Solved Win64/Patched.A (service.exe) virus detected by AVG

Status
Not open for further replies.
Fritsje15

Fritsje15

Posts: 10   +0
Good afthernoon,

My name is Marcel and I am a student from the Netherlands.
Since 13th november my computer was infected with the Win64/Patched.A virus. Read 2 threads for the possible solution but there has been said there that the explanation in those threads are only for those situations. Try it for your on with no computer knowledge and your computer may be seriously damaged.
That is the reason I'm starting my own thread to ask for help because I need the computer for school (Studying technical engineering of built envirnoment).

With reading the two threads witch where started by d3tached and fmirza I've got the first information for you at hand. Started to sercure my personal file's and afther that scanning with Malware Bytes, Gmer and DDS.

Here are the log files.
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bobbie :: BOBBIE-PC [administrator]

Protection: Disabled

15-11-2012 13:34:17
mbam-log-2012-11-15 (13-34-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247319
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
--------------------------------------------------------------------------------------------------------------------------
Note from the "Files Detected". Run the program quick scan at least twice and these 3 file are always coming back. This is the second Log file. (mostly rust scans twice to insure the program works.)
---------------------------------------------------------------------------------------------------------------------------
No log file from the Gmer program
---------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.6.2
Run by Bobbie at 12:37:26 on 2012-11-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1043.18.4092.2513 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\taskeng.exe
C:\Users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S19A4.tmp" /EF "HKCU"
uRun: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBUE.EXE /FU "C:\Windows\TEMP\E_S7804.tmp" /EF "HKCU"
uRun: [Akamai NetSession Interface] "C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
StartupFolder: C:\Users\Bobbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bobbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\Bobbie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.32.1
TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE} : DHCPNameServer = 192.168.32.1
TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\3585535313347334632403 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\8616E6A756 : DHCPNameServer = 145.33.5.165 145.33.5.166
TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\D49627A616D60256E60225F6C616E646 : DHCPNameServer = 212.54.35.25 212.54.40.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\u8p2hyd8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={087238DB-E44C-4040-921D-3E5C71385097}&mid=985e720d24c239c398504d9d25a6a478-325164ceb524dd749c1d68696f99f8bc13c102b7&lang=nl&ds=AVG&pr=fr&d=2011-11-06 12:46:40&v=12.2.5.32&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bobbie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 30568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-30 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-3-23 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-15 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-15 676936]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-11 46136]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-27 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-15 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-23 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-23 36408]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SZASSIST;SecretZone Assist Service;"C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe" --> C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-14 947528]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-22 1436424]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-21 140712]
S3 leafnets;Leaf Networks Adapter;C:\Windows\System32\drivers\leafnets.sys [2011-5-26 29696]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-15 10:32:39 -------- d-----w- C:\Users\Bobbie\AppData\Roaming\Malwarebytes
2012-11-15 10:32:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-15 10:32:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-15 10:32:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-11 15:05:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-11 14:59:01 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-11 14:58:37 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-11-08 11:38:42 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:35:57 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-08 11:35:57 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-08 11:35:41 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-07 15:50:00 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-07 15:50:00 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-07 15:50:00 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-07 15:50:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-07 15:50:00 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-07 15:50:00 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-07 15:49:53 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-07 15:49:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-10-27 21:36:46 -------- d-----w- C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
2012-10-27 21:36:44 -------- d-----w- C:\Users\Bobbie\AppData\Roaming\Ubisoft
2012-10-27 21:35:19 -------- d-----w- C:\offlineserver-v0.2
2012-10-17 12:05:42 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-10-17 12:04:23 -------- d--h--w- C:\Users\Bobbie\InstallAnywhere
2012-10-17 11:53:24 -------- d-----w- C:\Program Files (x86)\GRAPHISOFT
.
==================== Find3M ====================
.
2012-11-08 12:43:57 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-08 11:38:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 18:55:35 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-12 18:55:33 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-28 11:08:36 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-28 11:08:33 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-28 11:08:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 13:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:37:37,97 ===============

And the last log. a file called "attach"

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24-4-2010 15:48:31
System Uptime: 15-11-2012 11:54:25 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3639
Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 151,801 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2,312 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0,095 GiB free.
F: is CDROM ()
H: is CDROM (CDFS)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Aangifte inkomstenbelasting 2011
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.5 MUI
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArchiCAD 15 R1 NED
ArchiCAD 16 NED
Artlantis Studio 4.1
Assassin's Creed Brotherhood
Assassin's Creed II
Atheros Driver Installation Program
ATI Catalyst Install Manager
µTorrent
AutoCAD Architecture 2011 - English
AutoCAD Architecture 2011 Language Pack - English
Autodesk Design Review 2013
Autodesk Design Review Browser Add-on v1.2
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Revit Architecture 2011 x64
Autodesk Revit Architecture 2011 x64 Update 1
AVG 2012
AVG Security Toolbar
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help English
Compatibiliteitspakket voor het 2007 Microsoft Office system
CutePDF Writer 2.8
CyberLink DVD Suite
DAEMON Tools Lite
Dropbox
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
EPSON-printersoftware
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Handboek
EPSON SX410 Series Printer Uninstall
FARO LS 1.1.406.58
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.9
Google Chrome
Google SketchUp 8.0 to ATL4 Exporter
Google SketchUp Pro 8
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IDT Audio
IrfanView (remove only)
iTunes
Java 7 Update 6
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 15 (64-bit)
Java(TM) 6 Update 30
Java(TM) SE Development Kit 6 Update 15 (64-bit)
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
LimeWire 5.5.8
Magic Desktop
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware versie 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 x64 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Works
Microsoft WSE 3.0 Runtime
Mirror's Edge™
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 16.0.2 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MusicStation
NVIDIA PhysX
PDF Settings
PES 2013
Picasa 3
Power2Go
PowerDirector
Premiumplay Codec-C
PunkBuster Services
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SimCity 4 Deluxe
Skype Click to Call
Skype™ 5.10
SpeedFan (remove only)
Spotify
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Test Drive Unlimited 2
Ubisoft Game Launcher
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Mobile-hulpbronnen
Windows Mobile Apparaatcentrum
Windows Mobile Device Center Driver Update
WinRAR
.
==== End Of File ===========================
I will do anything necessarily to get this virus of my computer.
And at last, Thank you in advance for all the help you will give me.

Greeting from Holland.
 
With reading the steps in various threads I have found out the following:

Two log files from the Farbar Recovery Scan tool:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 15-11-2012 14:59:52
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-11-27] (Sun Microsystems, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [294912 2010-10-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-29] ()
HKU\bob\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\bob\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\Bobbie\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Bobbie\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Bobbie\...\Run: [Google Update] "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-25] (Google Inc.)
HKU\Bobbie\...\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S19A4.tmp" /EF "HKCU" [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\Bobbie\...\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUE.EXE /FU "C:\Windows\TEMP\E_S7804.tmp" /EF "HKCU" [139264 2006-07-03] (SEIKO EPSON CORPORATION)
HKU\Bobbie\...\Run: [Akamai NetSession Interface] "C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Bobbie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Bobbie\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Bobbie\...\Policies\system: [DisableLockWorkstation] 0
HKU\Bobbie\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.32.1

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)
3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-12] (Autodesk, Inc.)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-17] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-12] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
2 SZASSIST; "C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe" [x]

