 2012-08-05 16:55 -------- d-----w- c:\users\Eigenaar\AppData\Local\Chromium
2012-08-05 16:20 . 2012-08-05 16:20 -------- d-----w- c:\programdata\Rockstar Games
2012-08-05 15:57 . 2012-08-05 15:57 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-08-04 10:00 . 2012-08-05 08:26 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Idake
2012-07-24 21:49 . 2012-08-11 18:42 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\.minecraft
2012-07-20 07:53 . 2012-07-20 07:53 -------- d-----w- c:\users\Eigenaar\AppData\Local\Macromedia
2012-07-20 07:53 . 2012-08-03 14:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 22:08 . 2012-07-17 22:08 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-15 18:04 . 2012-07-15 18:04 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2012-07-15 18:04 . 2012-07-15 18:04 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 18:04 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 18:18 . 2011-12-24 11:44 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-12 18:18 . 2011-12-24 10:03 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-12 18:15 . 2011-12-24 10:03 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-11 15:45 . 2011-12-24 10:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-03 14:02 . 2011-12-19 08:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 20:52 . 2011-12-19 12:31 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-09 15:06 . 2012-05-02 20:17 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-09 15:06 . 2012-05-02 20:17 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-09 15:06 . 2012-05-02 20:17 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-09 15:06 . 2012-05-02 20:17 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-19 20:54 . 2012-06-19 20:54 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 03:08 . 2012-07-11 20:53 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 20:46 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 20:46 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 20:46 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 20:46 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 20:46 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:46 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:46 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 06:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:03 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 20:51 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 20:51 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 20:51 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 20:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 20:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 20:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 20:51 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 20:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 20:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 20:51 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 20:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 20:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 20:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 20:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 20:51 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 20:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 20:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 20:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 20:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 20:46 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 20:46 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 20:46 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 20:46 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 20:46 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 20:46 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 20:46 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:46 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 20:46 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-29 15:28 . 2012-06-12 13:41 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 15:27 . 2012-06-12 13:41 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-05-29 15:27 . 2012-06-12 13:41 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-05-15 10:48 . 2012-06-08 17:17 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-08 17:17 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-08 17:17 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-08 17:17 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-08 17:17 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-08 17:17 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-08 17:17 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-08 17:17 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-08 17:17 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-08 17:17 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-08 17:17 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-08 17:17 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-08 17:17 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-08 17:17 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-08 17:17 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-08 17:17 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-08 17:17 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-06-08 17:17 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2011-12-25 15:11 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-12-25 15:11 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-12-25 15:11 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-12-25 