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-30] (DT Soft Ltd)
3 leafnets; C:\Windows\System32\Drivers\leafnets.sys [29696 2011-05-26] (Leaf Networks)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-04-27] (Duplex Secure Ltd.)
3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [x]
3 mdf16; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]
3 mvd22; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]
3 WPRO_41_1742; C:\Windows\System32\drivers\WPRO_41_1742.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-15 14:59 - 2012-11-15 14:59 - 00000000 ____D C:\FRST
2012-11-15 04:33 - 2012-11-15 04:33 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-15 04:33 - 2012-11-15 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 04:33 - 2012-09-29 10:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-15 03:34 - 2012-11-15 03:37 - 00027942 ____A C:\Users\Bobbie\Desktop\dds.txt
2012-11-15 03:34 - 2012-11-15 03:37 - 00011988 ____A C:\Users\Bobbie\Desktop\attach.txt
2012-11-15 03:33 - 2012-11-15 03:33 - 00688901 ____R (Swearware) C:\Users\Bobbie\Desktop\dds.com
2012-11-15 02:58 - 2012-11-15 02:58 - 00302592 ____A C:\Users\Bobbie\Desktop\ndjz3z85.exe
2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Malwarebytes
2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-15 02:25 - 2012-11-15 02:26 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Bobbie\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-14 05:46 - 2012-11-14 05:46 - 00007680 __ASH C:\Users\Bobbie\Documents\Thumbs.db
2012-11-11 07:05 - 2012-11-11 07:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-11 06:58 - 2012-11-11 06:58 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-08 03:38 - 2012-11-08 03:38 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-08 03:38 - 2012-11-08 03:38 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-08 03:35 - 2012-11-08 03:35 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-11-08 03:35 - 2012-11-08 03:35 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-08 03:35 - 2012-11-08 03:35 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-08 03:35 - 2012-11-08 03:35 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-08 03:29 - 2012-11-08 03:29 - 00027520 ____A C:\Users\Bobbie\AppData\Local\dt.dat
2012-10-28 13:05 - 2012-10-29 04:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-27 13:36 - 2012-10-27 13:37 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
2012-10-27 13:36 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Ubisoft
2012-10-27 13:35 - 2012-10-27 13:35 - 00000000 ____D C:\offlineserver-v0.2
2012-10-27 12:41 - 2012-10-27 12:41 - 00605417 ____A C:\acadminidump.dmp
2012-10-27 12:41 - 2012-10-27 12:41 - 00000000 ____A C:\Users\Bobbie\Documents\acad.err
2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-10-17 04:09 - 2012-10-17 04:09 - 00000000 ____D C:\Users\Bobbie\Documents\BIMx
2012-10-17 04:05 - 2012-10-17 04:05 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2012-10-17 04:04 - 2012-10-17 04:04 - 00000000 ___HD C:\Users\Bobbie\InstallAnywhere
2012-10-17 03:53 - 2012-10-17 03:53 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT

==================== One Month Modified Files and Folders =======

2012-11-15 14:59 - 2012-11-15 14:59 - 00000000 ____D C:\FRST
2012-11-15 14:34 - 2010-06-08 11:09 - 00000000 ____D C:\Users\All Users\Recovery
2012-11-15 05:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-15 05:44 - 2009-07-13 20:51 - 00156073 ____A C:\Windows\setupact.log
2012-11-15 04:57 - 2010-04-25 02:34 - 00001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001UA.job
2012-11-15 04:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-15 04:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-15 04:45 - 2009-11-27 21:38 - 00748032 ____A C:\Windows\System32\perfh013.dat
2012-11-15 04:45 - 2009-11-27 21:38 - 00156924 ____A C:\Windows\System32\perfc013.dat
2012-11-15 04:45 - 2009-07-13 21:13 - 01663802 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-15 04:44 - 2010-10-13 01:20 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Dropbox
2012-11-15 04:43 - 2012-09-13 00:33 - 00000000 ___RD C:\Users\Bobbie\Dropbox
2012-11-15 04:41 - 2010-03-22 16:22 - 00245242 ____A C:\Windows\PFRO.log
2012-11-15 04:33 - 2012-11-15 04:33 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-15 04:33 - 2012-11-15 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 04:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-15 03:37 - 2012-11-15 03:34 - 00027942 ____A C:\Users\Bobbie\Desktop\dds.txt
2012-11-15 03:37 - 2012-11-15 03:34 - 00011988 ____A C:\Users\Bobbie\Desktop\attach.txt
2012-11-15 03:33 - 2012-11-15 03:33 - 00688901 ____R (Swearware) C:\Users\Bobbie\Desktop\dds.com
2012-11-15 02:58 - 2012-11-15 02:58 - 00302592 ____A C:\Users\Bobbie\Desktop\ndjz3z85.exe
2012-11-15 02:44 - 2010-04-24 05:48 - 00000000 ____D C:\users\Bobbie
2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Malwarebytes
2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-15 02:26 - 2012-11-15 02:25 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Bobbie\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-15 02:23 - 2010-11-14 03:09 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-15 02:23 - 2010-11-14 02:34 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-14 06:04 - 2011-08-11 11:08 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\dvdcss
2012-11-14 05:57 - 2010-04-25 02:34 - 00001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001Core.job
2012-11-14 05:46 - 2012-11-14 05:46 - 00007680 __ASH C:\Users\Bobbie\Documents\Thumbs.db
2012-11-14 05:00 - 2010-08-10 05:41 - 00000000 __RSD C:\Users\Bobbie\Documents\My Stationery
2012-11-14 04:58 - 2010-10-13 01:22 - 00000000 ___RD C:\Users\Bobbie\Documents\My Dropbox
2012-11-14 04:46 - 2012-04-14 12:04 - 00000000 ____D C:\Users\Bobbie\Documents\BACKUP groene usb
2012-11-14 03:50 - 2012-05-09 02:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-14 03:48 - 2012-01-23 01:46 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\uTorrent
2012-11-13 16:14 - 2012-09-04 12:14 - 00000000 ____D C:\Users\Bobbie\Documents\SimCity 4
2012-11-13 01:22 - 2010-04-26 08:56 - 00000000 ____D C:\Users\Bobbie\AppData\Local\CrashDumps
2012-11-13 01:17 - 2010-03-22 16:20 - 01248662 ____A C:\Windows\WindowsUpdate.log
2012-11-11 07:05 - 2012-11-11 07:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-11 06:58 - 2012-11-11 06:58 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-08 04:44 - 2011-12-07 11:21 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 04:44 - 2011-11-06 03:46 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-08 04:43 - 2012-08-29 05:12 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-08 03:41 - 2009-11-27 14:02 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-08 03:38 - 2012-11-08 03:38 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-08 03:38 - 2012-11-08 03:38 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-08 03:38 - 2011-08-03 05:16 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-08 03:35 - 2012-11-08 03:35 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-11-08 03:35 - 2012-11-08 03:35 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-08 03:35 - 2012-11-08 03:35 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-08 03:35 - 2012-11-08 03:35 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-08 03:35 - 2009-11-27 15:02 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-08 03:35 - 2009-11-27 15:02 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-08 03:29 - 2012-11-08 03:29 - 00027520 ____A C:\Users\Bobbie\AppData\Local\dt.dat
2012-11-07 10:48 - 2012-03-08 05:12 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForBOBBIE-PC$.job
2012-11-05 12:33 - 2010-10-18 03:07 - 00000000 ____D C:\Users\Bobbie\AppData\Local\CutePDF Writer
2012-11-01 06:58 - 2010-04-26 08:59 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-30 02:10 - 2012-02-22 01:57 - 00000000 ____D C:\Users\All Users\Skype
2012-10-29 04:04 - 2012-10-28 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-28 06:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-10-27 13:37 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
2012-10-27 13:36 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Ubisoft
2012-10-27 13:36 - 2012-10-12 10:58 - 00000000 ____D C:\Users\All Users\Ubisoft
2012-10-27 13:35 - 2012-10-27 13:35 - 00000000 ____D C:\offlineserver-v0.2
2012-10-27 13:26 - 2010-04-24 06:55 - 00465268 ____A C:\Windows\DirectX.log
2012-10-27 13:17 - 2012-10-12 10:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-10-27 13:17 - 2009-11-27 12:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-10-27 12:47 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\Graphisoft
2012-10-27 12:41 - 2012-10-27 12:41 - 00605417 ____A C:\acadminidump.dmp
2012-10-27 12:41 - 2012-10-27 12:41 - 00000000 ____A C:\Users\Bobbie\Documents\acad.err
2012-10-24 03:19 - 2012-04-04 10:42 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Akamai
2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-10-17 04:10 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Graphisoft
2012-10-17 04:09 - 2012-10-17 04:09 - 00000000 ____D C:\Users\Bobbie\Documents\BIMx
2012-10-17 04:08 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Graphisoft
2012-10-17 04:05 - 2012-10-17 04:05 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2012-10-17 04:04 - 2012-10-17 04:04 - 00000000 ___HD C:\Users\Bobbie\InstallAnywhere
2012-10-17 03:53 - 2012-10-17 03:53 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT
2012-10-17 03:53 - 2012-07-04 00:46 - 00000000 ____D C:\Program Files\Graphisoft
2012-10-17 03:53 - 2011-10-02 03:18 - 00014882 ____A C:\Windows\vpd.properties
2012-10-17 03:53 - 2011-10-02 03:07 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Install.GS
2012-10-16 21:28 - 2010-07-27 05:26 - 00000000 ____D C:\users\bob
2012-10-16 21:28 - 2010-03-23 01:08 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-10-16 21:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-10-16 21:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat


ZeroAccess:
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\00000004.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\201d3dde
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\55490ac4
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000004.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000000.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@
C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-15 04:22:20

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4092.2 MB
Available physical RAM: 3369.95 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3361.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:283.82 GB) (Free:151.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.97 GB) (Free:2.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive I: () (Removable) (Total:14.92 GB) (Free:14.91 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 283 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 26 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-11-15 04:15

==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-15 15:01:56
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    326 bytes · Views: 8
Done the test, here are the results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-15 19:52:43 Run:1
Running from I:\

==============================================

C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Allright I will do these steps If they get the virus of the computer. Thank you so much for helping me already this much. I don't know how I can thank you more.
A question outside of the virus. What does all the programs do ? besides from reading my computer files and testing which is a good or bad file. Could you explane what Combo Fix does ?

Great thanks, Fritsje15
 
ComboFix 12-11-16.02 - Bobbie 16-11-2012 20:36:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1043.18.4092.2746 [GMT 1:00]
Running from: c:\users\Bobbie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 19:09 . 2012-11-16 19:09 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 22:59 . 2012-11-15 22:59 -------- d-----w- C:\FRST
2012-11-15 16:52 . 2012-11-15 16:52 388096 ----a-r- c:\users\Bobbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-15 16:52 . 2012-11-15 16:52 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-15 12:33 . 2012-11-15 12:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-15 12:33 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-15 10:32 . 2012-11-15 10:32 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Malwarebytes
2012-11-15 10:32 . 2012-11-15 10:32 -------- d-----w- c:\programdata\Malwarebytes
2012-11-11 15:05 . 2012-11-11 15:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-11 14:59 . 2012-11-11 14:59 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-11 14:58 . 2012-11-11 14:58 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-11-08 11:38 . 2012-11-08 11:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:38 . 2012-11-08 11:38 -------- d-----w- c:\windows\system32\Macromed
2012-11-08 11:35 . 2012-11-08 11:35 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-08 11:35 . 2012-11-08 11:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-08 11:35 . 2012-11-08 11:35 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-08 11:35 . 2012-11-08 11:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-07 15:50 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-07 15:50 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-07 15:50 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-07 15:50 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-07 15:50 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-07 15:50 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-07 15:49 . 2012-11-07 15:49 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-07 15:49 . 2012-11-07 15:49 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-10-27 21:36 . 2012-10-27 21:37 -------- d-----w- c:\users\Bobbie\AppData\Local\Ubisoft Game Launcher
2012-10-27 21:36 . 2012-10-27 21:36 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Ubisoft
2012-10-27 21:35 . 2012-10-27 21:35 -------- d-----w- C:\offlineserver-v0.2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 12:43 . 2012-08-29 13:12 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-08 11:38 . 2011-08-03 13:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-08 11:35 . 2009-11-27 23:02 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-08 11:35 . 2009-11-27 23:02 188904 ----a-w- c:\windows\system32\java.exe
2012-10-12 18:55 . 2012-10-12 18:55 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-12 18:55 . 2012-10-12 18:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-12 08:41 . 2010-04-26 18:51 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 10:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 09:57 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 09:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 09:57 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 09:57 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-28 11:08 . 2012-08-28 11:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-28 11:08 . 2012-08-28 11:09 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-28 11:08 . 2010-04-26 15:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 18:05 . 2012-10-10 09:56 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 09:56 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 11:15 . 2012-09-24 08:21 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 08:21 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 08:21 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 08:21 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 08:21 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 08:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 08:21 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 08:21 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 08:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 08:21 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 08:21 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 08:21 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 08:21 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 08:21 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 08:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 08:21 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 08:21 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 08:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 08:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 08:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 08:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 08:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 07:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:05 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 10:18 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 10:18 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 10:18 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 10:18 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 10:18 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 10:18 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 10:18 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 10:18 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 10:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 10:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 10:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 10:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 10:18 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 12:43 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
2012-07-09 16:46 351136 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-11 14:59 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Akamai NetSession Interface"="c:\users\Bobbie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
.
c:\users\Bobbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-19 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-04-27 867064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SZASSIST;SecretZone Assist Service;c:\program files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-22 1436424]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2011-05-26 29696]
R3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]
R3 mvd22;mvd22;c:\program files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-30 283200]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001Core.job
- c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 10:34]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001UA.job
- c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 10:34]
.
2012-11-07 c:\windows\Tasks\HPCeeScheduleForBOBBIE-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2012-11-16 c:\windows\Tasks\HPCeeScheduleForBobbie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 171520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Bobbie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: hanze.nl\.*
TCP: DhcpNameServer = 192.168.32.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\u8p2hyd8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={087238DB-E44C-4040-921D-3E5C71385097}&mid=985e720d24c239c398504d9d25a6a478-325164ceb524dd749c1d68696f99f8bc13c102b7&lang=nl&ds=AVG&pr=fr&d=2011-11-06 12:46&v=12.2.5.32&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Abvent_Skp8toATL3 - c:\program files (x86)\Google\Google SketchUp 8\Exporters\uninstall__Skp8_to_ATL4.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3004932586-2938293743-1826765973-1001\Software\SecuROM\License information*]
"datasecu"=hex:b4,84,97,ea,d5,db,9f,49,18,c8,d7,7a,6e,15,bb,86,f0,56,c2,1f,fe,
b4,9f,e5,0d,9d,72,8e,40,27,7a,34,97,48,1f,c3,e3,78,ed,c2,9d,e0,83,12,be,af,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-11-16 21:00:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-16 20:00
.
Pre-Run: 176.582.541.312 bytes beschikbaar
Post-Run: 177.515.569.152 bytes beschikbaar
.
- - End Of File - - 67800331EA52E5DE0C6B78FB997BE1E7
 