15:11 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-12-25 15:11 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-12-25 15:11 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-12-25 15:11 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-25 15:11 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-25 15:11 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-12-25 15:12 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-12-25 15:12 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-12-25 15:12 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-12-25 15:12 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-08 17:17 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-12-25 15:12 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-12-25 15:12 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-12_09.28.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-12 09:04 . 2012-08-12 09:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-12 09:04 . 2012-08-12 09:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-08-12 09:30 47966 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-12 09:30 32570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-16 12:30 . 2012-08-12 09:30 10024 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4185700405-141721516-614881250-1000_UserData.bin
- 2011-12-16 12:30 . 2012-08-12 09:22 10024 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4185700405-141721516-614881250-1000_UserData.bin
+ 2012-08-12 19:30 . 2012-08-12 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 19:30 . 2012-08-12 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-12 09:28 . 2012-08-12 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-12 09:28 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-12 09:16 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-12 13:00 . 2012-08-12 15:23 743320 c:\windows\system32\perfh013.dat
- 2011-04-12 13:00 . 2012-08-12 09:26 743320 c:\windows\system32\perfh013.dat
- 2009-07-14 02:36 . 2012-08-12 09:26 652166 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-12 15:23 652166 c:\windows\system32\perfh009.dat
- 2011-04-12 13:00 . 2012-08-12 09:26 152436 c:\windows\system32\perfc013.dat
+ 2011-04-12 13:00 . 2012-08-12 15:23 152436 c:\windows\system32\perfc013.dat
- 2009-07-14 02:36 . 2012-08-12 09:26 121098 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-12 15:23 121098 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-12 19:29 418952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-12 09:28 418952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-12 14:57 . 2012-08-12 14:57 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
- 2009-07-14 04:54 . 2012-08-12 09:16 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 09:28 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-12 19:22 . 2012-08-12 19:22 7643136 c:\windows\Installer\2201f6b.msi
+ 2012-08-12 14:57 . 2012-08-12 14:57 3809280 c:\windows\Installer\12d3caf.msi
- 2011-12-20 09:51 . 2012-08-10 21:35 63082668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185700405-141721516-614881250-1000-8192.dat
+ 2011-12-20 09:51 . 2012-08-12 19:29 63082668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185700405-141721516-614881250-1000-8192.dat
+ 2011-12-20 09:51 . 2012-08-12 19:29 14107728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185700405-141721516-614881250-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 17:37 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HTC Sync Loader"="d:\programma's\HTC\htcUPCTLoader.exe" [2012-04-01 634880]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Malwarebytes' Anti-Malware"="d:\programma's\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="d:\programma's\Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Super-Charger"=c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R2 MBAMService;MBAMService;d:\programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 ALSysIO;ALSysIO;c:\users\Eigenaar\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-01 283200]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programma's\Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-12-18 66560]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 14:02]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 06:48]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-23 06:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\programma's\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\lk8gao36.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO-{87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
Toolbar-{87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-uTorrentBar_NL Toolbar - c:\program files (x86)\uTorrentBar_NL\uninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,28,9e,f4,65,11,24,87,ee,db,86,44,52,2f,f5,6d,e7,80,28,0c,78,6a,5b,
aa,90,79,e0,5c,e1,54,98,49,e9,d9,72,11,6b,54,35,4e,f2,ff,85,a0,e8,50,1f,7f,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
[HKEY_USERS\S-1-5-21-4185700405-141721516-614881250-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,cd,16,f4,18,16,2b,86,00,e9,22,3d,b7,0d,86,98,1c,c6,c8,ce,85,
27,54,04,cd,69,6a,90,68,90,61,91,18,ee,b4,bc,47,8f,79,e3,17,6d,91,f8,f7,2a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\YourFileDownloader\YourFileUpdater.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-12 21:31:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-12 19:31
ComboFix2.txt 2012-08-12 09:30
.
Pre-Run: 40.751.820.800 bytes beschikbaar
Post-Run: 40.629.481.472 bytes beschikbaar
.
- - End Of File - - 10071E08C29B6AAC058A6F4D26B11EA2