It is a private tool that scans for malware..that's all I'm allowed to say.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
18:27:02.0541 5212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:27:03.0275 5212 ============================================================
18:27:03.0275 5212 Current date / time: 2012/11/17 18:27:03.0275
18:27:03.0275 5212 SystemInfo:
18:27:03.0275 5212
18:27:03.0275 5212 OS Version: 6.1.7601 ServicePack: 1.0
18:27:03.0275 5212 Product type: Workstation
18:27:03.0275 5212 ComputerName: BOBBIE-PC
18:27:03.0290 5212 UserName: Bobbie
18:27:03.0290 5212 Windows directory: C:\Windows
18:27:03.0290 5212 System windows directory: C:\Windows
18:27:03.0290 5212 Running under WOW64
18:27:03.0290 5212 Processor architecture: Intel x64
18:27:03.0290 5212 Number of processors: 2
18:27:03.0290 5212 Page size: 0x1000
18:27:03.0290 5212 Boot type: Normal boot
18:27:03.0290 5212 ============================================================
18:27:06.0192 5212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:06.0207 5212 Drive \Device\Harddisk1\DR1 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:27:06.0207 5212 ============================================================
18:27:06.0207 5212 \Device\Harddisk0\DR0:
18:27:06.0270 5212 MBR partitions:
18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x237A5000
18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23809000, BlocksNum 0x1BF1800
18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:27:06.0270 5212 \Device\Harddisk1\DR1:
18:27:06.0270 5212 MBR partitions:
18:27:06.0270 5212 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
18:27:06.0270 5212 ============================================================
18:27:07.0206 5212 C: <-> \Device\Harddisk0\DR0\Partition2
18:27:07.0268 5212 D: <-> \Device\Harddisk0\DR0\Partition3
18:27:07.0284 5212 E: <-> \Device\Harddisk0\DR0\Partition4
18:27:07.0284 5212 ============================================================
18:27:07.0284 5212 Initialize success
18:27:07.0284 5212 ============================================================
18:28:08.0108 5188 ============================================================
18:28:08.0108 5188 Scan started
18:28:08.0108 5188 Mode: Manual; SigCheck; TDLFS;
18:28:08.0108 5188 ============================================================
18:28:16.0064 5188 ================ Scan system memory ========================
18:28:16.0064 5188 System memory - ok
18:28:16.0064 5188 ================ Scan services =============================
18:28:16.0314 5188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:28:16.0439 5188 1394ohci - ok
18:28:16.0485 5188 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:28:16.0563 5188 Accelerometer - ok
18:28:16.0595 5188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:28:16.0626 5188 ACPI - ok
18:28:16.0641 5188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:28:16.0766 5188 AcpiPmi - ok
18:28:16.0844 5188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:16.0891 5188 adp94xx - ok
18:28:17.0156 5188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:28:17.0172 5188 adpahci - ok
18:28:17.0203 5188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:28:17.0219 5188 adpu320 - ok
18:28:17.0281 5188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:28:17.0718 5188 AeLookupSvc - ok
18:28:18.0092 5188 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
18:28:18.0186 5188 AESTFilters - ok
18:28:18.0389 5188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:28:18.0467 5188 AFD - ok
18:28:18.0591 5188 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
18:28:18.0685 5188 AgereSoftModem - ok
18:28:18.0747 5188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:28:18.0779 5188 agp440 - ok
18:28:19.0902 5188 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
18:28:19.0902 5188 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
18:28:19.0902 5188 Akamai ( HiddenFile.Multi.Generic ) - warning
18:28:19.0902 5188 Akamai - detected HiddenFile.Multi.Generic (1)
18:28:19.0980 5188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:28:20.0027 5188 ALG - ok
18:28:20.0089 5188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:28:20.0105 5188 aliide - ok
18:28:20.0292 5188 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:28:20.0432 5188 AMD External Events Utility - ok
18:28:21.0009 5188 AMD FUEL Service - ok
18:28:21.0072 5188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:28:21.0087 5188 amdide - ok
18:28:21.0165 5188 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:28:21.0197 5188 amdiox64 - ok
18:28:21.0384 5188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:28:21.0524 5188 AmdK8 - ok
18:28:22.0538 5188 [ A29087680A1C3B049E3C05438E8FF2B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:28:22.0757 5188 amdkmdag - ok
18:28:22.0975 5188 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:28:22.0991 5188 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
18:28:22.0991 5188 amdkmdap - detected UnsignedFile.Multi.Generic (1)
18:28:23.0084 5188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:28:23.0115 5188 AmdPPM - ok
18:28:23.0303 5188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:28:23.0318 5188 amdsata - ok
18:28:23.0459 5188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:23.0474 5188 amdsbs - ok
18:28:23.0521 5188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:28:23.0537 5188 amdxata - ok
18:28:23.0615 5188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:28:23.0864 5188 AppID - ok
18:28:23.0911 5188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:28:23.0973 5188 AppIDSvc - ok
18:28:24.0036 5188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:28:24.0098 5188 Appinfo - ok
18:28:24.0207 5188 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:24.0207 5188 Apple Mobile Device - ok
18:28:24.0270 5188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:28:24.0285 5188 arc - ok
18:28:24.0301 5188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:28:24.0317 5188 arcsas - ok
18:28:24.0441 5188 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:28:24.0457 5188 aspnet_state - ok
18:28:24.0519 5188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:24.0566 5188 AsyncMac - ok
18:28:24.0613 5188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:28:24.0613 5188 atapi - ok
18:28:24.0675 5188 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:28:24.0753 5188 athr - ok
18:28:24.0800 5188 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
18:28:24.0816 5188 AtiHdmiService - ok
18:28:25.0003 5188 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:28:25.0081 5188 atikmdag - ok
18:28:25.0143 5188 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:28:25.0159 5188 AtiPcie - ok
18:28:25.0206 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:25.0253 5188 AudioEndpointBuilder - ok
18:28:25.0268 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:28:25.0315 5188 AudioSrv - ok
18:28:25.0393 5188 [ 916ADB4B96365A4374D0933468533049 ] Autodesk Network Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
18:28:25.0440 5188 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:28:25.0440 5188 Autodesk Network Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:28:25.0799 5188 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:28:25.0830 5188 AVG Security Toolbar Service - ok
18:28:26.0703 5188 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:28:26.0891 5188 AVGIDSAgent - ok
18:28:27.0140 5188 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:28:27.0218 5188 AVGIDSDriver - ok
18:28:27.0296 5188 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:28:27.0312 5188 AVGIDSFilter - ok
18:28:27.0468 5188 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:28:27.0483 5188 AVGIDSHA - ok
18:28:27.0593 5188 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:28:27.0608 5188 Avgldx64 - ok
18:28:27.0686 5188 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:28:27.0702 5188 Avgmfx64 - ok
18:28:27.0827 5188 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:28:27.0858 5188 Avgrkx64 - ok
18:28:27.0998 5188 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:28:28.0014 5188 Avgtdia - ok
18:28:28.0092 5188 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
18:28:28.0123 5188 avgtp - ok
18:28:28.0154 5188 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:28:28.0170 5188 avgwd - ok
18:28:28.0217 5188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:28:28.0295 5188 AxInstSV - ok
18:28:28.0388 5188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:28.0466 5188 b06bdrv - ok
18:28:28.0529 5188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:28.0575 5188 b57nd60a - ok
18:28:28.0653 5188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:28:28.0700 5188 BDESVC - ok
18:28:28.0731 5188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:28:28.0794 5188 Beep - ok
18:28:28.0903 5188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:28:28.0965 5188 BFE - ok
18:28:29.0043 5188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:28:29.0309 5188 BITS - ok
18:28:29.0449 5188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:29.0574 5188 blbdrive - ok
18:28:29.0714 5188 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:28:29.0730 5188 Bonjour Service - ok
18:28:29.0777 5188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:28:29.0839 5188 bowser - ok
18:28:29.0964 5188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:30.0167 5188 BrFiltLo - ok
18:28:30.0198 5188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:30.0213 5188 BrFiltUp - ok
18:28:30.0260 5188 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:28:30.0416 5188 BridgeMP - ok
18:28:30.0494 5188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:28:30.0603 5188 Browser - ok
18:28:30.0681 5188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:28:30.0728 5188 Brserid - ok
18:28:30.0759 5188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:30.0806 5188 BrSerWdm - ok
18:28:30.0884 5188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:30.0978 5188 BrUsbMdm - ok
18:28:31.0009 5188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:31.0071 5188 BrUsbSer - ok
18:28:31.0103 5188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:31.0149 5188 BTHMODEM - ok
18:28:31.0212 5188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:28:31.0243 5188 bthserv - ok
18:28:31.0305 5188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:28:31.0337 5188 cdfs - ok
18:28:31.0539 5188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:28:31.0602 5188 cdrom - ok
18:28:31.0711 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:28:31.0789 5188 CertPropSvc - ok
18:28:31.0867 5188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:28:31.0883 5188 circlass - ok
18:28:31.0945 5188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:28:31.0992 5188 CLFS - ok
18:28:32.0319 5188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:32.0335 5188 clr_optimization_v2.0.50727_32 - ok
18:28:32.0522 5188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:32.0569 5188 clr_optimization_v2.0.50727_64 - ok
18:28:32.0772 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:32.0772 5188 clr_optimization_v4.0.30319_32 - ok
18:28:32.0787 5188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:32.0803 5188 clr_optimization_v4.0.30319_64 - ok
18:28:32.0850 5188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:32.0881 5188 CmBatt - ok
18:28:32.0928 5188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:28:32.0943 5188 cmdide - ok
18:28:33.0115 5188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:28:33.0193 5188 CNG - ok
18:28:33.0224 5188 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:28:33.0240 5188 Com4QLBEx - ok
18:28:33.0255 5188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:28:33.0271 5188 Compbatt - ok
18:28:33.0318 5188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:28:33.0349 5188 CompositeBus - ok
18:28:33.0365 5188 COMSysApp - ok
18:28:33.0380 5188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:33.0396 5188 crcdisk - ok
18:28:33.0536 5188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:28:33.0739 5188 CryptSvc - ok
18:28:33.0801 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:28:33.0848 5188 DcomLaunch - ok
18:28:33.0911 5188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:28:33.0957 5188 defragsvc - ok
18:28:34.0004 5188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:28:34.0067 5188 DfsC - ok
18:28:34.0129 5188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:28:34.0254 5188 Dhcp - ok
18:28:34.0285 5188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:28:34.0347 5188 discache - ok
18:28:34.0394 5188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:28:34.0410 5188 Disk - ok
18:28:34.0472 5188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:28:34.0519 5188 Dnscache - ok
18:28:34.0566 5188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:28:34.0644 5188 dot3svc - ok
18:28:34.0706 5188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:28:34.0784 5188 DPS - ok
18:28:34.0815 5188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:28:34.0831 5188 drmkaud - ok
18:28:34.0940 5188 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:28:34.0971 5188 dtsoftbus01 - ok
18:28:35.0018 5188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:28:35.0049 5188 DXGKrnl - ok
18:28:35.0081 5188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:28:35.0143 5188 EapHost - ok
18:28:35.0221 5188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:28:35.0299 5188 ebdrv - ok
18:28:35.0346 5188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:28:35.0361 5188 EFS - ok
18:28:35.0455 5188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:28:35.0658 5188 ehRecvr - ok
18:28:36.0048 5188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:28:36.0126 5188 ehSched - ok
18:28:36.0173 5188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:28:36.0204 5188 elxstor - ok
18:28:36.0235 5188 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
18:28:36.0282 5188 enecir - ok
18:28:36.0344 5188 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
18:28:36.0422 5188 EPSON_EB_RPCV4_01 - ok
18:28:36.0438 5188 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
18:28:36.0469 5188 EPSON_PM_RPCV4_01 - ok
18:28:36.0547 5188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:28:36.0594 5188 ErrDev - ok
18:28:36.0641 5188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:28:36.0687 5188 EventSystem - ok
18:28:36.0719 5188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:28:36.0765 5188 exfat - ok
18:28:36.0781 5188 ezSharedSvc - ok
18:28:36.0843 5188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:28:36.0906 5188 fastfat - ok
18:28:36.0968 5188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:28:37.0031 5188 Fax - ok
18:28:37.0062 5188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:28:37.0093 5188 fdc - ok
18:28:37.0140 5188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:28:37.0187 5188 fdPHost - ok
18:28:37.0249 5188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:28:37.0327 5188 FDResPub - ok
18:28:37.0374 5188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:28:37.0405 5188 FileInfo - ok
18:28:37.0468 5188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:28:37.0702 5188 Filetrace - ok
18:28:39.0605 5188 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:28:39.0854 5188 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:28:39.0854 5188 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:28:40.0728 5188 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:28:40.0853 5188 FLEXnet Licensing Service 64 - ok
18:28:40.0868 5188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:40.0900 5188 flpydisk - ok
18:28:40.0946 5188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:28:40.0962 5188 FltMgr - ok
18:28:41.0056 5188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:28:41.0087 5188 FontCache - ok
18:28:41.0149 5188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:41.0165 5188 FontCache3.0.0.0 - ok
18:28:41.0196 5188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:28:41.0196 5188 FsDepends - ok
18:28:41.0243 5188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:28:41.0258 5188 Fs_Rec - ok
18:28:41.0305 5188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:28:41.0336 5188 fvevol - ok
18:28:41.0336 5188 Fwleaf - ok
18:28:41.0368 5188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:41.0383 5188 gagp30kx - ok
18:28:41.0446 5188 [ 67CF4C2E7477B9A01DF07E38AF293414 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:28:41.0461 5188 GameConsoleService - ok
18:28:41.0524 5188 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:41.0539 5188 GEARAspiWDM - ok
18:28:41.0711 5188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:28:41.0773 5188 gpsvc - ok
18:28:41.0851 5188 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:28:41.0867 5188 gusvc - ok
18:28:41.0929 5188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:28:41.0976 5188 hcw85cir - ok
18:28:42.0070 5188 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:28:42.0085 5188 HdAudAddService - ok
18:28:42.0132 5188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:28:42.0163 5188 HDAudBus - ok
18:28:42.0210 5188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:42.0210 5188 HidBatt - ok
18:28:42.0272 5188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:28:42.0319 5188 HidBth - ok
18:28:42.0366 5188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:28:42.0382 5188 HidIr - ok
18:28:42.0413 5188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:28:42.0475 5188 hidserv - ok
18:28:42.0553 5188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:28:42.0569 5188 HidUsb - ok
18:28:42.0616 5188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:28:42.0662 5188 hkmsvc - ok
18:28:42.0694 5188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:28:42.0756 5188 HomeGroupListener - ok
18:28:42.0803 5188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:28:42.0818 5188 HomeGroupProvider - ok
18:28:42.0912 5188 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:28:42.0943 5188 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
18:28:42.0943 5188 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
18:28:42.0974 5188 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:28:42.0990 5188 hpdskflt - ok
18:28:43.0084 5188 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:28:43.0146 5188 HpqKbFiltr - ok
18:28:43.0271 5188 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:28:43.0318 5188 hpqwmiex - ok
18:28:43.0411 5188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:28:43.0427 5188 HpSAMD - ok
18:28:43.0474 5188 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
18:28:43.0489 5188 hpsrv - ok
18:28:43.0676 5188 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:28:43.0770 5188 HTCAND64 - ok
18:28:43.0832 5188 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
18:28:43.0848 5188 htcnprot - ok
18:28:43.0926 5188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:28:44.0004 5188 HTTP - ok
18:28:44.0051 5188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:28:44.0051 5188 hwpolicy - ok
18:28:44.0144 5188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:28:44.0160 5188 i8042prt - ok
18:28:44.0222 5188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:28:44.0238 5188 iaStorV - ok
18:28:44.0378 5188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:28:44.0410 5188 idsvc - ok
18:28:44.0956 5188 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:28:45.0143 5188 igfx - ok
18:28:45.0205 5188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:28:45.0221 5188 iirsp - ok
18:28:45.0346 5188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:28:45.0424 5188 IKEEXT - ok
18:28:45.0455 5188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:28:45.0455 5188 intelide - ok
18:28:45.0595 5188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:28:45.0673 5188 intelppm - ok
18:28:45.0767 5188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:28:45.0814 5188 IPBusEnum - ok
18:28:45.0954 5188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:46.0001 5188 IpFilterDriver - ok
18:28:46.0110 5188 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:28:46.0157 5188 iphlpsvc - ok
18:28:46.0204 5188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:28:46.0250 5188 IPMIDRV - ok
18:28:46.0297 5188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:28:46.0360 5188 IPNAT - ok
18:28:46.0469 5188 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:28:46.0484 5188 iPod Service - ok
18:28:46.0531 5188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:28:46.0672 5188 IRENUM - ok
18:28:46.0734 5188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:28:46.0750 5188 isapnp - ok
18:28:46.0812 5188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:28:46.0843 5188 iScsiPrt - ok
18:28:46.0921 5188 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:28:46.0984 5188 JMCR - ok
18:28:46.0999 5188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:28:47.0015 5188 kbdclass - ok
18:28:47.0077 5188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:28:47.0124 5188 kbdhid - ok
18:28:47.0155 5188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:28:47.0186 5188 KeyIso - ok
18:28:47.0233 5188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:28:47.0249 5188 KSecDD - ok
18:28:47.0296 5188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:28:47.0311 5188 KSecPkg - ok
18:28:47.0342 5188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:28:47.0374 5188 ksthunk - ok
18:28:47.0420 5188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:28:47.0483 5188 KtmRm - ok
18:28:47.0764 5188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:28:47.0888 5188 LanmanServer - ok
18:28:47.0935 5188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:48.0013 5188 LanmanWorkstation - ok
18:28:48.0076 5188 [ 83EC58ED3ACA5028919028667BABF490 ] leafnets C:\Windows\system32\DRIVERS\leafnets.sys
18:28:48.0154 5188 leafnets - ok
18:28:48.0232 5188 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:28:48.0232 5188 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:28:48.0232 5188 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:28:48.0310 5188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:28:48.0356 5188 lltdio - ok
18:28:48.0419 5188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:28:48.0466 5188 lltdsvc - ok
18:28:48.0481 5188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:28:48.0512 5188 lmhosts - ok
18:28:48.0559 5188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:48.0590 5188 LSI_FC - ok
18:28:48.0606 5188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:48.0622 5188 LSI_SAS - ok
18:28:48.0653 5188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:48.0668 5188 LSI_SAS2 - ok
18:28:48.0684 5188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:48.0700 5188 LSI_SCSI - ok
18:28:48.0746 5188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:28:48.0778 5188 luafv - ok
18:28:48.0856 5188 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:28:48.0871 5188 MBAMProtector - ok
18:28:48.0902 5188 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:28:48.0934 5188 MBAMScheduler - ok
18:28:49.0027 5188 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:28:49.0058 5188 MBAMService - ok
18:28:49.0168 5188 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:28:49.0183 5188 mcdbus - ok
18:28:49.0230 5188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:28:49.0277 5188 Mcx2Svc - ok
18:28:49.0308 5188 mdf16 - ok
18:28:49.0339 5188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:28:49.0355 5188 megasas - ok
18:28:49.0417 5188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:49.0448 5188 MegaSR - ok
18:28:49.0682 5188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:28:49.0714 5188 MMCSS - ok
18:28:49.0807 5188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:28:49.0885 5188 Modem - ok
18:28:49.0916 5188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:28:49.0979 5188 monitor - ok
18:28:50.0010 5188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:28:50.0026 5188 mouclass - ok
18:28:50.0057 5188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:28:50.0057 5188 mouhid - ok
18:28:50.0119 5188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:28:50.0119 5188 mountmgr - ok
18:28:50.0291 5188 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:28:50.0291 5188 MozillaMaintenance - ok
18:28:50.0369 5188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:28:50.0384 5188 mpio - ok
18:28:50.0431 5188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:28:50.0462 5188 mpsdrv - ok
18:28:50.0587 5188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:28:50.0665 5188 MpsSvc - ok
18:28:50.0728 5188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:28:50.0743 5188 MRxDAV - ok
18:28:50.0790 5188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:50.0868 5188 mrxsmb - ok
18:28:50.0915 5188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:50.0946 5188 mrxsmb10 - ok
 