I have had no problems running this script, but it just looks like i ran combofix again it didnt look any differend than from the first time.
My pc is running the same as before I ran the script you gave me.
AVG didnt show me a warning for a while now.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 12 August 2012 - 03:07 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1 - Nederlands
Babylon toolbar on IE
BabylonObjectInstaller
Bing Bar
Java™ 6 Update 31
uTorrentBar_NL Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 13 August 2012 - 05:32 AM

hello gringo,
i probably have to type this fast,
i have a fake virus of the police (i know its fake because i have had it before) claiming that i download illegal music.
it sais that i have to pay money to unlock my pc.
i already had microsoft defender on my usb so im going to use that because that worked the last time i had the virus.
if i have done that i will give you the logs from mbam and hijackthis
i think its something like this: http://www.deletevirus.net/wp-content/uploads/2012/02/cyber_metropolitan_police_virus.jpg
but i have a dutch version.
greets, kpro

#12 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 13 August 2012 - 07:58 AM

well windows defender offline was the name of the software, didnt delete it, i can use my pc by turning it off (using ctrl, alt, del) and then click cancel very fast, the locked screen will disappear, but i have to do this every time i start my pc.
now im going to try your instructions.
hope i dont have to restart my pc too often

#13 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 13 August 2012 - 08:23 AM

wow mbam removed the fake police virus!
here is the log


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eigenaar :: GAME-PC [administrator]

13-8-2012 15:11:05
mbam-log-2012-08-13 (15-11-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240517
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\syshost32 (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5AD3BD7979A111 (Trojan.Agent.RNSGen) -> Data: C:\ProgramData\5AD3BD7979A111\5AD3BD7979A111.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5AD3BD7979A111 (Trojan.Agent.RNSGen) -> Data: C:\ProgramData\5AD3BD7979A111\5AD3BD7979A111.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5AD3BD7979A48A (Trojan.Agent.RNSGen) -> Data: C:\ProgramData\5AD3BD7979A48A\5AD3BD7979A48A.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5AD3BD7979A48A (Trojan.Agent.RNSGen) -> Data: C:\ProgramData\5AD3BD7979A48A\5AD3BD7979A48A.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
D:\Documents\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Windows\Installer\{6ABB4102-51B5-683C-72F9-29D852C511A1}\syshost.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
D:\Documents\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Eigenaar\AppData\Roaming\twain.dll (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\ProgramData\5AD3BD7979A111\5AD3BD7979A111.exe (Trojan.Agent.RNSGen) -> Quarantined and deleted successfully.
C:\ProgramData\5AD3BD7979A48A\5AD3BD7979A48A.exe (Trojan.Agent.RNSGen) -> Quarantined and deleted successfully.

(end)




and here is the hijackthis.log




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:57, on 13-8-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
D:\Programma's\MSI Afterburner\Bundle\OSDServer\RTSS.exe
D:\Programma's\Hamachi\hamachi-2-ui.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
D:\Programma's\HTC\htcUPCTLoader.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
D:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
d:\Documents\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll (file missing)
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "D:\Programma's\HTC\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programma's\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programma's\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - Startup: Explorer.lnk = C:\ProgramData\5AD3BD7979A48A\5AD3BD7979A48A.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programma's\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programma's\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14093 bytes


im going to restart my pc again to make sure the fake police thing is gone :D
if i reply it is not gone, if i dont it didnt appear when i restarted

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 AM

Posted 13 August 2012 - 04:59 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HTC Sync Loader] "D:\Programma's\HTC\htcUPCTLoader.exe" -startup
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programma's\Hamachi\hamachi-2-ui.exe" --auto-start
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
      O4 - Startup: Explorer.lnk = C:\ProgramData\5AD3BD7979A48A\5AD3BD7979A48A.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kpro1996

kpro1996
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 14 August 2012 - 09:55 AM

these are the detected files by the scan:



C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\Installer\{b0c10cf9-f8b4-d52d-3513-f44da56b26e9}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
D:\Documents\Desktop\autosurfer\AutoSurfer.exe a variant of MSIL/Packed.CryptoObfuscator.D application
D:\Documents\Desktop\autosurfer\defaultSurfer.exe a variant of MSIL/Packed.CryptoObfuscator.C application
D:\Documents\Downloads\Anno_2070_CrackOnly-RELOADED.exe Win32/Adware.1ClickDownload.C application
D:\Documents\Downloads\AxCrypt-1.7.2867.0-Setup.exe Win32/OpenCandy application
D:\Documents\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application
D:\Documents\Downloads\DTLite4453-0297.exe Win32/OpenCandy application
D:\Documents\Downloads\installer_splitcam.exe Win32/Toggle application
D:\Documents\Downloads\installer_winzip.exe Win32/Toggle application
D:\Documents\Downloads\setup(1).exe Win32/Adware.Bundlore application
D:\Games\Half-Life 2 - Co-op\HALF-LIFE 2 - CO-OP CLIENT.EXE a variant of Win32/Packed.ExeScript.F trojan
D:\Games\Half-Life 2 - Co-op\HALF-LIFE 2 - DEATHMATCH.EXE a variant of Win32/Packed.ExeScript.F trojan
D:\Games\Max payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan


There wasnt a uninstall application and close button/checkmark so i just closed the window




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users