18:28:51.0008 5188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:51.0040 5188 mrxsmb20 - ok
18:28:51.0086 5188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:28:51.0133 5188 msahci - ok
18:28:51.0180 5188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:28:51.0227 5188 msdsm - ok
18:28:51.0274 5188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:28:51.0289 5188 MSDTC - ok
18:28:51.0367 5188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:28:51.0398 5188 Msfs - ok
18:28:51.0445 5188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:28:51.0492 5188 mshidkmdf - ok
18:28:51.0570 5188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:28:51.0570 5188 msisadrv - ok
18:28:51.0710 5188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:28:51.0788 5188 MSiSCSI - ok
18:28:51.0788 5188 msiserver - ok
18:28:51.0851 5188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:28:51.0898 5188 MSKSSRV - ok
18:28:51.0913 5188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:52.0007 5188 MSPCLOCK - ok
18:28:52.0022 5188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:28:52.0085 5188 MSPQM - ok
18:28:52.0194 5188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:28:52.0225 5188 MsRPC - ok
18:28:52.0288 5188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:28:52.0303 5188 mssmbios - ok
18:28:52.0381 5188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:28:52.0412 5188 MSTEE - ok
18:28:52.0865 5188 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
18:28:53.0052 5188 msvsmon90 - ok
18:28:53.0099 5188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:53.0114 5188 MTConfig - ok
18:28:53.0146 5188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:28:53.0161 5188 Mup - ok
18:28:53.0161 5188 mvd22 - ok
18:28:53.0224 5188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:28:53.0286 5188 napagent - ok
18:28:53.0348 5188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:28:53.0380 5188 NativeWifiP - ok
18:28:53.0489 5188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:28:53.0520 5188 NDIS - ok
18:28:53.0551 5188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:53.0614 5188 NdisCap - ok
18:28:53.0645 5188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:53.0692 5188 NdisTapi - ok
18:28:53.0754 5188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:53.0785 5188 Ndisuio - ok
18:28:53.0832 5188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:53.0879 5188 NdisWan - ok
18:28:53.0926 5188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:28:53.0988 5188 NDProxy - ok
18:28:54.0050 5188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:28:54.0128 5188 NetBIOS - ok
18:28:54.0206 5188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:28:54.0269 5188 NetBT - ok
18:28:54.0269 5188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:28:54.0316 5188 Netlogon - ok
18:28:54.0394 5188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:28:54.0456 5188 Netman - ok
18:28:54.0565 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:54.0565 5188 NetMsmqActivator - ok
18:28:54.0581 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:54.0596 5188 NetPipeActivator - ok
18:28:54.0643 5188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:28:54.0721 5188 netprofm - ok
18:28:54.0752 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:54.0768 5188 NetTcpActivator - ok
18:28:54.0799 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:54.0815 5188 NetTcpPortSharing - ok
18:28:55.0361 5188 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:28:55.0564 5188 netw5v64 - ok
18:28:55.0595 5188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:55.0626 5188 nfrd960 - ok
18:28:55.0720 5188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:28:55.0766 5188 NlaSvc - ok
18:28:55.0798 5188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:28:55.0829 5188 Npfs - ok
18:28:55.0891 5188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:28:55.0954 5188 nsi - ok
18:28:55.0969 5188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:28:56.0016 5188 nsiproxy - ok
18:28:56.0141 5188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:28:56.0188 5188 Ntfs - ok
18:28:56.0234 5188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:28:56.0266 5188 Null - ok
18:28:56.0624 5188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:28:56.0640 5188 nvraid - ok
18:28:56.0702 5188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:28:56.0780 5188 nvstor - ok
18:28:56.0858 5188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:28:56.0874 5188 nv_agp - ok
18:28:57.0155 5188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:28:57.0186 5188 odserv - ok
18:28:57.0233 5188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:28:57.0248 5188 ohci1394 - ok
18:28:57.0264 5188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:57.0280 5188 ose - ok
18:28:57.0326 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:28:57.0420 5188 p2pimsvc - ok
18:28:57.0451 5188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:28:57.0482 5188 p2psvc - ok
18:28:57.0514 5188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:28:57.0545 5188 Parport - ok
18:28:57.0592 5188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:28:57.0607 5188 partmgr - ok
18:28:57.0732 5188 [ 5FBCC9EEEFACA3019D5BD5979618F298 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:28:57.0763 5188 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
18:28:57.0763 5188 PassThru Service - detected UnsignedFile.Multi.Generic (1)
18:28:57.0826 5188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:28:57.0872 5188 PcaSvc - ok
18:28:57.0904 5188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:28:57.0919 5188 pci - ok
18:28:57.0966 5188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:28:57.0966 5188 pciide - ok
18:28:58.0013 5188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:58.0028 5188 pcmcia - ok
18:28:58.0060 5188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:28:58.0091 5188 pcw - ok
18:28:58.0122 5188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:28:58.0200 5188 PEAUTH - ok
18:28:58.0465 5188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:28:58.0528 5188 PerfHost - ok
18:28:58.0668 5188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:28:58.0762 5188 pla - ok
18:28:58.0918 5188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:28:58.0964 5188 PlugPlay - ok
18:28:58.0996 5188 PnkBstrA - ok
18:28:59.0011 5188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:28:59.0027 5188 PNRPAutoReg - ok
18:28:59.0042 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:28:59.0058 5188 PNRPsvc - ok
18:28:59.0120 5188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:28:59.0198 5188 PolicyAgent - ok
18:28:59.0230 5188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:28:59.0292 5188 Power - ok
18:28:59.0386 5188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:28:59.0448 5188 PptpMiniport - ok
18:28:59.0479 5188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:28:59.0526 5188 Processor - ok
18:28:59.0573 5188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:28:59.0604 5188 ProfSvc - ok
18:28:59.0620 5188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:59.0651 5188 ProtectedStorage - ok
18:28:59.0791 5188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:28:59.0854 5188 Psched - ok
18:29:00.0025 5188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:29:00.0072 5188 ql2300 - ok
18:29:00.0088 5188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:00.0103 5188 ql40xx - ok
18:29:00.0119 5188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:29:00.0150 5188 QWAVE - ok
18:29:00.0166 5188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:29:00.0181 5188 QWAVEdrv - ok
18:29:00.0259 5188 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:29:00.0275 5188 RapiMgr - ok
18:29:00.0290 5188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:29:00.0353 5188 RasAcd - ok
18:29:00.0384 5188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:00.0431 5188 RasAgileVpn - ok
18:29:00.0446 5188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:29:00.0509 5188 RasAuto - ok
18:29:00.0540 5188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:00.0618 5188 Rasl2tp - ok
18:29:00.0634 5188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:29:00.0680 5188 RasMan - ok
18:29:00.0696 5188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:00.0758 5188 RasPppoe - ok
18:29:00.0774 5188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:29:00.0821 5188 RasSstp - ok
18:29:00.0868 5188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:29:00.0899 5188 rdbss - ok
18:29:00.0914 5188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:00.0946 5188 rdpbus - ok
18:29:00.0961 5188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:01.0024 5188 RDPCDD - ok
18:29:01.0070 5188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:29:01.0133 5188 RDPENCDD - ok
18:29:01.0164 5188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:29:01.0195 5188 RDPREFMP - ok
18:29:01.0242 5188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:29:01.0289 5188 RDPWD - ok
18:29:01.0336 5188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:29:01.0351 5188 rdyboost - ok
18:29:01.0382 5188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:29:01.0460 5188 RemoteAccess - ok
18:29:01.0492 5188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:29:01.0570 5188 RemoteRegistry - ok
18:29:01.0632 5188 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:29:01.0648 5188 RichVideo - ok
18:29:01.0663 5188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:29:01.0694 5188 RpcEptMapper - ok
18:29:01.0726 5188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:29:01.0757 5188 RpcLocator - ok
18:29:01.0804 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:29:01.0850 5188 RpcSs - ok
18:29:01.0882 5188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:29:01.0944 5188 rspndr - ok
18:29:01.0975 5188 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:29:02.0006 5188 RTL8167 - ok
18:29:02.0022 5188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:29:02.0038 5188 SamSs - ok
18:29:02.0084 5188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:29:02.0100 5188 sbp2port - ok
18:29:02.0131 5188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:29:02.0178 5188 SCardSvr - ok
18:29:02.0225 5188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:29:02.0287 5188 scfilter - ok
18:29:02.0334 5188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:29:02.0396 5188 Schedule - ok
18:29:02.0428 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:29:02.0474 5188 SCPolicySvc - ok
18:29:02.0552 5188 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:29:02.0584 5188 sdbus - ok
18:29:02.0630 5188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:29:02.0646 5188 SDRSVC - ok
18:29:02.0677 5188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:29:02.0740 5188 secdrv - ok
18:29:02.0771 5188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:29:02.0833 5188 seclogon - ok
18:29:02.0864 5188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:29:02.0896 5188 SENS - ok
18:29:02.0927 5188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:29:02.0974 5188 SensrSvc - ok
18:29:02.0989 5188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:29:03.0005 5188 Serenum - ok
18:29:03.0036 5188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:29:03.0052 5188 Serial - ok
18:29:03.0083 5188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:29:03.0114 5188 sermouse - ok
18:29:03.0161 5188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:29:03.0223 5188 SessionEnv - ok
18:29:03.0254 5188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:29:03.0270 5188 sffdisk - ok
18:29:03.0286 5188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:29:03.0301 5188 sffp_mmc - ok
18:29:03.0317 5188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:29:03.0364 5188 sffp_sd - ok
18:29:03.0379 5188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:03.0395 5188 sfloppy - ok
18:29:03.0426 5188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:29:03.0473 5188 SharedAccess - ok
18:29:03.0551 5188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:03.0598 5188 ShellHWDetection - ok
18:29:03.0629 5188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:03.0644 5188 SiSRaid2 - ok
18:29:03.0676 5188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:03.0691 5188 SiSRaid4 - ok
18:29:03.0863 5188 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:29:03.0925 5188 Skype C2C Service - ok
18:29:04.0034 5188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:29:04.0050 5188 SkypeUpdate - ok
18:29:04.0081 5188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:29:04.0144 5188 Smb - ok
18:29:04.0190 5188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:29:04.0206 5188 SNMPTRAP - ok
18:29:04.0253 5188 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
18:29:04.0253 5188 speedfan - ok
18:29:04.0268 5188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:29:04.0284 5188 spldr - ok
18:29:04.0331 5188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:29:04.0362 5188 Spooler - ok
18:29:04.0456 5188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:29:04.0534 5188 sppsvc - ok
18:29:04.0580 5188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:29:04.0612 5188 sppuinotify - ok
18:29:04.0690 5188 [ AA90A319BB067E0D149B4C95608C4B05 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:29:04.0721 5188 sptd - ok
18:29:04.0768 5188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:29:04.0799 5188 srv - ok
18:29:04.0846 5188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:29:04.0877 5188 srv2 - ok
18:29:04.0924 5188 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:29:04.0955 5188 SrvHsfHDA - ok
18:29:04.0986 5188 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:29:05.0048 5188 SrvHsfV92 - ok
18:29:05.0080 5188 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:29:05.0111 5188 SrvHsfWinac - ok
18:29:05.0126 5188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:29:05.0158 5188 srvnet - ok
18:29:05.0189 5188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:29:05.0236 5188 SSDPSRV - ok
18:29:05.0251 5188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:29:05.0282 5188 SstpSvc - ok
18:29:05.0392 5188 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
18:29:05.0423 5188 STacSV - ok
18:29:05.0454 5188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:29:05.0470 5188 stexstor - ok
18:29:05.0501 5188 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
18:29:05.0516 5188 STHDA - ok
18:29:05.0594 5188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:29:05.0626 5188 stisvc - ok
18:29:05.0672 5188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:29:05.0688 5188 swenum - ok
18:29:05.0704 5188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:29:05.0766 5188 swprv - ok
18:29:05.0828 5188 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:29:05.0844 5188 SynTP - ok
18:29:05.0922 5188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:29:05.0969 5188 SysMain - ok
18:29:06.0016 5188 SZASSIST - ok
18:29:06.0047 5188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:06.0094 5188 TabletInputService - ok
18:29:06.0125 5188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:29:06.0187 5188 TapiSrv - ok
18:29:06.0234 5188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:29:06.0265 5188 TBS - ok
18:29:06.0359 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:29:06.0406 5188 Tcpip - ok
18:29:06.0437 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:29:06.0484 5188 TCPIP6 - ok
18:29:06.0530 5188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:29:06.0593 5188 tcpipreg - ok
18:29:06.0624 5188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:29:06.0655 5188 TDPIPE - ok
18:29:06.0686 5188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:29:06.0718 5188 TDTCP - ok
18:29:06.0764 5188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:29:06.0796 5188 tdx - ok
18:29:06.0842 5188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:29:06.0858 5188 TermDD - ok
18:29:06.0874 5188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:29:06.0920 5188 TermService - ok
18:29:06.0952 5188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:29:06.0998 5188 Themes - ok
18:29:07.0030 5188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:29:07.0076 5188 THREADORDER - ok
18:29:07.0092 5188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:29:07.0154 5188 TrkWks - ok
18:29:07.0201 5188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:07.0232 5188 TrustedInstaller - ok
18:29:07.0279 5188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:07.0326 5188 tssecsrv - ok
18:29:07.0373 5188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:29:07.0388 5188 TsUsbFlt - ok
18:29:07.0451 5188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:29:07.0482 5188 tunnel - ok
18:29:07.0544 5188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:29:07.0560 5188 uagp35 - ok
18:29:07.0591 5188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:29:07.0669 5188 udfs - ok
18:29:07.0700 5188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:29:07.0841 5188 UI0Detect - ok
18:29:07.0888 5188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:29:07.0934 5188 uliagpkx - ok
18:29:08.0106 5188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:29:08.0153 5188 umbus - ok
18:29:08.0184 5188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:29:08.0231 5188 UmPass - ok
18:29:08.0246 5188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:29:08.0324 5188 upnphost - ok
18:29:08.0371 5188 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:29:08.0434 5188 USBAAPL64 - ok
18:29:08.0449 5188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:08.0480 5188 usbccgp - ok
18:29:08.0512 5188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:29:08.0527 5188 usbcir - ok
18:29:08.0543 5188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:29:08.0574 5188 usbehci - ok
18:29:08.0621 5188 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:29:08.0636 5188 usbfilter - ok
18:29:08.0683 5188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:29:08.0714 5188 usbhub - ok
18:29:08.0730 5188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:29:08.0746 5188 usbohci - ok
18:29:08.0777 5188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:29:08.0808 5188 usbprint - ok
18:29:08.0855 5188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:29:08.0886 5188 usbscan - ok
18:29:08.0902 5188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:08.0933 5188 USBSTOR - ok
18:29:08.0948 5188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:29:08.0980 5188 usbuhci - ok
18:29:09.0026 5188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:29:09.0073 5188 usbvideo - ok
18:29:09.0104 5188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:29:09.0151 5188 UxSms - ok
18:29:09.0182 5188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:29:09.0214 5188 VaultSvc - ok
18:29:09.0260 5188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:29:09.0276 5188 vdrvroot - ok
18:29:09.0323 5188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:29:09.0401 5188 vds - ok
18:29:09.0432 5188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:09.0479 5188 vga - ok
18:29:09.0541 5188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:29:09.0604 5188 VgaSave - ok
18:29:09.0666 5188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:29:09.0697 5188 vhdmp - ok
18:29:09.0994 5188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:29:10.0009 5188 viaide - ok
18:29:10.0056 5188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:29:10.0072 5188 volmgr - ok
18:29:10.0446 5188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:29:10.0477 5188 volmgrx - ok
18:29:10.0805 5188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:29:10.0883 5188 volsnap - ok
18:29:10.0945 5188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:11.0008 5188 vsmraid - ok
18:29:11.0117 5188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:29:11.0195 5188 VSS - ok
18:29:11.0756 5188 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
18:29:11.0788 5188 vToolbarUpdater13.2.0 - ok
18:29:11.0819 5188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:29:11.0866 5188 vwifibus - ok
18:29:11.0897 5188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:11.0928 5188 vwififlt - ok
18:29:11.0959 5188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:29:12.0006 5188 W32Time - ok
18:29:12.0037 5188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:29:12.0084 5188 WacomPen - ok
18:29:12.0146 5188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:29:12.0209 5188 WANARP - ok
18:29:12.0224 5188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:29:12.0256 5188 Wanarpv6 - ok
18:29:12.0380 5188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:12.0427 5188 WatAdminSvc - ok
18:29:12.0490 5188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:29:12.0583 5188 wbengine - ok
18:29:12.0614 5188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:29:12.0646 5188 WbioSrvc - ok
18:29:12.0755 5188 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:29:12.0786 5188 WcesComm - ok
18:29:12.0817 5188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:29:12.0864 5188 wcncsvc - ok
18:29:12.0895 5188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:12.0942 5188 WcsPlugInService - ok
18:29:12.0958 5188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:29:12.0973 5188 Wd - ok
18:29:13.0004 5188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:29:13.0036 5188 Wdf01000 - ok
18:29:13.0036 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:29:13.0129 5188 WdiServiceHost - ok
18:29:13.0129 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:29:13.0160 5188 WdiSystemHost - ok
18:29:13.0192 5188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:29:13.0238 5188 WebClient - ok
18:29:13.0270 5188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:29:13.0332 5188 Wecsvc - ok
18:29:13.0348 5188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:29:13.0410 5188 wercplsupport - ok
18:29:13.0441 5188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:29:13.0504 5188 WerSvc - ok
18:29:13.0582 5188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:13.0613 5188 WfpLwf - ok
18:29:13.0644 5188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:29:13.0660 5188 WIMMount - ok
18:29:13.0706 5188 WinDefend - ok
18:29:13.0706 5188 WinHttpAutoProxySvc - ok
18:29:13.0784 5188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:29:13.0862 5188 Winmgmt - ok
18:29:13.0956 5188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:29:14.0018 5188 WinRM - ok
18:29:14.0096 5188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:14.0143 5188 WinUsb - ok
18:29:14.0190 5188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:29:14.0237 5188 Wlansvc - ok
18:29:14.0284 5188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:29:14.0315 5188 WmiAcpi - ok
18:29:14.0330 5188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:29:14.0377 5188 wmiApSrv - ok
18:29:14.0424 5188 WMPNetworkSvc - ok
18:29:14.0440 5188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:29:14.0486 5188 WPCSvc - ok
18:29:14.0533 5188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:29:14.0549 5188 WPDBusEnum - ok
18:29:14.0596 5188 WPRO_41_1742 - ok
18:29:14.0658 5188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:29:14.0720 5188 ws2ifsl - ok
18:29:14.0752 5188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:29:14.0814 5188 wscsvc - ok
18:29:14.0814 5188 WSearch - ok
18:29:14.0908 5188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:29:14.0970 5188 wuauserv - ok
18:29:15.0001 5188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:29:15.0048 5188 WudfPf - ok
18:29:15.0095 5188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:15.0126 5188 WUDFRd - ok
18:29:15.0188 5188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:29:15.0220 5188 wudfsvc - ok
18:29:15.0251 5188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:29:15.0313 5188 WwanSvc - ok
18:29:15.0344 5188 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:29:15.0407 5188 yukonw7 - ok
18:29:15.0438 5188 ================ Scan global ===============================
18:29:15.0532 5188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:29:15.0656 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:29:15.0656 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:29:15.0750 5188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:29:16.0234 5188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:29:16.0280 5188 [Global] - ok
18:29:16.0280 5188 ================ Scan MBR ==================================
18:29:16.0546 5188 [ 9334FB84C8968921DC0DC2F1AE5FCCBF ] \Device\Harddisk0\DR0
18:29:17.0170 5188 \Device\Harddisk0\DR0 - ok
18:29:17.0170 5188 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:29:17.0372 5188 \Device\Harddisk1\DR1 - ok
18:29:17.0372 5188 ================ Scan VBR ==================================
18:29:17.0372 5188 [ 2008695E119700FAB53676139239E131 ] \Device\Harddisk0\DR0\Partition1
18:29:17.0372 5188 \Device\Harddisk0\DR0\Partition1 - ok
18:29:17.0404 5188 [ 8062341E3A666139BBF647F47FFA7B3A ] \Device\Harddisk0\DR0\Partition2
18:29:17.0404 5188 \Device\Harddisk0\DR0\Partition2 - ok
18:29:17.0435 5188 [ BADA6404B19022A297EF02402501FD07 ] \Device\Harddisk0\DR0\Partition3
18:29:17.0435 5188 \Device\Harddisk0\DR0\Partition3 - ok
18:29:17.0450 5188 [ 84C0C3F0F1B29AAE5C7D9AC4406581C0 ] \Device\Harddisk0\DR0\Partition4
18:29:17.0450 5188 \Device\Harddisk0\DR0\Partition4 - ok
18:29:17.0466 5188 [ C6EA60DAE249DEFBE6502EAB62E22840 ] \Device\Harddisk1\DR1\Partition1
18:29:17.0466 5188 \Device\Harddisk1\DR1\Partition1 - ok
18:29:17.0466 5188 ============================================================
18:29:17.0466 5188 Scan finished
18:29:17.0466 5188 ============================================================
18:29:17.0482 6064 Detected object count: 7
18:29:17.0482 6064 Actual detected object count: 7
18:30:29.0866 6064 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:30:29.0866 6064 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:30:29.0866 6064 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0866 6064 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:29.0881 6064 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0881 6064 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:29.0881 6064 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0881 6064 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:29.0881 6064 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0881 6064 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:29.0881 6064 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0881 6064 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:29.0881 6064 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:29.0881 6064 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:07.0346 3948 Deinitialize success
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Here we go again:
C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000000.@ Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined

Clever. First of all searching and get It on the map and then deleting with another program. I like the way you are handeling this

More issues: I don't know for how long but when the computer comes out of stand by mode and when I want to log in on the administrater account. I first have to go back to get the administrator and guest account page and then I can log in on the administrator account. It's not that bad but kinda annoying when It happens.
Further there are some moments at the games I play (PES 2013) and Sim city 4 It's just shuts off with no reason. The reason I can guess is that these games are not legit and for there the running programs an algorithms have been cracked to get them worked. (Got them for isohunt a torrent website).

For the rest the computer works fine.
Afther you've handled and taken care of the virus in my computer do you have any recommendations for a virus scanner (I do not really relay on AVG anymore As I seen how many virusses are in my computer).

Greetings from holland.
Fritsje15
 
That's normal for the log in screen. I used to deal with that all the time.

I don't have any support for cracked software. It's your own risk.


Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 30
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?
 
No, no more questions.
one remark: You're the best. I don't know what you did exactly but is off my computer and I am eternally gratefull.

I would recommend you above all of the computer specialist in my region. Thank you so much.

Greetings from holland
Fritsje15
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back